Slashdot security articles

Syndicate content Slashdot: Generated for TarPitt (217247)
News for nerds, stuff that matters: Generated for TarPitt (217247)
Updated: 20 hours 33 min ago

Wired Remembers the Glory Days of Flash

Sun, 10/13/2019 - 17:36
Wired recently remembered Flash as "the annoying plugin" that transformed the web "into a cacophony of noise, colour, and controversy, presaging the modern web." They write that its early popularity in the mid-1990s came in part because "Microsoft needed software capable of showing video on their website,, then the default homepage of every Internet Explorer user." But Flash allowed anyone to become an animator. (One Disney artist tells them that Flash could do in three days what would take a professional animator 7 months -- and cost $10,000.) Their article opens in 2008, a golden age when Flash was installed on 98% of desktops -- then looks back on its impact: The online world Flash entered was largely static. Blinking GIFs delivered the majority of online movement. Constructed in early HTML and CSS, websites lifted clumsily from the metaphors of magazine design: boxy and grid-like, they sported borders and sidebars and little clickable numbers to flick through their pages (the horror). Flash changed all that. It transformed the look of the web... Some of these websites were, to put it succinctly, absolute trash. Flash was applied enthusiastically and inappropriately. The gratuitous animation of restaurant websites was particularly grievous -- kitsch abominations, these could feature thumping bass music and teleporting ingredients. Ishkur's 'guide to electronic music' is a notable example from the era you can still view -- a chaos of pop arty lines and bubbles and audio samples, it looks like the mind map of a naughty child... In contrast to the web's modern, business-like aesthetic, there is something bizarre, almost sentimental, about billion-dollar multinationals producing websites in line with Flash's worst excess: long loading times, gaudy cartoonish graphics, intrusive sound and incomprehensible purpose... "Back in 2007, you could be making Flash games and actually be making a living," remembers Newgrounds founder Tom Fulp, when asked about Flash's golden age. "That was a really fun time, because that's kind of what everyone's dream is: to make the games you want and be able to make a living off it." Wired summarizes Steve Jobs' "brutally candid" diatribe against Flash in 2010. "Flash drained batteries. It ran slow. It was a security nightmare. He asserted that an era had come to an end... '[T]he mobile era is about low power devices, touch interfaces and open web standards -- all areas where Flash falls short.'" Wired also argues that "It was economically viable for him to rubbish Flash -- he wanted to encourage people to create native games for iOS." But they also write that today, "The post-Flash internet looks different. The software's downfall precipitated the rise of a new moulded by the specifications of the smartphone and the growth of social media," favoring hits of information rather than striving for more immersive, movie-emulating thrills. And they add that though Newgrounds long-ago moved away from Flash, the site's founder is now working on a Flash emulator to keep all that early classic content playable in a browser.

Invisible Hardware Hacks Allowing Full Remote Access Cost Pennies

Sun, 10/13/2019 - 10:36
Long-time Slashdot reader Artem S. Tashkinov quotes Wired: More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks. Apple, Amazon, and Supermicro all vehemently denied the report. The NSA dismissed it as a false alarm. The Defcon hacker conference awarded it two Pwnie Awards, for "most overhyped bug" and "most epic fail." And no follow-up reporting has yet affirmed its central premise. But even as the facts of that story remain unconfirmed, the security community has warned that the possibility of the supply chain attacks it describes is all too real. The NSA, after all, has been doing something like it for years, according to the leaks of whistle-blower Edward Snowden. Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off -- just a motivated hardware hacker with the right access and as little as $200 worth of equipment.

