Sunday, 10 December 2023
KaitaiaWhangareiDargavilleAucklandThamesTaurangaHamiltonWhakataneRotoruaTokoroaTe KuitiTaumarunuiTaupoGisborneNew PlymouthNapierHastingsDannevirkeWhanganuiPalmerston NorthLevinParaparaumuMastertonWellingtonMotuekaNelsonBlenheimWestportReeftonKaikouraGreymouthHokitikaChristchurchAshburtonTimaruWanakaOamaruQueenstownDunedinGoreInvercargill
NZ HeraldThe Northern AdvocateThe Northland AgeThe AucklanderWaikato HeraldBay Of Plenty TimesRotorua Daily PostHawke's Bay TodayWhanganui ChronicleThe Stratford PressManawatu GuardianKapiti NewsHorowhenua ChronicleTe Awamutu CourierVivaEat WellOneRoofDRIVEN Car GuideThe CountryPhoto SalesiHeart RadioRestaurant Hub
Voyager 2023 media awards
Subscribe
Advertisement
Advertise with NZME.
Home / New Zealand

NZ cloud storage company being used by ransomware attackers, says FBI

RNZ
1 Jun, 2021 02:43 AM5 mins to read
Saveshare

Share this article

facebookcopy linktwitterlinkedinredditemail
Waikato DHB's IT centre was the target of a major cyber security attack. Video / Waikato DHB

By Phil Pennington for RNZ

The FBI warns Auckland company Mega.NZ is being used by ransomware attackers.

The company has told RNZ there is no sign hackers are using its service to store patient data stolen from Waikato hospitals, but it cannot rule out the possibility.

The FBI has issued a series of alerts since last year, naming Mega.

Advertisement
Advertise with NZME.

The latest - on May 20, three days after Waikato DHB was crippled - said Mega was one of two cloud storage services that hackers behind mass attacks, including on health services, had been using.

Another, in March, said: "The cyber actors have uploaded stolen data to Mega.NZ, a cloud storage and file sharing service, by uploading the data through the Mega website or by installing the Mega client application directly on a victim's computer."

Mega said there was no way to prevent criminals using legitimate software since they fully controlled the system they hacked.

It was also impossible to know what its 220 million account holders kept on their encrypted files, except if law enforcement or a hacked company alerted it.

Advertisement
Advertise with NZME.

"If they found a Mega link, it would be reported to us and [the account] closed within minutes," Mega chief executive and chair Stephen Hall told RNZ.

He could "not guarantee" Mega's services were not being used by the Waikato DHB's hackers, but so far the company had not been alerted by local police or Waikato DHB.

"All I can say is there's no sign of that being on Mega at this stage," Hall said.

The FBI alerts also referred to hackers using Microsoft's Windows Sysinternals and Swiss firm pCloud.

Mega.NZ is a successor company to Megaupload, set up by Kim Dotcom. Megaupload's domains were seized by the US Department of Justice.

Dotcom exited Mega years ago, and Hong Kong's Cloud Tech Services owns most of it.

'The last thing we would ever want'

It has been suggested the Waikato attack used ransomware called Conti, or Zeppelin.

The FBI said one indicator of a Conti ransomware attack was when large transfers went to Mega or pCloud servers.

Hall, asked if hackers had ever used Mega's premium and very large accounts, which it charges for, said the company was not making money out of stolen data.

Advertisement
Advertise with NZME.

"Absolutely not. Certainly not our intention, nor is that the outcome.

"These people often just use a free account with a small limit, it's transitory.

"And we would never aim to or want to, or nor do we make money from it.

"Because it in fact causes us a lot of grief in tracking down, closing the account, dealing with law enforcement inquiries, and so on.

"It's the last thing we would ever want."

Using cloud storage was akin to the hacker using the phone wires or local computers in an attack, Hall said. Hackers were looking for efficient and fast platforms to exfiltrate data, and Mega was among those.

Advertisement
Advertise with NZME.

In an FBI alert issued in July, it said attackers had "transitioned from uploading and releasing stolen data on Mega to uploading the stolen data to another file sharing service: website.dropmefiles.com".

Dark Web search

The FBI alert in May reported at least 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies and emergency medical services, within the last year, among 400 organisations worldwide hit by Conti.

An RNZ search on the Dark Web of a site labelled "Conti" did not find any mention of Waikato DHB.

Just one New Zealand company name was found, among the hundreds on the site, with a link to thousands of files purportedly hacked from it.

Hall said he was not aware of the general FBI online alerts, but he did respond to its alerts specific to Mega.

Advertisement
Advertise with NZME.

Mega had a good relationship with New Zealand police, and the FBI had sent him letters praising the company responses to hacking; law enforcement agencies were "very, very satisfied".

"I had a very appreciative letter from one major overseas law enforcement operation this week," Hall said, but would not name the agency.

It was difficult to identify people with a track history of stealing data, to block them from opening an account, he said.

Mega's users upload about 65 million files a day, or 750 files per second.

"We can't filter or investigate or index the whole wide world," Hall said.

Though files are encrypted, Mega has access to user registration information and IP addresses, its 2020 transparency report said.

Advertisement
Advertise with NZME.

In "extremely limited situations", Mega might disclose user information and data when it had written assurance from authorities that life or health was at stake.

Mega was served eight legal orders and disclosed information for accounts "alleged to be involved in serious criminal activity overseas," in 2019-2020, the report said.

It also closed down 565,000 accounts for sharing stolen or exploitative content.

Mega promoted its storage saying: "Strong, user-generated end-to-end encryption guarantees that nobody else will have unauthorised access to your data. Not even us."

Saveshare

Share this article

facebookcopy linktwitterlinkedinredditemail
Advertisement
Advertise with NZME.

Latest from New Zealand

New Zealand

Lotto Powerball results: One lucky player wins $8.25m prize

09 Dec 09:04 AM
New Zealand

More delays at Auckland Airport after processing system crash

09 Dec 08:41 AM
New Zealand

'Serious injuries': Four-vehicle crash in Waikato

09 Dec 08:26 AM
New Zealand

'Horrific winds': Crews tackle blazes across several South Island regions

09 Dec 07:41 AM

“Never been a better time to buy an EV”

sponsored
Advertisement
Advertise with NZME.

Latest from New Zealand

Lotto Powerball results: One lucky player wins $8.25m prize

Lotto Powerball results: One lucky player wins $8.25m prize

09 Dec 09:04 AM

Tonight’s winner is the 18th Powerball multi-millionaire of 2023

More delays at Auckland Airport after processing system crash

More delays at Auckland Airport after processing system crash

09 Dec 08:41 AM
'Serious injuries': Four-vehicle crash in Waikato

'Serious injuries': Four-vehicle crash in Waikato

09 Dec 08:26 AM
'Horrific winds': Crews tackle blazes across several South Island regions

'Horrific winds': Crews tackle blazes across several South Island regions

09 Dec 07:41 AM
9 big questions over an EV road trip
sponsored

9 big questions over an EV road trip

About NZMEHelp & SupportContact UsSubscribe to NZ HeraldHouse Rules
Manage Your Print SubscriptionNZ Herald E-EditionAdvertise with NZMEBook Your AdPrivacy Policy
Terms of UseCompetition Terms & ConditionsSubscriptions Terms & Conditions
© Copyright 2023 NZME Publishing Limited
TOP