Saturday, July 03, 2021

 

ExxonMobil lobbyists filmed saying oil giant’s support for carbon tax a PR ploy

Undercover reporter hears company worked to undermine Biden efforts and funded shadow groups to deny global heating

The ExxonMobil refinery in Baton Rouge. Greenpeace said that Unearthed reporters posed as recruitment consultants looking to hire a Washington lobbyist for a major client.
The ExxonMobil refinery in Baton Rouge. Greenpeace said that Unearthed reporters posed as recruitment consultants looking to hire a Washington lobbyist for a major client. Photograph: Kathleen Flynn/Reuters
Supported by
guardian.org
About this content

Lobbyists for ExxonMobil have described the oil giant’s backing for a carbon tax as a public relations ploy intended to stall more serious measures to combat the climate crisis.

Two senior lobbyists based in Washington told an undercover reporter for Unearthed, the investigative journalism branch of Greenpeace, that they worked to undermine Joe Biden’s plans to limit greenhouse emissions and other environmental measures in his infrastructure bill.

One of the lobbyists also admitted that Exxon “aggressively” fought against climate science and funded shadow groups to deny global heating.

Keith McCoy, a senior director in Exxon’s Washington government affairs team, was recorded on video in May saying that the company backs a carbon tax “as an easy talking point” and an “advocacy tool” because “there is not an appetite for a carbon tax” and that Republican legislators who oppose taxes in principle will never let it happen

“Nobody is going to propose a tax on all Americans, and the cynical side of me says, yeah, we kind of know that – but it gives us a talking point that we can say, well, what is ExxonMobil for? Well, we’re for a carbon tax,” he said.

Later, McCoy reiterates the point: “Carbon tax is not going to happen.”

The oil conglomerates and closely allied trade organizations, such as the American Petroleum Institute, finally declared their support for a carbon tax after years of resisting what many environmentalists regard as a key measure to reduce damaging fossil fuel emissions. But the lack of specifics over a cost and a timeframe immediately raised questions about the seriousness of the commitment.

Greenpeace said that Unearthed reporters posed as recruitment consultants looking to hire a Washington lobbyist for a major client and approached McCoy and Exxon’s former White House lobbyist, Dan Easley, who left the company at the end of the Trump administration.

In a meeting over Zoom, McCoy admitted that Exxon funded “shadow groups” that worked to misrepresent and deny climate science in order to sow doubt and stall regulation.

“Did we aggressively fight against some of the science? Yes,” he said. “Did we join some of these shadow groups to work against some of the early efforts? Yes that’s true. But there’s nothing illegal about that. We were looking out for our investments, we were looking out for shareholders.”

But McCory denied that Exxon covered up evidence from its own scientists about global heating caused by burning fossil fuels even though the company’s role in misrepresenting the dangers is well documented.

“Did we hide science? Did we at some point figure out climate change and then decide to bury the evidence? No.”

Although Exxon is not so overtly denying climate science any more, McCoy acknowledged that it continues to work to undermine environmental regulations and policies to combat global heating. He called measures in Biden’s American Jobs Plan to cut greenhouse gas emissions “insane” and described how the company lobbies Congress against them and on other issues.

McCoy said the oil giant was particularly concerned that Biden’s infrastructure and environmental plans would be paid for by undoing Trump’s corporate tax cuts which Easley described as “probably worth billions to Exxon”.

McCoy said that Exxon sought to restrict the infrastructure bill to spending on “roads and bridges” because it would help limit tax increases but also remove environmental measures the company opposed.

“If you lower that threshold, you stick to highways and bridges, then a lot of the negative stuff starts to come out,” he said. “Why would you put in something on emissions reductions on climate change to oil refineries in a highway bill? So people say, yeah, that doesn’t make any sense … that shouldn’t be in this bill.”

Easley said that the oil and gas industry was also lobbying against other environmental measures such as “requirements for the federal government to purchase green energy and renewable technologies and retrofitting federal buildings” that a future Republican administration would not be able to reverse.

“It’s gonna accelerate the transition to the extent that I think four years from now it’s going to be difficult to unwind that,” he said.

McCoy acknowledged that at the same time that Exxon was pushing to maintain tax cuts, it was also seeking government funding to get a carbon capture programme off the ground.

“So it’s a delicate balance. We’re asking for help with taxes over here and we’re saying don’t increase our taxes over here,” he said.

