14 DAY TRIAL // According to the FBI, Mega was one of two cloud storage platforms used by hackers behind large-scale operations, including those on healthcare systems, as RNZ states.
Another alert that was issued in March by the FBI said that the cyber attackers uploaded stolen material to MEGA.NZ either through the website or by installing the client application directly on a victim's PC.
Mega stated that there was no way to prevent hackers from utilizing legitimate software because they had complete control over the system they hacked. Then again, it is also impossible to tell what its 220 million account holders had saved on their encrypted files unless law enforcement or a hacked organization reported it.
Mega chief executive and chair Stephen Hall told RNZ "If they found a Mega link, it would be reported to us and [the account] closed within minutes". He could not guarantee Mega's services were not being used by Waikato DHB hackers, but the company had not been notified by local police or the DHB. Hall said, "All I can say is there's no sign of that being on Mega at this stage".
The warnings from the FBI also mentioned hackers using Microsoft's Windows Sysinternals and Swiss company pCloud.
Cybercriminals managed to exfiltrate data from Mega using ingenious ways
Hall likened accessing cloud storage to a hacker exploiting phone lines or local computers for an attack. Hackers were looking for quick and efficient ways to exfiltrate data, and Mega was one of them.
An FBI warning said attackers had moved from uploading and posting stolen material on MEGA to posting stolen material on another file-sharing service: website.dropmefiles.com.
Even though the files are encrypted, Mega has access to user registration data and IP addresses, according to its 2020 transparency report.
Mega can reveal user information and data in "very limited scenarios" if it has written confirmation from authorities that life or health is in danger. According to the report, Mega received 8 court orders and released information in 2019-2020 about accounts reported to be involved in serious criminal activity overseas. It also disabled 565,000 accounts that distributed stolen or exploitative content.