ALERT: Ransomware Impacting Pipeline Operations

The Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday responded to a cyber-attack affecting control and communication assets on the operational technology (OT) network of a natural gas compression facility.


The Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday responded to a cyber-attack affecting control and communication assets on the operational technology (OT) network of a natural gas compression facility.

A cyber threat actor used a Spearphishing Link [T1192] to obtain initial access to the organization’s information technology (IT) network before pivoting to its OT network.

The threat actor then deployed commodity ransomware to Encrypt Data for Impact [T1486] on both networks. Specific assets experiencing a Loss of Availability [T826] on the OT network included human machine interfaces (HMIs), data historians, and polling servers. Impacted assets were no longer able to read and aggregate real-time operational data reported from low-level OT devices, resulting in a partial Loss of View [T829] for human operators.

The attack did not impact any programmable logic controllers (PLCs) and at no point did the victim lose control of operations. Although the victim’s emergency response plan did not specifically consider cyberattacks, the decision was made to implement a deliberate and controlled shutdown to operations.

This lasted approximately two days, resulting in a Loss of Productivity and Revenue [T828], after which normal operations resumed. CISA is providing this Alert to help administrators and network defenders protect their organizations against this and similar ransomware attacks.

The technical details stated that the victim failed to implement robust segmentation between the IT and OT networks, which allowed the adversary to traverse the IT-OT boundary and disable assets on both networks.

Cell Phones and Accessories

The threat actor used commodity ransomware to compromise Windows-based assets on both the IT and OT networks. Assets impacted on the organization’s OT network included HMIs, data historians, and polling servers and because the attack was limited to Windows-based systems, PLCs responsible for directly reading and manipulating physical processes at the facility were not impacted.

The victim was able to obtain replacement equipment and load last-known-good configurations to facilitate the recovery process and all OT assets directly impacted by the attack were limited to a single geographic facility.

US-Cert.gov (February, 2020) Alert (AA20-049A)- Ransomware Impacting Pipeline Operations

Help a veteran in need by donating here.

Ohio Resident Charged with Operating Darknet-Based Bitcoin “Mixer,” which Laundered Over $300 Million

An Ohio man was arrested for his operation of Helix, a Darknet-based cryptocurrency laundering service.


“Helix” Laundered Bitcoin From Numerous Darknet Markets

An Ohio man was arrested for his operation of Helix, a Darknet-based cryptocurrency laundering service. 

In the three-count indictment unsealed Feb. 11 in the District of Columbia, Larry Harmon, 36, of Akron, Ohio, was charged with money laundering conspiracy, operating an unlicensed money transmitting business and conducting money transmission without a D.C. license.

According to the indictment, Harmon operated Helix from 2014 to 2017.  Helix functioned as a bitcoin “mixer” or “tumbler,” allowing customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin.  Helix was linked to and associated with “Grams,” a Darknet search engine also run by Harmon. 

Harmon advertised Helix to customers on the Darknet as a way to conceal transactions from law enforcement. 

Shop Amazon Gift Cards. Any Occasion. No Expiration.

“Helix allegedly laundered hundreds of millions of dollars of illicit narcotics proceeds and other criminal profits for Darknet users around the globe,” said Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division.  “This indictment underscores that seeking to obscure virtual currency transactions in this way is a crime, and that the Department can and will ensure that such crime doesn’t pay.”

“For those who seek to use Darknet-based cryptocurrency tumblers, these charges should serve as a reminder that law enforcement, through its partnerships and collaboration, will uncover illegal activity and charge those responsible for unlawful acts,” said U.S. Attorney Timothy J. Shea of the District of Columbia.

“The brazenness with which Helix operated should be the most appalling aspect of this operation to every day citizens.  There are bad actors and then there are criminals who facilitate hundreds of other crimes,” said Don Fort, Chief, IRS Criminal Investigation.  “The sole purpose of Harmon’s operation was to conceal criminal transactions from law enforcement on the Darknet, and because of our growing expertise in this area, he could not make good on that promise.  Working in tandem with other sites, he sought to be the ‘go-to’ money launderer on the Darknet, but our investigators once again played the role of criminal disrupters, unraveling the interlinked web from one tentacle to another.  We thank the Belizean authorities and other law enforcement agencies for their assistance on this case.”

Cell Phones and Accessories

“The perceived anonymity of cryptocurrency and the Darknet may appeal to criminals as a refuge to hide their illicit activity,” said Special Agent in Charge Timothy M. Dunham of the Criminal Division of the FBI Washington Field Office.  “However, as this arrest demonstrates, the FBI and our law enforcement partners are committed to bringing the illegal practices of money launderers and other financial criminals to light and to justice, regardless of whether they are using new technological means to carry out their schemes.”