IRS Programmer Stole Identities, Funded A Two-Year Shopping Spree

Sun, 10/13/2019 - 07:34
A computer programmer at America's tax-collecting agency "stole multiple people's identities, and used them to open illicit credit cards to fund vacations and shop for shoes and other goods," write Quartz, citing a complaint unsealed last week in federal court. An anonymous reader quotes their report: The complaint accuses the 35-year-old federal worker of racking up almost $70,000 in charges over the course of two years, illegally using "the true names, addresses, dates of birth, and Social Security numbers" of at least three people. The US Treasury Department's Inspector General for Tax Administration, which oversees internal wrongdoing at the Internal Revenue Service (IRS), is investigating the crime, although the complaint doesn't specify how the employee obtained the information. The arrest, however, comes just months after the Government Accountability Office -- the federal government's auditor, essentially -- issued a report raising concerns about the security of taxpayer information held at the IRS. The report said that unaddressed shortcomings left taxpayer data "unnecessarily vulnerable to inappropriate and undetected use, modification, or disclosure," which could allow employees or outsiders to illegally access millions of people's personal information. An IRS call center employee in Atlanta pleaded guilty last year to illegally using taxpayer data to file fraudulent tax returns, ultimately collecting almost $6,000. In 2016, another IRS worker in Atlanta admitted to improperly accessing the personal information of two taxpayers, amassing close to half a million dollars from illicit tax refunds.... The IRS employee's alleged scheme took place between January 2016 and February 2018, according to court filings. Investigators say he used a fraudulently obtained American Express card to fly to Sacramento and Miami Beach. He also used the card for some 37 Uber rides, nine payments on his father's Amazon account totaling $1,200, various purchases at Lowe's, the Designer Shoe Warehouse, BJ's Wholesale Club, and a flooring outlet, as well as a $7,400 payment to a business he owned. The complaint says the employee, who works for the tax agency as a software developer, obtained a second fraudulent credit card, which he used to fly to Montego Bay, Jamaica. A third fraudulent card was used to travel to Iceland. In a particularly brazen move, investigators say the suspect linked this card to a phony PayPal account he opened using his official IRS email address. Two of the credit cards were delivered to his home address, while a third was sent to his parents' address, according to the article. "The phone numbers listed on the accounts also belonged to the suspect, and he accessed emails associated with the accounts from his home IP address."

Ransomware Gang's Victim Cracks Their Server and Releases All Their Decryption Keys

Sat, 10/12/2019 - 10:34
"A user got his revenge on the ransomware gang who encrypted his files by hacking their server and releasing the decryption keys for all victims," writes ZDNet. ccnafr shared their report: One of the gang's victims was Tobias Frömel, a German software developer. Frömel was one of the victims who paid the ransom demand so he could regain access to his files. However, after paying the ransom, Frömel also analyzed the ransomware, gained insight into how Muhstik operated, and then retrieved the crooks' database from their server. "I know it was not legal from me," the researcher wrote in a text file he published online on Pastebin earlier Monday, containing 2,858 decryption keys. "I'm not the bad guy here," Frömel added. Besides releasing the decryption keys, the German developer also published a decrypter that all Muhstik victims can use to unlock their files. The decrypter is available on MEGA [VirusTotal scan], and usage instructions are avaiable on the Bleeping Computer forum. In the meantime, Frömel has been busy notifying Muhstik victims on Twitter about the decrypter's availability, advising users against paying the ransom.

Laser Cutters Sold On Amazon and Elsewhere Are Cheap, Fun -- and Dangerous

Fri, 10/11/2019 - 09:35
harrymcc writes: Go to Amazon,, and eBay, and you can find an array of companies selling laser cutters and engravers for a few hundred dollars -- dramatically less than you'll pay for a brand name such as Glowforge. But these budget models lack the safety features required to keep lasers safe, and may even have ignored the required FDA paperwork to put them on the market. Over at Fast Company, Glenn Fleishman wrote about the dangers of these devices. When alerted of specific models, the ecommerce sites removed them -- but many others remain for sale.

Computer Historians Crack Passwords of Unix's Early Pioneers

Thu, 10/10/2019 - 13:00
JustAnotherOldGuy shares a report from Boing Boing: Early versions of the free/open Unix variant BSD came with password files that included hashed passwords for such Unix luminaries as Dennis Ritchie, Stephen R. Bourne, Eric Schmidt, Brian W. Kernighan and Stuart Feldman. Leah Neukirchen recovered an BSD version 3 source tree and revealed that she was able to crack many of the weak passwords used by the equally weak hashing algorithm from those bygone days. Dennis MacAlistair Ritchie's was "dmac," Bourne's was "bourne," Schmidt's was "wendy!!!" (his wife's name), Feldman's was "axlotl," and Kernighan's was "/.,/.,." Four more passwords were cracked by Arthur Krewat: Ozalp Babaolu's was "12ucdort," Howard Katseff's was "graduat;," Tom London's was "..pnn521," Bob Fabry's was "561cml.." and Ken Thompson's was "p/q2-q4!" (chess notation for a common opening move). BSD 3 used Descrypt for password hashing, which limited passwords to eight characters, salted with 12 bits of entropy.

