Hackers threaten to publish legal aid files unless member is freed
Members of the ShinyHunters cybercrime group made the threat on a new Telegram channel, marking the first public claim for the attack on the agency, which happened in April.
The group said in the Telegram post that if the Ministry of Justice (MoJ) did not 'free' an individual, whom The Times is choosing not to name, by 6am on Monday 'we will leak all the GitHub repositories and the Legal Aid Agency Ministry of Justice database'. The threat did not appear to have been carried out as the deadline passed.
The hack has caused chaos in legal circles and the data stolen is highly personal, including criminal history and financial information, such as debt and payment records. Large parts of the legal aid system remain offline, leading some barristers to say they are not being paid.
The group demanded about £1.5 million in bitcoin as a ransom from the MoJ, but the public sector does not pay cybercriminals and will soon be prevented from doing so by law.
The hackers on Telegram appeared to try to confirm who they were by publishing an injunction taken out on them by the MoJ to prevent publication of the stolen data.
ShinyHunters has been linked to a wave of recent hacks on Qantas, Allianz Life, LVMH, Adidas and Google. In particular, it has been targeting client relationship data that companies hold and manage via Salesforce software.
Hackers pretend to be a member of IT support for the company and convince a member of staff to install a piece of software that looks like an official Salesforce app. However, it is a piece of malicious software that extracts data.
In June, Google Threat Intelligence appeared to anticipate the new channel, saying: 'We believe threat actors using the 'ShinyHunters' brand may be preparing to escalate their extortion tactics by launching a data leak site. These new tactics are likely intended to increase pressure on victims.'
The ShinyHunters' tactics resemble the methods used by Scattered Spider, a group that has been accused of carrying out retail hacks on Marks & Spencer, Co-Op and Harrods. Four people have been arrested in connection with retail hacks.
The two groups have been linked by security experts because they appear to have some common members and are part of a loose collective of cybercriminals known as The Com.
ShinyHunters has also been linked to the recent hack on Ticketmaster and other large companies that were using Snowflake, the data storage firm.
The MoJ was approached for comment.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Independent
24 minutes ago
- The Independent
Manchester Arena bomb plotter Hashem Abedi charged with attempted murder after attacking prison guards
Manchester Arena plotter Hashem Abedi has been charged with three counts of attempted murder after four prison officers were injured at a maximum security prison. Abedi, 28, is also charged with one count of assault occasioning actual bodily harm and one count of unauthorised possession of a knife or offensive weapon after the incident at HMP Frankland in Durham on April 12. Counter Terrorism Policing North East said it had carried out a "thorough investigation" of the incident with Durham Constabulary and HMP Frankland. Abedi, who remains in prison, is due to appear at Westminster Magistrates' Court on September 18. Three prison officers were taken to hospital with serious injuries following the incident.
The Independent
24 minutes ago
- The Independent
Russia restricts calls via WhatsApp and Telegram, the latest step to control the internet
Russian authorities announced Wednesday they were 'partially' restricting calls in messaging apps Telegram and WhatsApp, the latest step in an effort to tighten control over the internet. In a statement, government media and internet regulator Roskomnadzor justified the measure as necessary for fighting crime, saying that 'according to law enforcement agencies and numerous appeals from citizens, foreign messengers Telegram and WhatsApp have become the main voice services used to deceive and extort money, and to involve Russian citizens in sabotage and terrorist activities.' The regulator also alleged that 'repeated requests to take countermeasures have been ignored by the owners of the messengers.' There was no immediate comment from either platform. Russian authorities have long engaged in a deliberate and multipronged effort to rein in the internet. Over the years, they have adopted restrictive laws and banned websites and platforms that won't comply. Technology has been perfected to monitor and manipulate online traffic. While it's still possible to circumvent restrictions by using virtual private network services, those are routinely blocked, too. Authorities further restricted internet access this summer with widespread shutdowns of cellphone internet connections and by adopting a law punishing users for searching for content they deem illicit. They have also threatened to go after WhatsApp — one of the most popular platforms in the country — while rolling out a new 'national' messaging app that's widely expected to be heavily monitored. Reports that calls were being disrupted in WhatsApp and Telegram appeared in Russian media earlier this week, with users complaining about calls not going through or not being able to hear each other speak. According to Russian media monitoring service Mediascope, WhatsApp in July was the most popular platform in Russia, with over 96 million monthly users. Telegram, with more than 89 million users, came a close second. Both platforms had their run-ins with the Russian authorities in the past. The Kremlin tried to block Telegram between 2018-20 but failed. After Russia's full-scale invasion of Ukraine in 2022, the government blocked major social media like Facebook and Instagram, and outlawed their parent company, Meta, that also owns WhatsApp, as extremist. In July, lawmaker Anton Gorelkin said WhatsApp 'should prepare to leave the Russian market,' and a new 'national' messenger, MAX, developed by Russian social media company VK, would take its place. MAX, promoted as a one-stop shop for messaging, online government services, making payments and more, was rolled out for beta tests but has yet to attract a wide following. Over 2 million people registered by July, the Tass news agency reported. Its terms and conditions say it will share user data with authorities upon request, and a new law stipulates its preinstallation in all smartphones sold in Russia. State institutions, officials and businesses are actively encouraged to move communications and blogs to MAX.
The Independent
24 minutes ago
- The Independent
Hashem Abedi charged with attempted murder after prison officers injured
Manchester Arena plotter Hashem Abedi has been charged with three counts of attempted murder after four prison officers were injured at a maximum security prison. Abedi, 28, is also charged with one count of assault occasioning actual bodily harm and one count of unauthorised possession of a knife or offensive weapon after the incident at HMP Frankland in Durham on April 12. Counter Terrorism Policing North East said it had carried out a 'thorough investigation' of the incident with Durham Constabulary and HMP Frankland. Abedi, who remains in prison, is due to appear at Westminster Magistrates' Court on September 18. Three prison officers were taken to hospital with serious injuries following the incident.