The lobbyist said that among the politicians he targeted was the Democratic senator Joe Manchin whose support is central to Biden getting the infrastructure bill and climate legislation through Congress.

“Joe Manchin … I talk to his office every week. He is the kingmaker on this, because he’s a Democrat from West Virginia, which is a very conservative state, and he’s not shy about sort of staking his claim early and completely changing the debate,” he said.

McCoy ticked off the names of other Democratic senators he was working on, including Chris Coons from Delaware, the president’s home state, because he “has a very close relationship with Senator [sic] Biden”.

“As a matter of fact, our CEO is talking to him next Tuesday and having those conversations and just teeing it up and then that way I can start working with his staff to let them know where we are on some of these issues.”

The lobbyist described some Republican senators as “a captive audience” because they are reliant on industry backing.

“The Republicans, we have the great relationship with the senators, where we have assets,” he said.

McCoy said that meetings with senators might ostensibly be about a global issue, such as Russia or the Middle East, but the conversations are used to ensure backing on issues of concern to Exxon such as taxes and environmental legislation.

“There are all these opportunities that you use, and to use the fishing analogy just to kind of reel them in,” he said.

Exxon’s chairman and CEO, Darren Woods, repudiated the lobbyists’ statements.

“Comments made by the individuals in no way represent the company’s position on a variety of issues, including climate policy and our firm commitment that carbon pricing is important to addressing climate change. The individuals interviewed were never involved in developing the company’s policy positions on the issues discussed,” he said in a written statement to the Guardian.

“We condemn the statements and are deeply apologetic for them, including comments regarding interactions with elected officials. They are entirely inconsistent with the way we expect our people to conduct themselves. We were shocked by these interviews and stand by our commitments to working on finding solutions to climate change.”

POT IS NOT A PERFORMANCE ENHANCER
Sha’Carri Richardson Was Suspended For A Positive Cannabis Test. Seriously?

© Provided by Refinery29 EUGENE, OREGON – JUNE 19: Sha’Carri Richardson raises her fist after winning the Women’s 100 Meter final on day 2 of the 2020 U.S. Olympic Track & Field Team Trials at Hayward Field on June 19, 2021 in Eugene, Oregon. (Photo by Patrick Smith/Getty Images)

Sha’Carri Richardson, a star sprinter who’d secured herself a spot on Team USA and was set to go to the Tokyo Olympics, may not be able to compete after a drug test for cannabis came back positive.


Last month at the Olympic Trials, Sha’Carri Richardson’s run was the talk of the internet. The 21-year-old ran the 100-meter dash in just 10.86 seconds. People said she “looked like a meteor” running down the track, thanks in part to her fire-orange hair. She later told media outlets that her girlfriend helped choose the color “to show the world I’m a force to be reckoned with.”

On Friday morning, the United States Anti-Doping Agency announced that Richardson had tested positive for cannabis, and had accepted a one-month suspension. Weed is legal in Oregon, where Richardson was competing at the time, but it’s banned for Olympic athletes.

During an interview with The Today Show’s Savannah Guthrie, Richardson said she’d used the substance after finding out about the unexpected death of her biological mother during the Olympic trials in Oregon. The news was revealed to her by a reporter during an interview. “It sent me into a state of emotional panic,” she said. “I didn’t know how to control my emotions or deal with my emotions during that time.”

“To have to go in front of the world and put on a face and hide my pain… who am I to tell you how to cope when you’re dealing with a pain or you’re dealing with a struggle that you’ve never experienced before,” she said.

She started the interview by saying, “I take responsibility for my actions. I know what I did, I know what I’m supposed to do and I’m allowed not to do, and I still made that decision. I’m not looking for an excuse… I apologize.”

A day before her positive test was announced, she had tweeted, “I am human.”

The U.S. Anti-Doping Agency noted that Richardson’s one-month suspension began June 28. The Olympic Games start on July 23 this year, but the suspension may be over in time for Richardson to run the 4×100 meter relay, which takes place in the latter half of the Games, if she’s still put on Team USA. It seems unlikely, however, that Richardson will be able to compete in the individual 100-meter race in Tokyo; a New York Times report said U.S.A. Track & Field had contacted other women who’d competed in the 100-meter race at the trials to let them know they’d moved up a spot in the standings.