Cisco Hit By an Internal Network Outage

Thu, 10/10/2019 - 07:20
Not a great start to the day for Cisco employees, many of which are struggling in the face of an internal IT outage. From a report: The technology and networking giant confirmed in a tweet it was "aware of some disruption" to its IT systems and is "working" on restoring the network. Worse, the company's corporate blog also went kaput. For a period, Cisco's blog was displaying the default WordPress install page. But at the time of publication, the blog had been restored. Some customers were unable to login through Cisco's single sign-on.

Amazon Workers May Be Watching Your Cloud Cam Home Footage

Thu, 10/10/2019 - 06:41
An anonymous reader shares a report: In a promotional video, Amazon says its Cloud Cam home security camera provides "everything you need to monitor your home, day or night." In fact, the artificially intelligent device requires help from a squad of invisible employees. Dozens of Amazon workers based in India and Romania review select clips captured by Cloud Cam, according to five people who have worked on the program or have direct knowledge of it. Those video snippets are then used to train the AI algorithms to do a better job distinguishing between a real threat (a home invader) and a false alarm (the cat jumping on the sofa). An Amazon team also transcribes and annotates commands recorded in customers' homes by the company's Alexa digital assistant, Bloomberg reported in April. AI has made it possible to talk to your phone. It's helping investors predict shifts in market sentiment. But the technology is far from infallible. Cloud Cam sends out alerts when it's just paper rustling in a breeze. Apple's Siri and Amazon's Alexa still occasionally mishear commands. One day, engineers may overcome these shortfalls, but for now AI needs human assistance. Lots of it. At one point, on a typical day, some Amazon auditors were each annotating about 150 video recordings, which were typically 20 to 30 seconds long, according to the people, who requested anonymity to talk about an internal program.

Critical Remote Code Execution Flaw Fixed In Popular Terminal App For MacOS

Wed, 10/09/2019 - 14:40
itwbennett shares a report from CSO: iTerm2 users: It's time to upgrade. A security audit sponsored by the Mozilla Open Source Support Program uncovered a critical remote code execution (RCE) vulnerability in the popular open-source terminal app for macOS. ITerm2 is an open-source alternative to the built-in macOS Terminal app, which allows users to interact with the command-line shell. Terminal apps are commonly used by system administrators, developers and IT staff in general, including security teams, for a variety of tasks and day-to-day operations. The iTerm2 app is a popular choice on macOS because it has features and allows customizations that the built-in Terminal doesn't, which is why the Mozilla Open Source Support Program (MOSS) decided to sponsor a code audit for it. The MOSS was created in the wake of the critical and wide-impact Heartbleed vulnerability in OpenSSL with the goal of sponsoring security audits for widely used open-source technologies. The flaw, which is now tracked as CVE-2019-9535, has existed in iTerm2 for the past seven years and is located in the tmux integration. Tmux is a terminal multiplexer that allows running multiple sessions in the same terminal window by splitting the terminal screen. The flaw was fixed in iTerm2 version 3.3.6, which was released today.

Tor Project Removes 13.5% of Current Servers For Running EOL Versions

Wed, 10/09/2019 - 13:25
An anonymous reader writes: The Tor Project has removed from its network this week more than 800 servers that were running outdated and end-of-life (EOL) versions of the Tor software. The removed servers represent roughly 13.5% of the 6,000+ servers that currently comprise the Tor network and help anonymize traffic for users across the world. Roughly 750 of the removed servers represent Tor middle relays, and 62 are exit relays -- where users exit the Tor network onto the world wide web after having their true location hidden through the Tor network. The organization said it plans to release a Tor software update in November that will natively reject connections with EOL Tor server versions by default, without any intervention from the Tor Project staff. "Until then, we will reject around 800 obsolete relays using their fingerprints," the Tor Project said in a statement this week.

