US investigators recover the majority of ransom Colonial Pipeline paid to hackers (suspect, solution)
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
It was reported in the news that they obtained the private key of the hackers bitcoin wallet, which is the technical mechanism bitcoin uses to maintain ownership and anonymity of accounts, so that mechanism was not compromised technically, however it was not disclosed how they managed to get the key.
Perhaps. But that explanation is not passing the smell test for me.
It says -- we can find your money and we can take it.
Yes it happens way more than we hear about -- that's why it's been an issue for years now.
But this is a good step in the right direction.
Read your own article all the way to the end and you find....
Quote:
The password to the account was discovered alongside other leaked data on the dark web, the company said, though it is not clear how hackers obtained the password or the username.
It was reported in the news that they obtained the private key of the hackers bitcoin wallet, which is the technical mechanism bitcoin uses to maintain ownership and anonymity of accounts, so that mechanism was not compromised technically, however it was not disclosed how they managed to get the key.
Yes, many Russian hacking groups have affiliation\protection with the Russian mafia and Russian intel is aware of them.
I don't believe their intent was to cause such a huge disruption, they were just looking for a payday, not cause an international incident.
This is why I feel that there were some conversations between the US and Russia and so there was this token "win" thrown out and probably some discussion of keeping their dogs on a tighter leash with regards to critical systems.
You are one of the few true security experts that post here so I respect your views on things, I just find the whole "we hacked them back and got the money back" to be laughable theater designed like a "mission accomplished" photo op.
Bottom line Bitcoin can be traced, especially in high profile investigations. And who knows what intelligence they had??
It can be traced but typically only to online wallets. Traditional intel collecting mechanisms can then be deployed to see who is interacting with the online wallet. The smart people who hold crypto will move the funds to an offline wallet as soon as they can for better security.
I'll let Atltech explain to you just how much of a win this 2 million dollar recovery was and what it means for the possibility of reduced future attacks as apparently "we've taught them a lesson".
Keep in mind, the OP was claiming that this sends a strong message to hackers that we can get the money back...I disagree with that assessment is all.
It can be traced but typically only to online wallets. Traditional intel collecting mechanisms can then be deployed to see who is interacting with the online wallet. The smart people who hold crypto will move the funds to an offline wallet as soon as they can for better security.
Maybe these guys are great hackers but not "smart guys" when it comes to crypto currencies. This is from the Justice Dept.
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.
No self respecting criminal enterprise would allow this to happen IMO.
The DOJ is desperate to find some way to be able to impede these ransomware attacks, other than providing public service announcements about how important it is to maintain compliance with basic IT security protocols, such as not clicking on unknown attachments sent from anonymous sources and having passwords better than "password" or "123456".
Until a couple of hours ago, the broad concensus was that the only way to stop or recover from one of these attacks - other than paying the ransom - was to make sure it was never activated to begin with. Now the DOJ has announced that they have, almost as of by some sort of magic, figured out the payment (Bitcoin) side, which until just minutes ago, was regarded as effectively impenatrable.
Apparently not anymore, if the DOJ is to be believed here.
The best 'Occam's Razor' explanation that immediately jumps forward here is that the DOJ did not actually recover anything, but is announcing that they did anyway, so as to sow the seeds of uncertainty and doubt in the minds of any prospective ransomware hackers as to the safety of Bitcoin as a secure and anonymous medium of exchange.
This would not be honest, but it would be a smart counter-espionage strategy. Even if it does not stop these attacks completely, which it probably will not, there is a good chance that it slows them down some and reduces the overall number of such attacks.
No way to know for sure, but again, the explanation provided by the DOJ is not passing the smell test for me here.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.