In addition to obstruction of justice, prosecutors charged Sullivan with failing to share knowledge of a felony. In total, he faces up to eight years in prison if convicted of both charges. 

“We expect good corporate citizenship,” said US Attorney David L. Anderson. “We expect prompt reporting of criminal conduct. We expect cooperation with our investigations. We will not tolerate corporate cover-ups. We will not tolerate illegal hush-money payments.” 

Bradford Williams, Sullivan’s attorney, told The New York Times there’s “no merit” to the charges. “If not for Mr. Sullivan’s and his team’s efforts, it’s likely that the individuals responsible for this incident never would have been identified at all,” he said. Williams added that Sullivan and his team worked closely with other Uber employees and followed the company’s policies.

Meanwhile, a spokesperson for Uber told The New York Times it continues to cooperate with the Justice Department’s investigation into the 2016 hack. “Our decision in 2017 to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability,” they said.

Sullivan may become the second former Uber employee to end up behind bars. At the start of August, Anthony Levandowski, the engineer at the center of the trade secret legal battle between Waymo and Uber, was sentenced to 18 months in prison. 

It hasn’t been revealed who was behind the attack nor to whom a ransom (if any) was paid. Some security researchers believe the WastedLocker ransomware (said to be the cause of the outage) is linked to a Russia-based group of cybercriminals known as Evil Corp. The US Treasury sanctioned that organization last year, accusing it of being responsible for developing and distributing another form of malware called Dridex. The sanction “generally prohibited” US persons from “engaging in transactions” with specific companies and people linked to Evil Corp.

Arete Incident Response, which helps companies secure their networks and resolve attacks, recently suggested that WastedLocker was not conclusively the work of Evil Corp. It published a study on that topic the day after Garmin said it was attacked. Arete told Sky News it “follows all recommended and required screenings to ensure compliance with US trade sanctions laws.”

Garmin is finally giving its users more information about the system outage the company has been dealing with since the morning of July 23rd. The company has just confirmed earlier reports that it was the victim of an external cyber attack that encrypted some of the company’s systems. This attack led to disruption to a host of Garmin’s systems, including “website functions, customer support, customer facing applications and company communications.” Crucially, Garmin says it has “no evidence” that any customer data, including payment information stored in Garmin Pay, was accessed by the perpetrators.

While things have slowly been coming back online, Garmin confirmed it’ll still be a few days before everything is back to normal. The company also stressed that it’ll likely take a bit of time for everything to sync back up fully once those online services are working again. Finally, Garmin said the functionality of its products were not affected aside from these online components — but given how crucial such connectivity is for wearable devices, that’s likely little comfort to users who’ve been running into problems for days now.

According to Verogen, the company that recently purchased GEDmatch, no user data was downloaded or compromised. But two days later, the genealogy website MyHeritage alerted users to a phishing scheme that targeted people who used both MyHeritage and GEDmatch. In a statement posted online, the company said it suspects the attackers may have gleaned the email addresses from GEDmatch.

Verogen has taken GEDmatch down. The company says it is working with a cybersecurity firm to conduct a forensic review and safeguard the site. That may not be enough to recover users’ trust.

Some already see giving law enforcement access to DNA profiles as controversial. As BuzzFeed News reports, this incident could limit those on both sides of the debate. If GEDmatch can’t keep data safe, users may be less likely to create DNA profiles, which could make it harder for police to use the site to solve cold cases. On the other hand, if GEDmatch can’t limit police access, users who may have made a profile on the condition it wouldn’t be used by law enforcement may not create a profile at all. That means less data for genealogists to work with.

The 2018 US attack on Russia was reportedly meant to disrupt efforts to cast doubt on the legitimacy of midterm results, which saw the Democrats regain control of the House of Representatives.

The confirmation is a change of tune for Trump. He previously claimed that Russia had stopped cyberattacks agains the US and has supported Russian President Vladimir Putin’s denials of interference in the 2016 election despite evidence. Here, Trump is directly confirming at least one Russian interference attempt.

It’s not certain how Russia will respond to Trump’s statement, although history suggests it’s unlikely to acknowledge the IRA’s activities. As it stands, American intelligence agencies and internet giants have shifted much of their attention to potential Russian actions during the 2020 election — those officials and companies will want to know if Trump’s statement will lead to a similar crackdown.

Honda was forced to suspend global production for a day due to a cyberattack that infiltrated the company’s internal servers in Tokyo, Financial Times reports. Honda detected the virus on Monday and was forced to send some employees home for the day as the attack impacted email and other systems in plants around the world.

According to FT, production at all US plants was halted on Monday. While most work has resumed, car plants in Ohio and Turkey and motorcycle factories in Brazil and India reportedly remain closed. At this point, it does not appear that any customer or employee info was exposed. The attack may have also impacted a car inspection system.

The exchange contracts development out to third-party teams, and a WSJ contact said it’s concerned about the security of that software chain. There’s a risk that the inadvertent spread of malware or rogue contractors could pose problems.

An exchange spokesperson maintained that the outage was due to a “technical software configuration issue” after an upgrade, and that the organization had “thoroughly investigated” the cause. However, it’s clear that GCHQ isn’t willing to take any chances. Intelligence agencies worldwide are worried about hacks targeting critical infrastructure, and malicious intent discovered here could be a sign of a greater threat.

Officials are running many services on pen and paper until it’s deemed safe for computers to come back online, although the Orleans Parish Communication District (which handles both 311 and 991 lines) and courts weren’t affected. The city added that emergency services’ communications were still active, and that it could still obtain footage from public safety cameras if there was an incident.

It’s unclear when computers will go back online, when the state of emergency will be lifted, or who the culprits were. City-scale ransomware attacks like those using SamSam have frequently been the work of extortionists hoping only for a windfall profit, although there are concerns hostile countries might use malware to bankroll programs. Louisiana’s government faced its own ransomware attack in November and had to shut its Office of Motor Vehicles for days, although the state got back online without caving in to the attackers’ demands.

The city credited its apparently successful response to preparedness. City CIO Kim LaGrue noted that the resilience to phishing likely came as a result of security training that started in the fall. Homeland Security director Collin Arnold added that New Orleans’ unfortunate experience with natural disasters like Hurricane Katrina also meant it was ready to operate offline. In that sense, the cyberattack may serve as an example of how to deal with major security incidents.

The intruders “were not technically sophisticated,” Microsoft said, but they were determined. They conducted extensive research of personal info to identify accounts and potentially fool account recovery systems, sometimes obtaining phone numbers used for two-factor authentication. There were over 2,700 attempts to identify accounts over the roughly month-long stretch. Phosphorous frequently used spear phishing in hopes it might trick users into providing login details through fake web forms.

Microsoft said it had notified Phosphorous’ targets, and was helping compromised users secure their accounts. It also recommended that political figures use its AccountGuard program to get advanced monitoring and threat alerts.

Iran hasn’t acknowledged its involvement in the attacks. However, they wouldn’t be surprising in light of escalating tensions between the US and Iran that have included digital warfare. Iran has also been accused of conducting a Russia-like disinformation campaign meant to skew American politics ahead of the 2020 presidential election. If Iran is involved, this would mainly represent one of the most overt attacks to date.