Schneier Slams Australia's Encryption Laws and CyberCon Speaker Bans

Wed, 10/09/2019 - 12:05
Governments breaking encryption is bad, and "will get worse once breaking encryption means people can die," says one of the world's leading security experts. From a report: "Australia has some pretty draconian laws about forcing tech companies to break security," says cryptographer and computer security professional Bruce Schneier. He's referring to the controversial Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, which came into force in December. "I actually don't like that, because stuff that you do flows downhill to the US. So stop doing that," he told the Australian Cybersecurity Conference, or CyberCon, in Melbourne on Wednesday. Schneier's argument against breaking encrypted communications is simple. "You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can't have 'We get to spy, you don't.' That's not the way the tech works," he said. "As this tech becomes more critical to life, we simply have to believe, accept, that securing it is more important than leaving it insecure so you can eavesdrop on the bad guys."

Twitter Took Phone Numbers for Security and Used Them for Advertising

Tue, 10/08/2019 - 16:50
When some users provided Twitter with their phone number to make their account more secure, the company used this information for advertising purposes, the company said today. From a report: This isn't the first time that a large social network has taken information explicitly meant for the purposes of security, and then quietly or accidentally use it for something else entirely. Facebook did something similar with phone numbers provided by users for two-factor authentication, the company confirmed last year. "We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system," Twitter's announcement reads. In short, when an advertiser using Twitter uploaded their own marketing list of email addresses or phone numbers, Twitter may have matched the list to people on Twitter "based on the email or phone number the Twitter account holder provided for safety and security purposes," the post adds.

FBI's Use of Surveillance Database Violated Americans' Privacy Rights: Court

Tue, 10/08/2019 - 14:50
An anonymous reader quotes a report from The Wall Street Journal: Some of the Federal Bureau of Investigation's electronic surveillance activities violated the constitutional privacy rights of Americans swept up in a controversial foreign intelligence program (Warning: source paywalled; alternative source), a secretive surveillance court has ruled. The ruling deals a rare rebuke to U.S. spying activities that have generally withstood legal challenge or review. The intelligence community disclosed Tuesday that the Foreign Intelligence Surveillance Court last year found that the FBI's pursuit of data about Americans ensnared in a warrantless internet-surveillance program intended to target foreign suspects may have violated the law authorizing the program, as well as the Constitution's Fourth Amendment protections against unreasonable searches. The court concluded that the FBI had been improperly searching a database of raw intelligence for information on Americans -- raising concerns about oversight of the program, which as a spy program operates in near total secrecy. The court ruling identifies tens of thousands of improper searches of raw intelligence databases by the bureau in 2017 and 2018 that it deemed improper in part because they involved data related to tens of thousands of emails or telephone numbers -- in one case, suggesting that the FBI was using the intelligence information to vet its personnel and cooperating sources. Federal law requires that the database only be searched by the FBI as part of seeking evidence of a crime or for foreign intelligence information. In other cases, the court ruling reveals improper use of the database by individuals. In one case, an FBI contractor ran a query of an intelligence database -- searching information on himself, other FBI personnel and his relatives, the court revealed. U.S. District Judge James Boasberg said that the Trump administration failed to persuasively argue that the bureau would not be able to properly tackle national security threats if the program was altered to better protect citizen privacy.

Senator Proposes Mandatory Labeling For Products With Mics, Cameras

Tue, 10/08/2019 - 14:10
Senator Cory Gardner (R-Colo.) introduced a bill, dubbed the Protecting Privacy in our Homes Act, that would require tech companies to include a label on products disclosing the presence of internet-connected microphones or cameras. "The proposed law does not define what kind of labels would need to be appended but rather would order the Federal Trade Commission to put in place specific regulations 'under which each covered manufacturer shall be required to include on the packaging of each covered device manufactured by the covered manufacturer a notice that a camera or microphone is a component of the covered device,'" reports Ars Technica. From the report: "Consumers face a number of challenges when it comes to their privacy, but they shouldn't have a challenge figuring out if a device they buy has a camera or microphone embedded into it," Gardner said. "This legislation is about consumer information, consumer empowerment, and making sure we're doing everything we can to protect consumer privacy." Most products that ship with cameras or microphones included tout the inclusion of such recording devices as a selling point, which could make this kind of regulation feel redundant at best. That said, there's quite a difference between "most" and "all." A rule such as the regulation Gardner proposes would close the gap that, for example, led owners of Nest Secure devices to the unpleasant discovery earlier this year that the products had shipped with undisclosed microphones.

