US & World

AT&T Reports ‘No Cyberattack’ Amid Nationwide Cyberattack

U.S. State Department: $15 million reward for information.

Getting your Trinity Audio player ready...

A widespread cellular network outage disabling emergency communications — amid an ongoing cyberattack scrambling pharmaceutical systems nationwide — was not the result of a cyberattack, according to the largest wireless network in North America.

Last Thursday (February 22, 2024), thousands of AT&T customers reported cellphone outages beginning at about 3:30 a.m. EST, resulting in “total blackouts” across metropolises including Los Angeles, Houston, Dallas, Chicago, Detroit and New York.

By 9:06 a.m. EST, the company’s outages peaked at approximately 74,000 incidents, according to hotly contested data from Downdetector — a subsidiary of Seattle-based connectivity intelligence leader, Ookla.

“Some of our customers are experiencing wireless service interruptions this morning. We are working urgently to restore service to them,” said AT&T in a syndicated statement at 11:15 a.m. EST. “We encourage the use of Wi-Fi calling until service is restored.”

While working to restore connectivity across the United States, Cricket WirelessVerizonT-MobileConsumer CellularBoost Mobile and Straight Talk sustained 19,880 cellular outages, according to additional data from — wait for it — Downdetector. 

Despite its international reputation, the Ookla subsidiary was assailed by Verizon and T-Mobile for “reflecting challenges” unrelated to their networks — and thereafter reassured corporate media that telecommunication services were “fully operational” and functioning.

Within the afternoon, Ookla reported 1.7 million AT&T users with enigmatic cellular issues — coinciding with a ransomware attack perpetrated by the “second most prolific” ransomware-as-a-service (RaaS) variant in the world.

***

BLACK CAT, NINE LIVES …

BlackCat ransomware.
ALPHV/BlackCat reclaiming their website within hours of federal intervention on Dec. 19, 2023. (X)

Last Wednesday (February 21, 2024) — 13 hours before the AT&T outage — one of the nation’s largest healthcare technology companies, Change Healthcare, reported a “connectivity issue” later identified as a cataclysmic cyberattack supposedly perpetrated by ‘ALPHV/BlackCat.’

First observed in 2021, BlackCat has flagrantly compromised global organizations such as MonclerSwissportCity of Alexandria, Florida International University (FIU), MGM Resorts InternationalCaesars Entertainment and Motel One for a cumulative profit of $300 million.

Come 2023, the Federal Bureau of Investigation (FBI) seized BlackCat’s deep web server as part of “a coordinated law enforcement action” — only for the syndicate to reestablish control within hours and thereafter promise to “block” U.S. critical infrastructure.

The ransomware family’s latest attack on Change Healthcare — a subsidiary of healthcare conglomerate UnitedHealth Group — has since led to ongoing pharmaceutical disruptions within major retail pharmacies including CVS Health and Walgreens.

Support FITSNews … SUBSCRIBE!

***

In the immediate aftermath of last Thursday’s cellular outages, Change Healthcare notified shareholders of a “suspected nation-state” attack via the U.S. Securities and Exchange Commission (SEC) before confirming the crippling of more than 130 medical services.

“We are working on multiple approaches to restore the impacted environment,” the company said in their latest copy-and-paste statement. “We will continue to be proactive and aggressive with all our systems and if we suspect any issue with the system, we will immediately take action and disconnect.”

Of interest? Change Healthcare handles more than 15 billion healthcare transactions per year — with its “clinical connectivity solutions” touching one third of medical health records annually, according to a recent exposé from The HIPAA Journal.

The cyberattack has since attracted investigators from the U.S. Department of Health and Human Services (DHHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the FBI, according to a cybersecurity advisory from the American Hospital Association (AHA).

***

THE AT&T PARADOX …

AT&T outage.
Ookla reported 1.7 million AT&T users with cellular issues on February 22, 2024.

As AT&T customers were beginning to report network issues across the U.S., CISA accidentally leaked a memorandum to ABC at 5:00 a.m. EST, revealing “no indications of malicious activity” for “unknown” outages prohibiting point-to-point communication.

Within the afternoon, White House national security spokesperson John Kirby told reporters the Department of Homeland Security (DHS) — which CISA is a component of — the Federal Communications Commission (FCC) and the FBI were “looking into” the incident.

“We don’t have all the answers,” said Kirby on Thursday. “We’re going to work with the industry to see what we can find out, but right now, we’re being told AT&T has no reason to think that this was a cybersecurity incident. But again, I want to be careful.”