USATF called the situation “incredibly unfortunate and devastating for everyone involved.” Read their full statement here:

Folks on Twitter were quick to come to Richardson’s defense, noting that weed is very different than steroids and doping. Many drew comparisons between her case and Michael Phelps’s. In 2009, a photograph of the decorated swimmer surfaced that showed him inhaling from a weed pipe, and he was disciplined. He never tested positive for the substance, but he did lose sponsorship deals and was suspended from U.S.A. Swimming for three months with pulled financial support, Newsweek reports.



“Cannabis prohibition is a human rights issue that we need to address,” says Dasheeda Dawson, a molecular biologist and Cannabis Program Supervisor for the City of Portland, OR. “Cannabis prohibition destroyed communities for decades and has caused countless athletes to lose promising careers simply because we choose to accept the lies perpetuated by the War on Drugs. In the state of Oregon, where the trials are taking place, cannabis is legal for both medical and adult-use. And, as the wave of legalization hits globally and billions of dollars generated from conscious cannabis consumption, I wonder what the US Olympic Committee will say to all of the world-class athletes, like Sha’Carri, that [are] harmed out of sheer ignorance. Hopefully, it’s more than just a paltry apology.”

Dawson adds that the ban on weed in the sport may be tied to officials “lacking cannabis competency and true understanding about the science of cannabis,” adding that cannabis is often used medicinally for joint and muscle recovery after training.

All eyes will be on USATF and Richardson as the decision is made as to whether she’ll be able to make the relay race. In the meantime, we hope the world will treat Richardson with some compassion after her loss.

Molly Longman 


Canadian snowboarder Ross Rebagliati, 26, won the men's giant slalom on February 8 in the Olympic Winter Games in Nagano, Japan. After Rebagliati tested positive for marijuana -- 17.8 nanograms of metabolite per milliliter -- the International Olympic Committee (IOC) stripped him of his gold medal on February 10.




Richardson will miss Olympic 100 after marijuana test

By EDDIE PELLS and PAT GRAHAM

In this June 19, 2021 photo, Sha'Carri Richardson celebrates after winning the first heat of the semis finals in women's 100-meter runat the U.S. Olympic Track and Field Trials in Eugene, Ore. Richardson cannot run in the Olympic 100-meter race after testing positive for a chemical found in marijuana. Richardson, who won the 100 at Olympic trials in 10.86 seconds on June 19, told of her ban Friday, July 2 on the “Today Show.”(AP Photo/Ashley Landis)


American champion Sha’Carri Richardson cannot run in the Olympic 100-meter race after testing positive for a chemical found in marijuana.

Richardson, who won the 100 at Olympic trials in 10.86 seconds on June 19, spoke of her ban Friday on the “Today” show. She tested positive at the Olympic trials and so her result is erased. Fourth-place finisher Jenna Prandini is expected to get Richardson’s spot in the 100.

Richardson accepted a 30-day suspension that ends July 27, which would be in time to run in the women’s relays. USA Track and Field has not disclosed plans for the relay.

The 21-year-old sprinter was expected to face Jamaica’s Shelly-Ann Fraser-Pryce in one of the most highly anticipated races of the Olympic track meet.

On Thursday, as reports swirled about her possible marijuana use, Richardson put out a tweet that said, simply: “I am human.” On Friday, she went on TV and said she smoked marijuana as a way of coping with her mother’s recent death.

“I was definitely triggered and blinded by emotions, blinded by badness, and hurting, and hiding hurt,” she told NBC. “I know I can’t hide myself, so in some type of way, I was trying to hide my pain.”

Richardson had what could have been a three-month sanction reduced to one month because she participated in a counseling program.

After the London Olympics, international regulators relaxed the threshold for what constitutes a positive test for marijuana from 15 nanograms per milliliter to 150 ng/m. They explained the new threshold was an attempt to ensure that in-competition use is detected and not use during the days and weeks before competition.

Though there have been wide-ranging debates about whether marijuana should be considered a performance-enhancing drug, the U.S. Anti-Doping Agency makes clear on its website that “all synthetic and naturally occurring cannabinoids are prohibited in-competition, except for cannabidiol (CBD),” a byproduct that is being explored for possible medical benefits.

While not weighing in on her prospects for the relays, USATF issued a statement that said her “situation is incredibly unfortunate and devastating for everyone involved.” The U.S. Olympic and Paralympic Committee said it was “working with USATF to determine the appropriate next steps.”

Richardson said if she’s allowed to run in the relay, “I’m grateful, but if not, I’m just going to focus on myself.”

