Israeli TV says blasts that damaged the Natanz uranium enrichment plant in Iran in April was a supply-chain attack. Operatives supplied Iran with the marble platforms on which the centrifuges stand, and the marble was embedded with explosives. apnews.com/article/united…
"Media in Israel [have] to clear stories involving security matters through military censors. That Cohen’s remarks apparently cleared the censors suggests Israel wanted to issue a new warning to Iran amid the Vienna nuclear negotiations."
It's confusing which incident Israel TV is referring to. There were explosions at Natanz in July 2020 and April 2021. The 2020 incident involved fire; 2021 incident included explosion but mostly took out electricity. Here's my story about 2021 incident: zetter.substack.com/p/sabotage-at-…
Iranian officials conceded that there had been a "small explosion” in the April incident but downplayed it. That is, until it was reported that an official touring the damaged plant had fallen down a 20-foot hole, suggesting the explosion was more extensive than officials let on.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Really thoughtful explanation from @propublica about why they're publishing tax info for the wealthiest Americans, which they received from an anonymous source. They considered that the info might come from "a state actor hostile to American interests." propublica.org/article/why-we…
"Many will ask about the ethics of publishing such private data. We are doing so—quite selectively and carefully—because we believe it serves the public interest in fundamental ways...[to disclose] tax returns of ppl like Jeff Bezos, Michael Bloomberg, Warren Buffett, Elon Musk"
"While the revelations in today’s story are extraordinary, the procedures..used in assessing the data’s value are standard..nearly everyone who provides material to a reporter is doing so in ways that reflect their...agenda....those motives are irrelevant if the info is reliable"
DoJ announces that it has found and recaptured the majority of the ransom that Colonial Pipeline paid.
They seized the money from a bitcoin wallet.
"We identified a virtual currency wallet that the Darkside actors used to collect payment.... Victim funds were seized from that wallet preventing Darkside actors from using it."
Adding to previous reports that DoJ had seized phone records of WaPo reporters, the NYT now says DoJ also secretly seized phone records of four NYT reporters spanning Jan 14-Apr 30, 2017: Matt Apuzzo, Adam Goldman, Eric Lichtblau and Michael S. Schmidt. nytimes.com/2021/06/02/us/…
In addition to phone records, DoJ also secured a court order to seize logs — but not contents — of the reporters' emails, but “no records" were actually obtained using the order. The Biden admin has since avowed that it will not seize journo records for leak investigations.
DoJ didn't say which article was being investigated but the NYT says it appears to be related to classified info reported in an April 22, 2017 article the reporters wrote about how James Comey "handled politically charged investigations during the 2016 presidential election."
This has gotten a lot of attention in last months and people have tried to bring me into the argument because my book states that Stuxnet used 5 zero-days (one patched before Stuxnet launched so only 4 at time of launch). Liam, Eric and I disagree on what constitutes a 0-day.
They say a hard-coded password that Siemens placed in its system was a 0-day because Stuxnet exploited it. I use the conventional definition of a 0-day as something the vendor doesn't know about and has therefore had 0-days to patch it....
The hardcoded password was intentionally placed there by Siemens, and even after Stuxnet was discovered exploiting it, Siemens warned customers not to change the password or the system wouldn't work. That's not a 0-day to me. Eric, Liam and I laugh about it and agree to disagree.
"Elliptic has identified the Bitcoin wallet used by the DarkSide... this wallet received the 75 BTC payment made by Colonial Pipeline on May 8, following the crippling cyberattack on its operations." So CP paid ransom on Saturday (depending on which timezone this uses)
The wallet has been active since 4th March 2021 and received 57 payments from 21 different wallets. Some of the payments directly match ransoms known to have been paid to DarkSide by victims, such as 78.29 BTC ($4.4 million) sent by chemical distribution company Brenntag May 11.
"It has been reported within the past hours that DarkSide itself has ceased operations and has had its funds seized - and indeed their wallet was emptied of the $5 million in Bitcoin it contained on Thursday afternoon."
Colonial Pipeline paid $5 million ransom to Darkside hackers within hours after attack last week. Once paid, the hackers provided a decrypting tool to restore the company's disabled network. Tool was very slow to work though. bloomberg.com/news/articles/…
Story says Colonial restored netwrk from backups not decrypted systems, because decryption tool was too slow. Note tho, expert I spoke to yesterday says they never restore from ransomed machines because untrustworthy; they always use backup when available zetter.substack.com/p/anatomy-of-o…
Some might ask why, if Colonial paid Friday, it took so long to get pipeline running. As noted in story👇 restoration from backups can take 1-2 months. Expert told me companies often don't have plan for restoring backups, and takes time to coordinate. zetter.substack.com/p/anatomy-of-o…