Suspect held over deadly US fertility clinic bombing
The suspect, Daniel Park, a 32-year-old man from Washington state, was taken into custody at John F Kennedy International Airport in New York, the officials said.
He will make an initial appearance in Brooklyn federal court on Wednesday afternoon and eventually face charges in California.
Park had been detained in Poland and deported by Polish authorities.
US officials were not clear why he had travelled to Poland and said he was not in southern California on the day of the bombing.
Officials alleged that Park secured 270 pounds of a fertiliser for Guy Bartkus, the primary suspect in the bombing.
The officials charged Park with providing and attempting to provide material support to a terrorist.
Bartkus, 25, died in the blast.
A bomb detonated shortly before 11am local time on May 17 in or near a car parked outside the fertility clinic, operated by American Reproductive Center.
In addition to the death of the primary suspect, several other people were injured, according to authorities.
Bartkus had "nihilistic ideations," FBI officials said at the time, adding that they were investigating the attack as an act of terrorism.
On Wednesday law enforcement officials said that Park shared those views and had posted them on internet forums.
Wednesday's arrest was first reported by NBC News.
US federal authorities have arrested a suspect in connection with last month's deadly bombing at a fertility clinic in Palm Springs, California, according to law enforcement officials.
The suspect, Daniel Park, a 32-year-old man from Washington state, was taken into custody at John F Kennedy International Airport in New York, the officials said.
He will make an initial appearance in Brooklyn federal court on Wednesday afternoon and eventually face charges in California.
Park had been detained in Poland and deported by Polish authorities.
US officials were not clear why he had travelled to Poland and said he was not in southern California on the day of the bombing.
Officials alleged that Park secured 270 pounds of a fertiliser for Guy Bartkus, the primary suspect in the bombing.
The officials charged Park with providing and attempting to provide material support to a terrorist.
Bartkus, 25, died in the blast.
A bomb detonated shortly before 11am local time on May 17 in or near a car parked outside the fertility clinic, operated by American Reproductive Center.
In addition to the death of the primary suspect, several other people were injured, according to authorities.
Bartkus had "nihilistic ideations," FBI officials said at the time, adding that they were investigating the attack as an act of terrorism.
On Wednesday law enforcement officials said that Park shared those views and had posted them on internet forums.
Wednesday's arrest was first reported by NBC News.
US federal authorities have arrested a suspect in connection with last month's deadly bombing at a fertility clinic in Palm Springs, California, according to law enforcement officials.
The suspect, Daniel Park, a 32-year-old man from Washington state, was taken into custody at John F Kennedy International Airport in New York, the officials said.
He will make an initial appearance in Brooklyn federal court on Wednesday afternoon and eventually face charges in California.
Park had been detained in Poland and deported by Polish authorities.
US officials were not clear why he had travelled to Poland and said he was not in southern California on the day of the bombing.
Officials alleged that Park secured 270 pounds of a fertiliser for Guy Bartkus, the primary suspect in the bombing.
The officials charged Park with providing and attempting to provide material support to a terrorist.
Bartkus, 25, died in the blast.
A bomb detonated shortly before 11am local time on May 17 in or near a car parked outside the fertility clinic, operated by American Reproductive Center.
In addition to the death of the primary suspect, several other people were injured, according to authorities.
Bartkus had "nihilistic ideations," FBI officials said at the time, adding that they were investigating the attack as an act of terrorism.
On Wednesday law enforcement officials said that Park shared those views and had posted them on internet forums.
Wednesday's arrest was first reported by NBC News.
US federal authorities have arrested a suspect in connection with last month's deadly bombing at a fertility clinic in Palm Springs, California, according to law enforcement officials.
The suspect, Daniel Park, a 32-year-old man from Washington state, was taken into custody at John F Kennedy International Airport in New York, the officials said.
He will make an initial appearance in Brooklyn federal court on Wednesday afternoon and eventually face charges in California.
Park had been detained in Poland and deported by Polish authorities.
US officials were not clear why he had travelled to Poland and said he was not in southern California on the day of the bombing.
Officials alleged that Park secured 270 pounds of a fertiliser for Guy Bartkus, the primary suspect in the bombing.
The officials charged Park with providing and attempting to provide material support to a terrorist.
Bartkus, 25, died in the blast.
A bomb detonated shortly before 11am local time on May 17 in or near a car parked outside the fertility clinic, operated by American Reproductive Center.
In addition to the death of the primary suspect, several other people were injured, according to authorities.
Bartkus had "nihilistic ideations," FBI officials said at the time, adding that they were investigating the attack as an act of terrorism.
On Wednesday law enforcement officials said that Park shared those views and had posted them on internet forums.