When asked if government communications were disrupted, Kirby downplayed confirmed impacts within the U.S. Department of Commerce (USDOC) and the First Responder Network Authority (FirstNet) — adding: “I don’t think it was crippling.”

Come 3:10 p.m. EST, approximately 12 hours after communications collapsed across the U.S., AT&T announced it had restored wireless services … despite approximately 1,000 customers remaining without communication until around 9:00 p.m., according to Downdetector.

“We sincerely apologize,” said the company in place of explanation for the outage. “Keeping our customers connected remains our top priority, and we are taking steps to ensure our customers do not experience this again in the future.”

On Saturday, AT&T — supported by agents from the FBI, FCC, DHS and CISA — told customers Thursday’s outage was triggered by the “application and execution of an incorrect process” while “expanding” their nationwide network … and that’s it.

The multinational conglomerate has since unveiled a ‘Making it Right’ campaign, in which impacted customers were told they could receive a whopping $5 credit — within 1-2 billing cycles — for the hindrances experienced last Thursday.

***

THE SOLAR FLARE HYPOTHESIS …

Solar flares.
Solar Flares captured during NASAs ongoing Solar Dynamics Observatory mission. (NASA/SDO)

Thursday’s digital chaos coincided with the eruption of two powerful “X-Class” solar flares from Active Region 3038 (AR3038) — a fast-growing sunspot purportedly under observation by NASA’s Solar Dynamics Observatory (SDO).

These flares are of historical interest considering the solar storms of 1972 detonated 4,000 U.S. naval mines near Vietnam while interrupting long-distance communication across North America — prompting AT&T (then American Telephone and Telegraph) to redesign its power system.

For a better understanding of the impact of last week’s solar flares, the author of this exposé reconnected with Ron Levin, Ph.D., an Engineering Fellow with RTX Corporation — formerly “Raytheon” — who agreed to being cited so long as FITSNews quoted him correctly.

“This is Solar Cycle 25,” said Levin within his home in El Segundo, California. “And when the sun’s magnetic field reverses every 11 years, there’s solar flares that can send charge-particles that hit the Van Allen Belt, bend the Earth’s magnetic field slightly and cause voltages to occur on power lines and copper phone lines.”

Son of late Spherix founder Gilbert Victor Levin, Ph.D., the licensed Ham radio operator noted that most wireless network providers — including AT&T — use fiber-optic communication due to its “immunity” to the aforementioned charge particles.

The doctor of physics furthermore noted that while the solar flares occurred between 6:07 p.m. EST on Wednesday and 1:32 a.m. on Thursday, the particles from coronal mass ejection (CME) “usually” take upwards of two days to reach the Earth … in the event they hit the Earth.

We furthermore discussed the synchronous “radio blackouts” reported over North Africa and Southwest Asia by the National Oceanic and Atmospheric Administration (NOAA) on Thursday — which Levin acknowledged as potentially symptomatic of charge-particle disruption.

“You cannot hack the ionosphere,” continued Levin. “If you lose radio contact, that happens in the upper atmosphere and its physical. So the fact that — on the other side of the world — all the cell phones went out may or may not mean anything … But it feels suspicious, right?”

***

ET ALIA …

***

While X-Class solar flares are among the most powerful and explosive events within our solar system, NASA reports an average of one X-Class flare every 1.2 months. NOAA has furthermore reported that Thursday’s outages were “unlikely” related to last week’s solar flares. 

As for BlackCat? The U.S. Department of State (USDOS) is offering a $10 million reward for information leading to the identification of “any individuals” affiliated with the ransomware variant. In addition, a $5 million reward is being offered for an arrest and/or conviction.

“FBI identified ALPHV/BlackCat actors as having compromised over 1,000 victim entities in the United States and elsewhere, including prominent government entities,” said USDOS upon announcing its $15 million reward … six days prior to last week’s cyberattack.

About that …

It took approximately 11 hours for federal agents to publicly confirm the existence of a cyberattack on Change Healthcare — while it took four federal departments three days to provide the public with an ambiguous explanation for the AT&T outage.

“There’s plenty of reasons why AT&T could have been sabotaged, and there’s plenty of reasons why nobody will admit it,” concluded Levin. “But there’s plenty of reasons why it could be something innocuous, too. At the end of the day, you and I will never know what actually happened on Thursday.”