Her case is the latest in a number of doping-related embarrassments for U.S. track team. Among those banned for the Olympics are the reigning world champion at 100 meters, Christian Coleman, who is serving a suspension for missing tests, and the American record holder at 1,500 and 5,000 meters, Shelby Houlihan, who tested positive for a performance enhancer she blamed on tainted meat in a burrito. Also on Friday, defending Olympic 100-meter hurdles champion Brianna McNeal had a five-year ban for tampering or attempted tampering with the doping-control process upheld by the Court of Arbitration for Sport.

Now, Richardson is out as well, denying the Olympics of a much-hyped race and an electric personality. She ran at the trials with flowing orange hair and long fingernails.

“To put on a face and go out in front of the world and hide my pain, who am I to tell you how to cope when you’re dealing with pain and struggles you’ve never had to experience before?” Richardson said.

___

More AP Olympics coverage: https://apnews.com/hub/2020-tokyo-olympics


US track star Sha’Carri Richardson gets one month suspension for positive marijuana test

BY JORDAN ROBLEDO
GAYTIMES



US track and field star and Olympic qualifier Sha’Carri Richardson has been disqualified from the upcoming games.

The news comes after Richardson failed a drug test – which found marijuana in her system.

During an interview on the Today show, the 21-year-old apologized for her actions and opened up about the recent death of her mother.

“I want to take responsibility for my actions. I know what I did,” she said. “I know what I’m supposed to do, [what] I’m allowed not to do and I still made that decision, but not making an excuse or looking for empathy in my case.”

Due to her test result, she is now on a one-month suspension.

Richardson goes on to explain the events leading up to her marijuana use and revealed that she found out her mother died by a reporter.

“I had an interview scheduled with my agent… I was just thinking ‘Oh it’s going to be a normal interview,'” she explained.

“But then on the interview to hear that information come from a complete stranger it was definitely nerve shocking. It’s just like how are you to tell me that?

“No offence to him at all, he was just doing his job but it definitely sent me into a state of mind and in a state of emotional panic.”


A few days after finding out her mother died, Richardson went on to qualify for the Olympics with her record-breaking win in the women’s 100-meter dash.

Before the news hit headlines on Friday (2 July), the young athlete seemingly referred to the situation in a cryptic tweet on 1 July, stating: “I am human.”

In the interview, Richardson referred to the tweet to reiterate that she’s human and makes mistakes.

“Like I tweeted yesterday, I’m human. We are human, I want to be as transparent as possible with you guys whether it’s good, whether it’s bad,” she said.

The Chief executive officer of the US Anti Doping Agency, Travis T Tygart, opened up about the news in a statement.

“The rules are clear, but this is heartbreaking on many levels; hopefully, her acceptance of responsibility and apology will be an important example to us all that we can successfully overcome our regrettable decisions,” he said.

The USADA organization also revealed that Richardson’s wins and record-breaking results have been disqualified and any prizes, medals and points have been forfeited.

Since the news fans, athletes and celebrities have spoken out against the decision to disqualify the young talent.

Athletic brand Nike and sponsor for Richardson released a statement sticking by the Olympic hopeful.

“We appreciate Sha’Carri’s honest and accountability and will continue to support her through this time,” they said.

Gabrielle Union took to Twitter and wrote: “Weed is great for many a thing but running faster isn’t one of them. LET HER RUN!!!”

Basketball star Dwayne Wade also showed support for the Richardson, stating: “Majority of y’all rule-makers smoke and probably are investors in THC companies. Let’s stop playing these games.”

LONG WAY TO GO TO GET WOKE ON THIS

Biden praises Olympic sprinter’s response to weed suspension — but ‘rules are rules’


By Mary Kay Linge
NY POST
July 3, 2021 || Updated

President Joe Biden applauded Sha'Carri Richardson's response to her marijuana suspension from the Olympic team.REUTERS/Kevin Lamarque


NBA star speaks out in support of suspended Sha’Carri Richardson

‘Let Sha’Carri Run!’: Fans petition for sprinter to rejoin Olympic team

AOC blasts IOC for suspending Olympian over marijuana test

Olympian’s weed suspension leads to Michael Phelps comparison

President Joe Biden said Saturday he is “proud” of sprinter Sha’Carri Richardson — but doesn’t think she should be reinstated to the US Olympic track team after being bounced for pot use.

“Well, the rules are the rules,” Biden told reporters Saturday as he shopped at a farm stand in Central Lake, Mich. “But I was really proud of the way she responded.”

