Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Belgium. Show all posts

Belgium Commences Mega Drug Trial After Covert Apps Cracked

 

A significant trial began in a Belgian court on Monday, involving over 120 individuals accused of offenses such as drug and arms trafficking, extortion, torture, and attempted murder. This trial is notable not only for its sheer scale but also because it will scrutinize law enforcement's audacious methods of hacking encrypted communication services to gather evidence against drug networks across Europe.

Eric Van Duyse, spokesperson for the Belgian prosecutor's office, described the proceedings as a historic trial. The case centers on the groundbreaking actions taken by law enforcement to compromise and access data from secure communication platforms, namely Sky ECC and EncroChat. These hacked datasets were crucial in bringing charges against drug networks operating throughout the European continent.

The hearings are scheduled three times per week in the newly established "Justitia" courtroom within the former NATO headquarters. This courtroom is designed to accommodate significant trials, including those related to the Brussels terror attacks. The judges overseeing the Sky ECC trial aim to deliver a verdict by next spring. The trial's outcome is anticipated to be a testament to the effectiveness of cutting-edge investigative methods, but defense attorneys are poised to challenge the legality of the police hacks, contending that the data used as evidence was obtained unlawfully.

Originally slated to commence in November, the trial faced delays due to defense attorneys seeking the disqualification of judges involved in the case. Meanwhile, prior cases relying on data from Encrochat and Sky ECC have resulted in over 6,500 arrests worldwide, highlighting the global impact of the encrypted communication platforms' compromise, as reported by Europol.

The trial holds significant implications for Europe's escalating drug issue, with Belgium emerging as a major hub for cocaine and drug trafficking. The country's busy port of Antwerp has witnessed a surge in violence related to drug gangs, including a foiled plot to kidnap the former justice minister Vincent Van Quickenborne.

The investigation into Sky ECC began with a hack in July 2020, revealing how French and Dutch authorities obtained over 100 million messages from EncroChat. Subsequently, they uncovered a similar infiltration of Sky ECC, monitoring approximately 70,000 users and initiating a massive effort to decrypt the data and launch investigations.

While these operations successfully thwarted criminal activities, questions have arisen about their legality. Defense lawyers argue that evidence from the Sky ECC proceedings was unlawfully obtained, raising concerns about privacy violations and the right to a fair trial. The unprecedented nature of these operations has prompted legal challenges, with defense practitioners seeking clarity on national and supranational rules governing such investigations.

The defense contends that law enforcement's infiltration of an encrypted communication app sets a dangerous precedent, challenging fundamental legal principles. The issue of privacy infringement has been acknowledged by some courts, such as a Dutch court, which deemed it legally justifiable due to the predominantly criminal nature of the targeted user group. Legal challenges and questions about European cooperation in handling evidence gathered across jurisdictions further complicate the trial, with broader implications for the evolving landscape of law enforcement and privacy rights in Europe.

Hackers Exploit Log4j Flaw to Attack Belgium Defense Ministry

 

The Belgian Ministry of Defense has stated that the Log4j vulnerability was used in a cyberattack on its networks. 

The Defense Ministry said in a statement that an attack on its computer network with internet access was identified on Thursday. They didn't disclose whether the attack was ransomware, but they did state that "quarantine measures" were swiftly implemented to "contain the affected elements." 

The Defense Ministry stated, "Priority was given to the operability of the network. Monitoring will continue. Throughout the weekend, our teams were mobilized to contain the problem, continue our operations and alert our partners." 

"This attack follows the exploitation of the Log4j vulnerability, which was made public last week and for which IT specialists around the world are jumping into the breach. The Ministry of Defense will not provide any further information at this stage." 

Government hacking groups all across the world are using the Log4j vulnerability, according to multiple reports from firms like Google and Microsoft. State-sponsored hackers from China, Turkey, Iran, and North Korea, according to Microsoft, have begun testing, exploiting, and abusing the Log4j issue to spread a range of malware, including ransomware. 

According to multiple sources, since the vulnerability was found over two weeks ago, cybercriminal organisations have attempted to exploit it not only to acquire a foothold in networks but also to sell that access to others. 

To avoid attacks and breaches, governments around the world have advised agencies and companies to fix their systems or devise mitigation strategies. Singapore conducted emergency meetings with vital information infrastructure sectors to prepare them for potential Log4j-related threats, and the US' Cybersecurity and Infrastructure Security Agency instructed all federal civilian agencies to fix systems before Christmas. 