PHOTO ILLUSTRATIONS BY ANDREW FANCHER

***

ABOUT THE AUTHOR …

Andrew Fancher (Travis Bell)

Andrew Fancher is a Lone Star Emmy award-winning journalist from Dallas, Texas. Cut from a bloodline of outlaws and lawmen alike, he was the first of his family to graduate college which was accomplished with honors. Got a story idea or news tip for Andy? Email him directly and connect with him socially across Twitter, Instagram and Facebook.

***

WANNA SOUND OFF?

Got something you’d like to say in response to one of our articles? Or an issue you’d like to address proactively? We have an open microphone policy! Submit your letter to the editor (or guest column) via email HERE. Got a tip for a story? CLICK HERE. Got a technical question or a glitch to report? CLICK HERE.

***

Get our newsletter by clicking here …

*****

Related posts

US & World

The October 7 Attack: One Year Later

Dylan Nolan
US & World

‘Appalachian Apocalypse’: Unprecedented Damage

Will Folks
US & World

The BioLab Fire In Georgia And Its Risk to Human Health

Callie Lyons

11 comments

Red Uprising February 28, 2024 at 8:18 am

Yep, and cigarettes don’t cause cancer, those women didn’t die from radium paint, and CO2 doesn’t cause global warming.

Truth is bad for profits, let’s just do away with it.

Reply
Putin’s Puppets February 28, 2024 at 11:45 am

Funny, in this Republican blog’s desperate attempt to make this act of internal incompetence into some sort of silly conspiracy , they never mention the Blackcat hacking group is a Russian org aligned with Putin’s government?

Also, for decades now, conspiracy websites have been trying to scare up “solar flares” destroying our electrical and communications infrastructure. Guess who runs those conspiracy sites? Russian groups.

So, Fits”News” is 2 for 2 on using Russian sources for the “cause” of the screwed up routine maintenance.

I hope being an unending useful idiot pays well, at least.

Reply
Avatar photo
Andrew Fancher Author February 28, 2024 at 1:28 pm

The data embedded in this report came from U.S. publications, U.S. government entities and U.S. connectivity networks … not Russia. Ron Levin is a Johns Hopkins University graduate working for the second largest defense manufacturer in the United States … not Russia. His father served for the U.S. Merchant Marines in WWII before becoming a principal investigator for NASA during the Space Race… against Russia.

Thanks!
andy@fitsnews.com

Reply
Putin’s Puppets February 29, 2024 at 8:53 am

Solar flares destroying our infrastructure has been a common trope from these Russian conspiracy sites for decades now. Going back to the late 90’s.

Using a scientists (who begged to be quoted correctly..why would he do that?) to mention how solar flares ‘could’ have been responsible just plays into that old trope. The poor kid who wrote this blog post has probably spent his entire life believing such things.

Not knocking at his Levin fellow, but clearly even he knew his words would probably be twisted by a far right-wing political blog.

Reply
Avatar photo
VERITAS Top fan February 28, 2024 at 9:18 am

“At the end of the day, you and I will never know what actually happened . . . ”

Andrew Fancher, you are a very talented journalist. There aren’t many authentic “journalists” anymore. Some just write up incomplete thoughts – thinking out loud – and then don’t bother to self-review or even verify their “facts”.

Reply
Sancho Panza February 28, 2024 at 10:46 am

That was a quote from Levin, not Fancher.

Reply
Avatar photo
VERITAS Top fan February 28, 2024 at 6:31 pm

Uh, duh, uh really????? That was not a Fancher quote???? Two paragraphs, one not connected to the other … try to keep up, Sancho.

Reply
GT February 29, 2024 at 8:47 am

Leave it to a trumptarded moron to double down on their plain as day idiocy.

Reply
Putin’s Puppets February 28, 2024 at 11:47 am

Yes, you will never know what happened, if you get your conspiracy theories and lies from Fits”News”.

Make sure to send prayers to all those US troops in Gaza that Fits”News” promised we’re headed there!

Reply
Jeff Mattox Top fan February 28, 2024 at 6:25 pm

It’s like the Keystone cops chasing the Predator. The people who understand the world of X’s and O’s do not work for the state. Who would? The less than capable who like the security that state employment provides. Unless the state hires outside the plantation they will always be left behind claiming they are on the case. They will also claim they are underfunded and undermanned in an effort to grow the idiocracy of their fold.

Reply
Simple explanations are the best! February 29, 2024 at 8:58 am

Anyone with any experience with modern business has experienced problems from a vender doing updates to whatever systems they use. Happens all the time. Some businesses are bigger than others and disruptions can affect larger groups of people.

Pretty simple, chicken littles.

Reply

Leave a Comment