D-Link Home Routers Open To Remote Takeover Will Remain Unpatched

Tue, 10/08/2019 - 13:30
D-Link won't patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code. Threatpost reports: The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet's FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers). The root cause of the vulnerability, according to Fortinet, is a lack of a sanity check for arbitrary commands that are executed by the native command-execution function. Fortinet describes this as a "typical security pitfall suffered by many firmware manufacturers." With no patch available, affected users should upgrade their devices as soon as possible.

US Expands Blacklist To Include China's Top AI Startups Ahead of Trade Talks

Tue, 10/08/2019 - 12:50
An anonymous reader quotes a report from Reuters: The U.S. government widened its trade blacklist to include some of China's top artificial intelligence startups, punishing Beijing for its treatment of Muslim minorities and ratcheting up tensions ahead of high-level trade talks in Washington this week. The decision, which drew a sharp rebuke from Beijing, targets 20 Chinese public security bureaus and eight companies including video surveillance firm Hikvision, as well as leaders in facial recognition technology SenseTime Group Ltd and Megvii Technology Ltd. The action bars the firms from buying components from U.S. companies without U.S. government approval -- a potentially crippling move for some of them. It follows the same blueprint used by Washington in its attempt to limit the influence of Huawei for what it says are national security reasons. The Commerce Department said in a filing the "entities have been implicated in human rights violations and abuses in the implementation of China's campaign of repression, mass arbitrary detention, and high-technology surveillance against Uighurs, Kazakhs, and other members of Muslim minority groups." "The U.S. Government and Department of Commerce cannot and will not tolerate the brutal suppression of ethnic minorities within China," said Secretary of Commerce Wilbur Ross. In response, foreign ministry spokesman Geng Shuang said the U.S. should stop interfering in its affairs and that it will continue to take firm and resolute measures to protect its sovereign security.

Bipartisan Senate Report Calls For Sweeping Effort To Prevent Russian Interference in 2020 Election

Tue, 10/08/2019 - 11:21
A bipartisan panel of U.S. senators Tuesday called for sweeping action by Congress, the White House and Silicon Valley to ensure social media sites aren't used to interfere in the coming presidential election, delivering a sobering assessment about the weaknesses that Russian operatives exploited in the 2016 campaign. From a report: The Senate Intelligence Committee, a Republican-led panel that has been investigating foreign electoral interference for more than two and a half years, said in blunt language that Russians worked to damage Democrat Hillary Clinton while bolstering Republican Donald Trump -- and made clear that fresh rounds of interference are likely ahead of the 2020 vote. "Russia is waging an information warfare campaign against the U.S. that didn't start and didn't end with the 2016 election," said Sen. Richard Burr (R-N.C.), the committee's chairman. "Their goal is broader: to sow societal discord and erode public confidence in the machinery of government. By flooding social media with false reports, conspiracy theories, and trolls, and by exploiting existing divisions, Russia is trying to breed distrust of our democratic institutions and our fellow Americans." Though the 85-page report itself had extensive redactions, in the visible sections lawmakers urged their peers in Congress to act, including through the potential adoption of new regulations that would make who bought an ad more transparent. The report also called on the White House and the executive branch to adopt a more forceful, public role, warning Americans about the ways in which dangerous misinformation can spread while creating new teams within the U.S. government to monitor for threats and share intelligence with industry.