Richardson, 21, won the 100-meter dash in 10.86 seconds at the U.S. Olympic trials on June 19 — but later tested positive for THC, the chemical in marijuana.

The test results meant a 30-day suspension from competition. Weed is considered a banned substance by the World Anti-Doping Agency (WADA) and USA Track and Field.

“I want to take responsibility for my actions,” Richardson told NBC News Friday. “I’m not looking for an excuse.”Sha’Carri Richardson’s suspension for marijuana use ignited protests from professional athletes such as NFL quarterback Patrick Mahomes and NBA point guard Damian Lillard.Getty ImagesPresident Joe Biden insists “the rules are the rules,” in response to sprinter Sha’Carri Richardson’s suspension for drug use.Bloomberg via Getty Images

Biden’s reaction to Richardson’s punishment puts him at odds with many of his fellow Democrats — including far left Rep. Alexandria Ocasio-Cortez (D-NY), who blasted the International Olympic Committee’s anti-weed stance as “an instrument of racist and colonial policy” and demanded Richardson’s return to the team.

Biden’s comment came one day after Republican Rep. Matt Gaetz of Florida attacked the president for his silence on the Richardson matter.Sha’Carri Richardson dominated the women’s 100 meter race at the US Olympic team trials at Hayward Field in Eugene, Oregon on June 19, 2021.Andy Lyons/Getty ImagesSha’Carri Richardson has acknowledged the consequences for using marijuana.Patrick Smith/Getty Images

“The press who love to bathe in the intersectionality of race-gender-sports should ask @JoeBiden if he believes Sha’carri Richardson should be barred from representing America for using a drug legal in most states that doesn’t impact performance,” Gaetz tweeted Friday.

“I sure as hell don’t.”

#ECOCIDE

Mexico, state-owned oil company slammed after gas leak causes subaquatic fireball in Gulf

Greenpeace Mexico says incident illustrates dangers of country's fossil fuels policy

The Pemex logo is seen at a gas station in Mexico City in 2015. A gas leak at an underwater pipeline operated by the state-owned company unleashed a subaquatic fireball that appeared to boil the waters of the Gulf of Mexico on Friday. (Edgard Garrido/Reuters)

Environmentalists criticized Mexico's state-owned oil company Saturday after a gas leak at an underwater pipeline unleashed a subaquatic fireball that appeared to boil the waters of the Gulf of Mexico.

Greenpeace Mexico said the accident Friday appeared to have been caused by the failure of an underwater valve and that it illustrates the dangers of Mexico's policy of promoting fossil fuels.

President Andres Manuel Lopez Obrador has bet heavily on drilling more wells and buying or building oil refineries. He touts oil as "the best business in the world."

Greenpeace wrote in a statement that the fire, which took five hours to extinguish, "demonstrates the serious risks that Mexico's fossil fuel model poses for the environment and people's safety."

Climate activist Greta Thunberg reposted a video clip of the massive fireball on her Twitter account.

"Meanwhile the people in power call themselves 'climate leaders' as they open up new oilfields, pipelines and coal power plants - granting new oil licenses exploring future oil drilling sites," Thunberg wrote. "This is the world they are leaving for us."

Mexico's state-owned oil company said Friday that an undersea gas pipeline ruptured near a drilling platform in the Gulf.

Petroleos Mexicanos dispatched fire control boats to pump more water over the flames. Pemex, as the company is known, said nobody was injured in the incident in the offshore Ku-Maloob-Zaap field.

The leak near dawn Friday occurred about 137 metres from a drilling platform. The company said it had brought the gas leak under control about five hours later.

It was unclear how much environmental damage the gas leak and oceanic fireball had caused.

She's got a point. Expensive compared to what? This?


Russia-based hackers breach more than 1,000 businesses

Erin Doherty, Jacob Knutson, Gigi Sukin


Illustration: Aïda Amer/Axios

A Russia-based hacking group known as REvil has compromised the computer systems of at least 1,000 businesses by targeting managed service providers, according to to the cybersecurity firm Huntress Labs Inc.

Why it matters: It's a large-scale ransomware campaign — the full scope of which is not yet known — and comes on the heels of several other high-profile ransomware attacks this year.

Of note via Bloomberg: "Such attacks can have a multiplying effect, since the hackers may then gain access and infiltrate the MSPs’ customers too."
The affected MSPs, platforms that provide IT management and other core network functions for businesses, and companies have not yet been named.