The indictment alleges that Helix moved over 350,000 bitcoin – valued at over $300 million at the time of the transactions – on behalf of customers, with the largest volume coming from Darknet markets.  Helix partnered with the Darknet market AlphaBay to provide bitcoin laundering services for AlphaBay customers.  AlphaBay was one of the largest Darknet marketplaces in operation at the time that it was seized by law enforcement in July 2017.

The charges in the indictment are merely allegations, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law. 

The investigation was led by the IRS-CI and the FBI’s Washington Field Office with assistance from the Financial Crimes Enforcement Network.  The Department of Justice’s Office of International Affairs of the Criminal Division, the U.S. Attorney’s Office for the Northern District of Ohio, IRS Field Offices of Washington, D.C.; Cincinnati, Ohio; and Oakland, California; and the FBI’s Criminal Investigative Division and Field Offices of Cleveland, Ohio — Akron Resident Agency; Newark, New Jersey; and San Francisco, California — San Jose Resident Agency and the Department of State’s Diplomatic Security Service provided essential support for the operation.   

Internationally, the Belize Ministry of the Attorney General and the Belize National Police Department simultaneously executed a search warrant of a residence allegedly leased by Harmon in Belize as U.S. authorities executed warrants in the United States.  U.S. law enforcement agencies, coordinated by U.S. Embassy Belmopan, assisted in the Belize action.  “These actions underscore the vital importance of working closely with our law enforcement partners in Belize to make both of our countries safer and secure,” said U.S. Chargé d’Affaires, a.i. Keith Gilges.

Trial Attorneys S. Riane Harper and C. Alden Pelker of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Christopher B. Brown of the U.S. Attorney’s Office for the District of Columbia are prosecuting the case.  Additional assistance has been provided by Trial Attorneys Emily Siedell and Brian Nicholson of the Criminal Division’s Office of International Affairs, former CCIPS Trial Attorney W. Joss Nichols and Assistant U.S. Attorney Daniel Riedl of the Northern District of Ohio. 

Justice.gov (February, 2020) Ohio Resident Charged with Operating Darknet-Based Bitcoin “Mixer,” which Laundered Over $300 Million

Confronting the China Threat

China is threatening the U.S. economy—and national security—with its relentless efforts to steal sensitive technology and proprietary information from U.S. companies, academic institutions, and other organizations, FBI Director Christopher Wray said


Director Wray Says Whole-of-Society Response is Needed to Protect U.S. Economic and National Security

China is threatening the U.S. economy—and national security—with its relentless efforts to steal sensitive technology and proprietary information from U.S. companies, academic institutions, and other organizations, FBI Director Christopher Wray said on Thursday.

Wray described the threat from China as “diverse” and “multi-layered.” He noted that the Chinese government exploits the openness of the American economy and society.

“They’ve pioneered an expansive approach to stealing innovation through a wide range of actors,” Wray said during opening remarks at the half-day Department of Justice China Initiative Conference in Washington, D.C.

Wray told the audience that China is targeting everything from agricultural techniques to medical devices in its efforts to get ahead economically. While this is sometimes done legally, such as through company acquisitions, China often takes illegal approaches, including cyber intrusions and corporate espionage.

“They’ve shown that they’re willing to steal their way up the economic ladder at our expense,” he said.

Soffe Men’s 3 Pack-USA Poly Cotton Military Tee

The FBI is using traditional law enforcement techniques as well as its intelligence capabilities to combat these threats. He said the FBI currently has about 1,000 investigations into Chinese technology theft.

Just last month, a Harvard University professor was charged with lying about his contractual arrangement with China.

Wray also called for a whole-of-society response to these threats. He urged U.S. companies to carefully consider their supply lines and whether and how they do business with Chinese companies. While a partnership with a Chinese company may seem profitable today, a U.S. company may find themselves losing their intellectual property in the long run.

Additionally, U.S. universities should work to protect their foreign students from coercion from foreign governments, Wray said.

Wray noted, however, that these threats do not mean the U.S. shouldn’t welcome Chinese students or visitors.

“What it does mean is that when China violates our criminal laws and well-established international norms, we are not going to tolerate it, much less enable it,” he said. “The Department of Justice and the FBI are going to hold people accountable for that and protect our nation’s innovation and ideas.”

FBI.gov (February, 2020) Confronting the China Threat