Automatic License Plate Readers Are Making Getaway Cars Extinct

Mon, 10/07/2019 - 16:10
An anonymous reader shares a report: On Tuesday, Sept. 10, the Total Choice Credit Union in Laplace, Louisiana was robbed. At approximately 3:06 pm, a man in his early thirties walked in wearing jeans, a white shirt, sunglasses, and a brown dreadlock wig, according to a now-unsealed complaint filed last month in US federal court. He passed a handwritten note to one of the tellers which read: "ROBBERY. I DON'T WANT TO (HURT) OR (KILL) YOU OR ANYONE IN HERE SO I AM GOING TO GIVE YOU (FIVE SECONDS) TO (EMPTY) YOUR (REGISTER)." The teller handed over more than $7,000 to the thief, who fled on foot. Investigators canvassed the area for nearby surveillance cameras that might have picked up any clues. They found one with footage of an "older model white single-cab pickup truck stopped in the area directly behind the bank," a minute or two before the robbery went down. That's when cops turned to a tool that has rendered the concept of a getaway car all but obsolete -- the national network of automated license plate readers. These are fixed cameras with sensors that can be found in on utility poles, streetlights, overpasses, in police cars, even within traffic cones and digital speed display signs that show drivers how fast they're going. The technology, known as ALPR, can clock roughly 2,000 plates a minute, on vehicles traveling up to 120 mph. Each license plate is photographed and the date, time, and location are recorded. Law enforcement can access a target's movements in real time, or mine the data later to track a suspect's daily patterns. ALPR systems cast an incredibly wide net that has made it far easier for cops to catch criminals. The method has also drawn harsh criticism from the American Civil Liberties Union (ACLU) and privacy advocates as "a technology deployed with too few rules," and "a form of mass surveillance." There are few accurate estimates of the exact number of ALPRs across the US, which is a hodgepodge of local, state, and federal and tribal license plate readers.

The Privacy Trade-Offs of Cheap Android Smartphones

Mon, 10/07/2019 - 14:10
Fast Company highlights some of the "privacy nightmares" surrounding low-cost Android smartphones, which can be very attractive for those on a tight budget. One example is the MYA2 MyPhone: According to an analysis by the advocacy group Privacy International, a $17 Android smartphone called MYA2 MyPhone, which was launched in December 2017, has a host of privacy problems that make its owner vulnerable to hackers and to data-hungry tech companies. First, it comes with an outdated version of Android with known security vulnerabilities that can't be updated or patched. The MYA2 also has apps that can't be updated or deleted, and those apps contain multiple security and privacy flaws. One of those pre-installed apps that can't be removed, Facebook Lite, gets default permission to track everywhere you go, upload all your contacts, and read your phone's calendar. The fact that Facebook Lite can't be removed is especially worrying because the app suffered a major privacy snafu earlier this year when hundreds of millions of Facebook Lite users had their passwords exposed. Philippines-based MyPhone said the specs of the MYA2 limited it to shipping the phone with Android 6.0, and since then it says it has "lost access and support to update the apps we have pre-installed" with the device. Given that the MYA2 phone, like many low-cost Android smartphones, runs outdated versions of the Android OS and can't be updated due to their hardware limitations, users of such phones are limited to relatively light privacy protections compared to what modern OSes, like Android 10, offer today. The MYA2 is just one example of how cheap smartphones leak personal information, provide few if any privacy protections, and are incredibly easy to hack compared to their more expensive counterparts.

Hospitals That Are Turning Away Patients Reportedly Pay Ransomware Attackers

Mon, 10/07/2019 - 12:50
An anonymous reader quotes a report from Ars Technica: Three Alabama hospitals have paid a ransomware demand to the criminals who waged a crippling malware attack that's forcing the hospitals to turn away all but the most critical patients, the Tuscaloosa News reported. As reported last Tuesday, ransomware shut down the hospitals' computer systems and prevented staff from following many normal procedures. Officials have been diverting non-critical patients to nearby hospitals and have warned that emergency patients may also be relocated once they are stabilized. An updated posted on Saturday said the diversion procedure remained in place. All three hospitals are part of the DCH health system in Alabama. Over the weekend, the Tuscaloosa News said DCH officials made a payment to the people responsible for the ransomware attack. The report didn't say how much officials paid. Saturday's statement from DCH officials said they have obtained a decryption key but didn't say how they obtained it. The statement read in part: "In collaboration with law enforcement and independent IT security experts, we have begun a methodical process of system restoration. We have been using our own DCH backup files to rebuild certain system components, and we have obtained a decryption key from the attacker to restore access to locked systems. We have successfully completed a test decryption of multiple servers, and we are now executing a sequential plan to decrypt, test, and bring systems online one-by-one. This will be a deliberate progression that will prioritize primary operating systems and essential functions for emergency care. DCH has thousands of computer devices in its network, so this process will take time. We cannot provide a specific timetable at this time, but our teams continue to work around the clock to restore normal hospital operations, as we incrementally bring system components back online across our medical centers. This will require a time-intensive process to complete, as we will continue testing and confirming secure operations as we go."