Pavel Durov, the found and CEO of Telegram, pins the blame for DDoS attacks on Telegram on Beijing. He feels that the PRC government was attempting to disrupt the protests in Hong Kong, which were kicked off by an extradition law that has many worried about how far the law reaches. Civil rights activists have noted that extradition to China is not necessarily a “fair” prospect as their courts have a 99% conviction rates. IP addresses from the attackers primarily come from China, and those used in the past by state actors, however IP addresses from over 100 countries were reported. No group has come forward to take responsibility, and it is possible that a group outside of China chose to attack during the protests for unknown reasons however this seems less likely than a PRC based hacking group.
At its peak the attack direct 350 Gbps at Telegram servers that was sustained for 12 hours, meaning that 15,120,000 Gigabytes or roughly 4,582,800 copies of Avengers: Infinity War, were sent. There was an additional 120 Gbps for 6 six hours, or 1,571,245 copies of Infinity War, sent on a secondary channel used by Telegram. Telegram user’s service was degraded throughout the world and some may have experienced total loss of service inside Hong Kong.
Source: Telegram CEO Fingers China State Actors for DDoS Attack
Medical hardware represents a host of vulnerabilities, in the same way that Internet of Things (IoT) devices do but with potentially more risk. If your bank account is hacked, you may lose money which might bankrupt you. However, there are services to prevent that and insurance from your bank to assist you. When a pacemaker or other critical health hardware is hacked, there’s not as much support and the stakes are much higher. You might survive losing a few thousand dollars but you won’t recover from having life-sustaining machinery turned off. Becton, Dickinson, and Company (BDC) advised anyone using Alaris infusion pumps to update their firmware after discovering an exploit that allowed a horrifying amount of control over the devices. A successful attack would allow total control over the pump, the information it displays, and access to the hospital’s network. The pumps could be set to stop working entirely while displaying nothing wrong, falsifying their diagnostic and patient data, all while infecting every device in range. The vulnerability report noted that actually affecting such an attack is a low-probability event due to several hurdles such as getting access to the pump or the hospital’s network, understanding the language the pump uses, and configuring the pump itself.
However “you’d have to know a lot about what you’re hacking” isn’t a defense against an attack that could kill someone, and medical hardware companies need to be ever vigilant with regards to their security. WannaCry took advantage of the lax security found in hospitals, so there’s no reason to assume that there isn’t a hospital with Alaris pumps whose network has been compromised or can be compromised with relative ease. Understanding how the pump works may be difficult but an attacker could purchase one beforehand and practice one of it. After all, if someone will pay thousands to have their computer back after it’s been infected with ransomware…what would they pay to save their loved one’s lives?
Source: Flaw in Alaris medical devices exposes infusion pumps to possible sabotage