Wednesday's arrest was first reported by NBC News.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Sydney Morning Herald
4 days ago
- Sydney Morning Herald
Qantas cybersecurity breach: All you need to know
Qantas detected unusual activity on a 'third-party platform' on Monday used by the airline's contact centre in Manila. The data breach may have affected up to six million Qantas customers, making it one of the largest in Australian history. The customer data incident was reportedly contained by Wednesday, and flight operations are running normally. After alerting the public on Wednesday, more questions are surfacing about the risks faced by Qantas Frequent Flyer members. Qantas on Thursday confirmed that CEO Vanessa Hudson was travelling overseas but leading the crisis response remotely. The breach occurred days after the FBI warned the aviation sector was being targeted by criminal group Scattered Spider. The multi-stage nature of cybercrime has prompted Qantas to warn customers of further impacts. How did the breach affect Qantas Frequent Flyers? A review of the incident showed the stolen data included customer names, email addresses, phone numbers and birthdates. It also included frequent flyer numbers. No credit card details, personal financial information or passport details were held on the hacked platform, the airline said. 'No Frequent Flyer accounts were compromised, nor have passwords, PIN numbers and log-in details been accessed,' Qantas said. Cyber experts say that the hacked frequent flyer numbers alongside customer names, email addresses, phone numbers, and birthdates would nevertheless make it easy for criminals to infer the log-on information needed to access frequent flyer accounts.
The Age
4 days ago
- The Age
Qantas cybersecurity breach: All you need to know
Part of Scattered Spider's strategy is to 'steal sensitive data for extortion', according to the FBI. The cybergang often deploys ransomware, which involves locking up sensitive data and threatening to delete or release it unless a ransom is paid. Loading How do I know if my data has been affected? If you are one of the six million customers affected by the breach, you will likely have received an email from Qantas. Many received it on Wednesday evening. Whether the data is further exploited for financial gain is a bit of a wait-and-see scenario. Qantas said frequent flyers should remain 'alert for unusual communications claiming to be from Qantas' such as 'emails or calls asking for personal information or passwords'. Such requests should be treated with suspicion. The airline would never contact members 'requesting passwords, booking reference details or sensitive login information'. The airline has set up a dedicated webpage, along with a dedicated support line on 1800 971 541 or 2 8028 0534 for enquiries. What is Scattered Spider? The criminal cybergang is suspected as being behind the breach. It is thought to be motivated by financial gain, and believed to be based in the US and UK. 'The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector,' the agency said on June 28. Scattered Spider relies 'on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access... They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.' While complete attribution takes time, Hawaiian Airlines and Canada-based WestJet are also suspected to be victims of Scattered Spider. Macquarie University cybersecurity professor Dali Kaafar said: 'Scattered Spider are known to be in this sophisticated social engineering tactics, often coincidentally also targeting help desks or call centre personnel to gain access to some corporate networks. 'Scattered Spider often combines some data exfiltration with possible ransomware threats, which I wouldn't be surprised to see in the next few days.' Qantas has not – at time of writing – received a ransom demand. What can I do to protect my data now? In the email to affected members, Hudson told customers: 'I want to reassure our Qantas frequent flyers that there's no requirement to reset your password or PIN.' The company has urged frequent flyer members to use two-factor authentication on their accounts. 'The information released in the incident is not enough to gain access to frequent flyer accounts,' a Qantas spokesman said. Loading In addition to the two-factor authentication (2FA) or multifactor authentication (MFA) in place, 'we have always strongly encouraged customers to set up and install an authenticator app for added account security', the spokesman said. Two-factor authentication was made default on frequent flyer accounts some time ago. Not all members would have set up the 2FA. Macquarie's Kaafar said: 'The idea that login details have not been compromised so it should be secure and safe, definitely doesn't make sense to me.' Research and empirical evidence shows that many members would actually be using some form of the birthday as a PIN number, he said. The fact that the date of birth associated with frequent flyer members' numbers are now 'out there, compromised' and that the mobile app relies on only three main pieces of information makes the app 'quite vulnerable to further compromise'. The app requires a user's surname, frequent flyer number and a PIN code. 'So I think it just makes perfect sense, an immediate action to take, is to at least change that PIN code.' Kaafar said the two-factor authentication also wouldn't protect from overall phishing and scam vulnerabilities once the data was in the hands of criminals. Chief technology officer at NordVPN Marijus Briedis urged customers to use a password manager app 'to create unique, strong passwords for all your accounts'.