Katrien Eggers, a spokesperson for the Centre for Cybersecurity Belgium, told ZDNet that the organisation had also issued a warning to Belgian companies about the Apache Log4j software issue, stating that any organisation that had not already taken action should "expect major problems in the coming days and weeks." 

The Centre for Cybersecurity Belgium stated, adding that any affected organizations should contact them. "Because this software is so widely distributed, it is difficult to estimate how the discovered vulnerability will be exploited and on what scale. It goes without saying that this is a dangerous situation."

Ryuk Ransomware Hits City of Liège

 

Liege, the third biggest city in Belgium, was hit by a ransomware attack resulting in the disruption of the municipality’s IT network and online services. As a precautionary measure, IT staff shut down its network to avoid the malware from spreading. The Liège officials launched an investigation into the attack with the help of international security experts and are currently working to restore the operations. 

The officials also published a non-exhaustive list of services that have been affected. These include the bookings for town halls, birth registration, wedding, burial services, collection of passports, driving licenses, identity cards, and other important documents. Online forms for event permits and paid parking are also down. 

“The City of Liège, surrounded by experts of international competence, analyzes the scale of this attack and its consequences, in particular in terms of duration on the partial unavailability of its IT system. It is doing everything to restore the situation as soon as possible. Services to the public are currently heavily impacted,” reads the status page published by the city.

The city officials only reported the incident as a “computer attack”. However, two Belgian media outlets, a radio station, and a TV station claimed that the attack may have been conducted by a group using Ryuk ransomware. Recently, the National Cybersecurity Agency of France (ANSSI) identified a new variant of Ryuk. It possesses worm-like capabilities and can spend weeks or even months inside a victim’s network, conducting reconnaissance and quietly moving ransomware to important systems, often using standard Windows administration tools.

The attack against the Liege municipality is not a one-time attack. Threat actors often target local city networks because many cannot afford top-of-the-line security nor new IT gear, often running severely outdated servers and workstations with a small IT staff. The list of targeted municipalities includes the City of Tulsa, City of Saint John, Albany, Atlanta, Baltimore, Florence, Knoxville, Lafayette, New Orleans, and more. 

According to the latest report by Ransomware Task Force, in 2020 average ransom payments raised 170 percent year-on-year, and the total sum paid in ransom increased 310 percent. It is estimated that ransomware gangs collected at least $150 million in ransoms, with one victim paying $34 million to restore their systems

More Than 200 Belgian Organizations Knocked Offline in a Massive DDoS Attack

 

Belgium's national public sector network Belnet suffered a massive DDoS (distributed denial of service) attack on Tuesday that paralyzed internet access for all institutions linked to the Belnet network, including the federal government and parliament, universities, researchers, and reservations for the country's vaccination program.

The attackers specifically targeted Belnet, a government-funded ISP that provides internet connectivity for Belgian government organizations, such as its Parliament, educational institutions, ministries, and research centers.

According to the local authorities, the incident has impacted the activities of more than 200 Belgian government organizations which includes My Minfin, the government’s official tax- and form-filling portal, but also IT systems used by schools and universities for remote learning applications. In a tweet today, the Belgium Justice Department also reported disruptions but did not go into details. 

"The fact that the perpetrators of the attack constantly changed tactics made it even more difficult to neutralize it. We are fully aware of the impact on the organizations connected to our network and their users and we are aware that this has profoundly disrupted their functioning,” said Dirk Haex, technical director at Belnet.

Parliament and other government activities were also disrupted today because some meetings couldn’t take place as they couldn’t be streamed for remote participants due to the ongoing DDoS attack. The country’s COVID-19 vaccine reservation portal, which is hosted on Belnet’s infrastructure, was also knocked offline as a result of the attack. 

According to the official Twitter account for the Belgian Chamber of Representatives, only the Finance and Foreign Relations committee was able to hold a meeting on Tuesday before others had to be canceled due to the ongoing DDoS attack. Several Belgium politicians and political observers noted today that the attack started around the same time the Belgium Parliament’s Foreign Affairs Committee was supposed to hold a meeting and hear a testimony from a survivor of China’s Uyghur forced labor camps. 

Neither Belnet nor any other Belgium government organization have attributed the DDoS attack to any particular entity and seeing that the attack is still ongoing and would have to be investigated, attribution is currently very far away.