The latest: President Biden said Saturday that the U.S. government is still not certain who is behind the hack, according to Reuters.
"The initial thinking was it was not the Russian government but we're not sure yet," Biden said. Biden said he directed U.S. intelligences agencies to investigate.
Victims have emerged in 11 countries so far, per cybersecurity firm ESET.
Grocery chain Coop’s 800+ stores in Sweden couldn’t open Saturday after the hack led cash registers to malfunction, spokesperson Therese Knapp told Bloomberg.

What they're saying: John Hammond, a cybersecurity researcher at Huntress Labs, said more than 20 MSPs have been impacted. He noted the criminals targeted software supplier Kaseya, using its network-management package to spread the ransomware.
“What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” Hammond said. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”

Cybersecurity researcher Jake Williams, president of Rendition Infosec, told AP it's no accident that this happened before a holiday weekend, when IT staffing is generally thin.
Hackers frequently infiltrate widely used software, then spread malware as the software automatically updates.

The privately held Kaseya is based in Dublin, with a U.S. headquarters in Miami. The Miami Herald reported Kaseya's plans to hire as many as 500 workers by 2022 to staff a recently acquired cybersecurity platform.

The big picture: The breach comes after a summit between President Biden and Russian President Vladimir Putin, during which Biden threatened to use the U.S.' "significant" cyber capabilities to respond if critical infrastructure entities are targeted by Russian hackers.
FBI Director Christopher Wray told Congress in June that cyber threats against U.S. businesses are increasing "almost exponentially."

Go deeper: FBI: Russia-linked REvil behind ransomware attack on meatpacker JBS

Editor's note: This story will be updated as new information is released.

Cyber attack on US businesses through Kaseya software to be investigated for Russia links

Mr Biden has ordered an investigation into the cyber attack.(Reuters: Carlos Barria)


A cyber attack that immobilised US businesses ahead of the nation's July 4 holiday weekend will be investigated for links to Russia.

Key points:

US President Joe Biden says authorities are "not sure" whether Russia is behind the attack

Scores of businesses were affected by the attack, but estimates of how many vary

Cyber security experts say the attack is one of the largest of its kind


Security firm Huntress Labs suspects the so-called supply chain attack was carried out by a Russian gang called REvil, which has also been blamed for last month's attack on global meat packer JBS.

US President Joe Biden said authorities were "not certain" who was behind the attack, which experts say is one of the largest of its kind.

"The initial thinking was it was not the Russian government but we're not sure yet," he said.

Mr Biden said he had directed US intelligence agencies to investigate, and the United States would respond if it determined Russia was to blame.
Cybersecurity was a topic of discussion when Mr Biden met
 Russian leader Vladimir Putin last month.(AP: Patrick Semansky)

The hackers who struck on Friday US time hijacked widely used technology management software from a supplier called Kaseya.

They changed a Kaseya tool used by companies that manage technology at smaller businesses. They then encrypted the files of those providers' customers.

Kaseya said on its own website on Friday that it was investigating a "potential attack".

It also said it had limited the attack to "a very small percentage of our customers … currently estimated at fewer than 40 worldwide".

But Huntress Labs said it was working with partners targeted in the attack, and the software was manipulated "to encrypt more than 1,000 companies".

"This is a colossal and devastating supply-chain attack," John Hammond from Huntress said.

Gerome Billois, a cybersecurity expert with Wavestone consultancy, said ransomware attacks typically only affected one business at a time.

"In this case, they attacked a company that provides software for managing data systems, allowing them to simultaneously target several dozen — possibly even hundreds — of companies," he said.

Supply chain attacks have crept to the top of the cybersecurity agenda in the wake of the United States accusing hackers of operating at the Russian government's direction and tampering with a network-monitoring tool built by Texas software firm SolarWinds.

While the attack appeared directed at the US, Swedish supermarket chain Coop revealed it had to close more than half of its stores due to outages linked to the attack.

The company said it lost control of its checkouts after a subcontractor was hacked.

ABC/wires


IT management biz Kaseya pwned by miscreants to infect businesses with ransomware

Plus: Cops seize 3D printers 'used to print guns', and more bits and bytes
Sat 3 Jul 2021 

IN BRIEF In what's looking like a nasty supply-chain attack, IT systems management biz Kaseya was compromised by miscreants, which then used its VSA product to infect its own customers and then their customers with ransomware.