ABC News
5 days ago
- ABC News
What we know about Scattered Spider, the hacker group targeting airlines
Alarm bells were being sounded that Scattered Spider, a notoriously aggressive and prolific hacking group, had a new favourite target — the airline sector. The FBI and tech companies Google and Palo Alto Networks put out alerts over the weekend. They warned of multiple incidents in the airline and travel industry that resembled the group's operations. Now it is believed Australia might have fallen victim to the cybercriminals. Qantas has announced that 6 million customer accounts had been exposed in a "significant" cyber attack. The airline would not confirm if it was the target of Scattered Spider, but experts said the attack appeared to have its signature moves. Scattered Spider, or UNC3944, is a loose-knit but aggressive hacking group. The "scattered" gang of affiliates goes by various names and aliases, such as Octo Tempest, Star Fraud, Scatter Swine and Muddled Libra. The members are believed to be mainly young native English speakers from the US and the UK. Some have reportedly been as young as 16 years old. Since emerging in 2022, together the gangs have been accused of breaking into and stealing data from some of the world's largest companies. They are alleged to be behind more than 100 targeted attacks across industries including telecommunications, finance, retail and gaming. The group goes from sector to sector, often targeting sectors that face significant customer pressure. And they aim for the big fish. In 2023, hackers tied to Scattered Spider broke into gaming companies MGM Resorts and Caesars Entertainment, partially paralysing casinos and knocking slot machines out of commission. The $US14 billion ($21 billion) gaming giant MGM Resorts operates over 30 hotels and casinos around the world, including in Macau and Las Vegas. The group has also caused mayhem across the UK, hitting some of the largest retail brands, including Harrods, Co-Op and Marks & Spencer (M&S). A recent cyber attack on M&S disrupted the company's online business over weeks. It has resulted in about 300 million pounds ($600 million) in lost operating profit. Scattered Spider is known to use tactics such as social engineering, where hackers trick people into letting them into systems. They essentially target human vulnerabilities. The chief executive of M&S confirmed that "threat actors" had gained access to the retailer's systems via one of its contractors using social engineering techniques. The group typically exploits an organisation's IT helpdesk, using publicly available information to pose as a staff member. David Tuffley, a cybersecurity expert from Griffith University, said the tactics could be "pretty aggressive". The impersonations could take place through phishing attacks, which is often fake emails or text messages, or the hackers may even make phone calls directly to the help desk. Daswin De Silva, a professor of AI and analytics and director of AI strategy at La Trobe University, said the tactics were "really manipulative". "Help desks want to resolve issues as quickly as possible," Professor De Silva told the ABC. "With a large organisation that has outsourced some of their business functions, they tend to be removed from the day-to-day operations of the main business. "When there is a disconnect like this … the security can be compromised." Another tactic the group is known to use is called multi-factor authentication (MFA) bombing or MFA fatigue. It involves attackers repeatedly sending MFA requests, such as notifications to a user's device, in an attempt to overwhelm them and trick them into approving a login. This could enable them to gain access to the data warehousing platform, or manipulate password resets. Qantas has released a statement saying that it detected unusual activity on Monday, on a third-party platform used by a contact centre. The airline said 6 million customers had service records in the platform, and it believed the proportion of stolen data would be "significant". An initial review confirmed the data included some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers, the airline said. "Importantly, credit card details, personal financial information and passport details are not held in this system," the statement read. "No frequent flyer accounts were compromised nor have passwords, PIN numbers or login details been accessed." The breach comes as the FBI has sent out a notification saying it has recently observed Scattered Spider "expanding its targeting to include the airline sector". "They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk," the FBI said in a statement posted on X. "The FBI is actively working with aviation and industry partners to address this activity and assist victims." Alaska Air Group-owned Hawaiian Airlines and Canada's WestJet have both recently reported being struck by unspecified cyber incidents. Qantas said it had notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. A spokesperson for CyberCX told ABC News the incident had all the hallmarks of an attack from the Scattered Spider hacker group. Professor Tuffley said he "wouldn't be too surprised" if the group was behind the attack. "Qantas are actually pretty good as far as cybersecurity goes, but obviously their call centre in the Philippines or wherever it was wasn't quite so good," he said. Previous breaches on major Australian companies including Medibank and Optus have highlighted how cyber attacks can see people's data used as a bargaining threat to make companies pay a ransom. Another concern for Qantas customers is that their personal data could be onsold and then used to conduct fraud. Professor Tuffley said that often, data from large-scale breaches would be combined to assemble enough information to impersonate someone. Criminals could then carry out scams such as SIM swapping or financial fraud. "They could contact a telco and say 'Hi, this is Dave, I lost my phone and I want to get a new SIM installed,'" he said. "The telco will go through all sorts of security vetting, but if they've got enough information about you, then they can succeed at that." Professor De Silva said often after a major breach, there would be a secondary round of attacks based on the data that was stolen. That could involve using the data to ask for password resets or security check-ups. "The attack was first detected on Monday, but customers and the public were informed on Wednesday. This delay translates to more than 48 hours for subsequent targeted/personalised attacks towards individual customers," Professor De Silva said. "The Australian government and relevant authorities must do better in managing the communications, impact and loss following cyber attacks." Qantas customers are being advised to stay vigilant and check accounts and transactions regularly, including frequent flyer accounts. As a general piece of advice, experts say individuals should never reuse passwords on any system or service.
