FBI warns of time-traveling hackers

Cybercriminals always find new ways to scam you, whether it's mimicking a government agency, creating a fake website or delivering malware disguised as a software update. Just when you think you've seen it all, they come up with a new trick.

This time, the FBI has issued an alert: Hackers are using a "time-traveling" technique to bypass your device's security measures. No, we're not talking about actual time travel (though wouldn't that be something?). This is a sophisticated cyberattack where hackers manipulate a system's internal clock to sneak past security defenses.

The concept of "time-traveling hackers" refers not to literal time travel but to a sophisticated cyberattack technique where hackers manipulate a system's internal clock to bypass security measures. This attack is reportedly tied to the Medusa ransomware gang.

In this type of attack, hackers exploit expired security certificates by altering the system date on a targeted device to a time when those certificates were still valid. For example, a security certificate that expired in, say, 2020 could be made usable again if the system's clock is set back to 2019. This allows malicious software signed with these outdated certificates to be recognized as legitimate by the system, effectively "traveling back in time" from a security perspective. 

The FBI has warned that such attacks pose a significant risk, as they can disable modern security protections like Windows Defender by tricking the system into accepting outdated drivers or software.

Traditional search and rescue tools, like rigid robots and specialized cameras, often struggle in disaster zones. Cameras follow only straight paths, forcing teams to cut through debris just to see further in. Rigid robots are vulnerable in tight, unstable spaces and expensive to repair when damaged. And manual probing is slow, exhausting and risks responder safety.

4) Monitor for suspicious system time changes: The core of this "time-traveling" attack is clock manipulation: Hackers roll back a device's clock to a time when expired security certificates were still valid. This allows outdated and potentially malicious software to appear trustworthy. Be alert to unexpected system time changes, and if you're managing an organization, use tools that flag and log these types of configuration shifts.

The Medusa attack is a good example of how cybercriminals are shifting tactics. Instead of relying on traditional methods like brute force or obvious exploits, they are targeting the basic logic that systems depend on to function. In this case, it is something as simple as the system clock. This kind of strategy challenges the way we think about security. It is not just about building stronger defenses but also about questioning the default assumptions built into the technology we use every day.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.