At least 200 businesses were hit, according to infosec biz Huntress. Kaseya meanwhile initially estimated 40 worldwide were infected. It also told its clients to switch off their VSA data management and remote monitoring services immediately.

"We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 1400 EDT today," it said in a Friday advisory.

"We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us. Its (sic) critical that you do this immediately, because one of the first things the attacker does is shut off administrative access to the VSA."

It appears that attackers got onto Kaseya's servers and included a copy of the REvil ransomware in a software update for customers that went out on Friday. It has also taken offline its software-as-a-service platform as a precaution.

"We have been advised by our outside experts that customers who experienced ransomware and receive a communication from the attackers should not click on any links – they may be weaponized," Kaseya's advisory added.

The Florida-based company told The Register it was working with the FBI. It's reported that among the victims is Sweden's grocery store chain Coop, a customer of one of Kaseya's customers, causing 500 stores to remain closed.
The Linkedin breach that wasn't

Earlier this week there were some reports that someone had put 700 million Linkedin records up for sale on the dark web. Rather than intrusion, LinkedIn said, someone who had scraped publicly available information, combined it with other available data, and was trying to make a buck or ten out of it.

"We want to be clear that this is not a data breach and no private LinkedIn member data was exposed," Linkedin said. "Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update."

Scraping is a serious problem for Linkedin, one it has taken to the US Supreme Court over.
Western Digital devices caught in crossfire?

Last week, users of Western Digital's My Book Live found they had lost a lot of data after devices were remotely wiped via a security vulnerability.

At the time, the manufacturer said this was due to a malware attack. Having looked at the IP addresses and network traffic involved, security shop Censys suggested it looked likely that one criminal infected My Book kit and then a separate individual initiated the factory reset command, suggesting someone could be trying to take out a rival.

Western Digital, however, disagrees. "Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP," it said. "The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was later exploited to reset the device."

In the meantime the firm is offering data recovery services to affected folks and promising My Book Live customers a trade-in service for My Cloud accounts.
Google tidies up Nest security

Google has announced that it's beefing up the security of devices in its smart home biz Nest, and made a five-year commitment to support existing products. This comes after it discontinued its Nest Secure home security system.

The Chocolate Factory said all devices sold since 2019 will adhere to the standards of the Internet of Secure Things Alliance (ioXt) on patching and security. In addition Google will publish the ioXt validation results for all of its kit so buyers can make an informed choice.

"A helpful home is a safe home, and Nest’s new safety center is part of making sure Nest products help take care of the people in your life and the world around you," Google said in a blog post.

US police seize 3D printers over gun charges

An unusual case of physical security came up this week after the Pennsylvania police took custody of two 3D printers that allegedly were used to manufacture parts for so-called ghost guns – unregulated firearms American cops and prosecutors aren't too keen on.

“Kenneth Wilson was caught manufacturing untrackable and untraceable firearms out of his home. Once assembled, these fully functional firearms often become a tool for senseless violence,” said the state's Attorney General Josh Shapiro.

“Ghost guns are quickly becoming the weapon of choice for criminals that take the lives of too many Pennsylvanians. My office is working overtime to target these gun traffickers and get illegal guns off our streets.”

In addition to the 3D printers, police also said they seized three ghost gun frames, three firearms, a small amount of methamphetamine, $1,140 in cash, and drug packaging equipment from the suspect's house. ®


REvil ransomware hits 1,000+ companies in MSP supply-chain attack


By Lawrence Abrams
July 2, 2021



A massive REvil ransomware attack affects multiple managed service providers and over a thousand of their customers through a reported Kaseya supply-chain attack.

Starting this afternoon, the REvil ransomware gang, aka Sodinokibi, targeted MSPs with thousands of customers, through what appears to be a Kaseya VSA supply-chain attack.

At this time, there eight known large MSPs that have been hit as part of this supply-chain attack.



Kaseya VSA is a cloud-based MSP platform that allows providers to perform patch management and client monitoring for their customers.

Huntress Labs' John Hammond has told BleepingComputer that all of the affected MSPs are using Kaseya VSA and that they have proof that their customers are being encrypted as well.


"We are tracking 20 MSPs where Kaseya VSA was used to encrypt over 1,000 business and are working in close collaboration with six of them," Hammond shared in blog post about the attack.

Kaseya issued a security advisory on their help desk site, warning all VSA customers to immediately shut down their VSA server to prevent the attack's spread while investigating.


"We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only as of 2:00 PM EDT today.

We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us.

Its critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA."

In a statement to BleepingComputer, Kaseya stated that they have shut down their SaaS servers and are working with other security firms to investigate the incident.

Most large-scale ransomware attacks are conducted late at night over the weekend when there is less staff to monitor the network.

As this attack happened midday on a Friday, the threat actors likely planned the time to coincide with the July 4th weekend in the USA, where it is common for staff to have a shorter workday before the holidays.

If you have first-hand information about this attack or information about affected companies, we would love to hear about it. You can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.
REvil attack spread through auto-update


BleepingComputer has been told by both Huntress' John Hammond and Sophos' Mark Loman that the attacks on MSPs appear to be a supply chain attack through Kaseya VSA.

According to Hammond, Kaseya VSA will drop an agent.crt file to the c:\kworking folder, which is being distributed as an update called 'Kaseya VSA Agent Hot-fix.'

A PowerShell command is then launched that first disables various Microsoft Defender security features, such as real-time monitoring, Controlled Folder Access, script scanning, and network protection.

It will then decode the agent.crt file using the legitimate Windows certutil.exe command to extract an agent.exe file to the same folder, which is then launched to begin the encryption process.

PowerShell command to execute the REvil ransomware
Source: Reddit

The agent.exe is signed using a certificate from "PB03 TRANSPORT LTD" and includes an embedded 'MsMpEng.exe' and 'mpsvc.dll,' with the DLL being the REvil encryptor. When extracted, the 'MsMpEng.exe' and 'mpsvc.dll' are placed in the C:\Windows folder.

Signed agent.exe file

The MsMPEng.exe is an older version of the legitimate Microsoft Defender executable used as a LOLBin to launch the DLL and encrypt the device through a trusted executable.

The agent.exe extracting and launching embedded resources

Some of the samples add politically charged Windows Registry keys and configurations changes to infected computers.

For example, a sample [VirusTotal] installed by BleepingComputer adds the HKLM\SOFTWARE\Wow6432Node\BlackLivesMatter key to store configuration information from the attack.

Advanced Intel's Vitali Kremez told BleepingComputer that another sample configures the device to launch REvil Safe Mode with a default password of 'DTrump4ever.'

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"
"DefaultUserName"="[account_name]"
"DefaultPassword"="DTrump4ever"

Kaseya CEO Fred Voccola told BleepingComputer in an email late Friday night that a vulnerability in Kaseya VSA was used during the attack and that a patch will be released as soon as possibly.

"While our investigation is ongoing, to date we believe that:

Our SaaS customers were never at-risk. We expect to restore service to those customers once we have confirmed that they are not at risk, which we expect will be within the next 24 hours;

Only a very small percentage of our customers were affected – currently estimated at fewer than 40 worldwide.

We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it for our on-premises customers that will be tested thoroughly. We will release that patch as quickly as possible to get our customers back up and running." - Kaseya.

BleepingComputer has sent followup questions regarding the vulnerability and was told a comprehensive update would be released Saturday afternoon.

Huntress continues to provide more info about the attack in a Reddit thread and we have added IOCs to the bottom of this article.
Ransomware gang demands a $5 million ransom

A sample of the REvil ransomware used in one of these attacks has been shared with BleepingComputer. However, it is unknown if this is the sample used for every victim or if each MSP received its own ransom demand.

The ransomware gang is demanding a $5,000,000 ransom to receive a decryptor from one of the samples.


Ransom demand

According to Emsisoft CTO Fabian Wosar, MSP customers who were affected by the attack received a much smaller $44,999 ransom demand.

While REvil is known to steal data before deploying the ransomware and encrypting devices, it is unknown if the attackers exfiltrated any files.

MSPs are a high-value target for ransomware gangs as they offer an easy channel to infecting many companies through a single breach, yet the attacks require intimate knowledge about MSPs and the software they use.

REvil has an affiliate well versed in the technology used by MSPs as they have a long history of targeting these companies and the software commonly used by them.

In June 2019, an REvil affiliate targeted MSPs via Remote Desktop and then used their management software to push ransomware installers to all of the endpoints that they manage.

This affiliate is believed to have previously worked with GandCrab, who also successfully conducted attacks against MSPs in January 2019.

This is a developing story and will continue to be updated.

Update 7/1/21 10:30 PM EST: Added updated statement about vulnerability.
Update 7/3/21 5:37 PM EST: Updated title and added information on how over 1,000 businesses have been affected this attack.