"Just a week ago, our field offices in Charlotte, Indianapolis, Jacksonville, Los Angeles, and Cleveland worked with the Defense Criminal Investigative Service and U.S. Secret Service—along with international partners from Denmark, France, Germany, and the Netherlands—to conduct a technical operation against four groups who offer malware as a service, in the first such operation ever conducted.
That operation, Endgame, defeated multiple malware variants, took down more than 100 servers, and dismantled the infrastructure for four key pieces of global malware, which had been responsible for hundreds of millions of dollars in damages and had even compromised the critical-care online system a hospital needed to keep patients alive. "
Yes, it also states: "[...] We should also remember that 85-90% of the most powerful cyber-threat intelligence lies in the hands of those other than the United States government, which brings me to a final point about partnerships: Not one of our past—or future—disruptions is possible without exceptional partnerships [...]."
I didn't expect so much honesty, I would have expected "We and only we are the greatest and best".
I think this is not correct and perhaps a deliberate downplay. The US Govt theoretically and in many cases provably has backdoors in the very fabric of the internet itself, and has tendrils in products of many of the companies and entities responsible for everything from transistor to application.
It is however, in the US govts interest to not present this, so as not to encourage people away from US tech.
You way over estimate the US gov. Those backdoors and tendrils exist because of individuals and groups that developed the features. This isn’t the Smoking Man. The partnerships delivered the boots on the ground resources to detain, arrest, and prosecute the criminals.
This is different because it's not about espionage. The NSA can do tons of stuff that normal police forces can only dream about. But the NSA doesn't have to worry about courts or juries or even evidence. It's a totally different game when you want to crack down on criminals using the law vs dropping bombs on terrorists and military targets.
It works like this: NSA brings the illegal evidence, and agencies like FBI and DEA launders it, building a fake case that omits the illegal evidence but includes other evidence that were obtained from it, rewriting history to make it seem like the investigation never ever used illegal means.
It's like git rebase, but for criminal investigations.
While parallel construction is usually dodgy as hell, it still requires that there be sufficient evidence obtainable through legal means to build a case.
It's kind of like a journalist getting information off the record from a source. They can't use that for a story, and the only way they can write about it is if they can find enough on the record or on background sourcing or data to be able to back it up.
The only way I can see one expecting "We and only we are the greatest and best" sentiment is if one has been marinating in the "America Bad" online misinformation trend.
At first I was puzzled to see the Secret Service was involved. I have just learned that the Secret Service's other (and original) mission is to protect the security of the US financial system. When they were founded in 1865 (ironically, the day Lincoln was assassinated) their job was stopping counterfeiters. Protection of high profile officials came later, beginning in 1901. [0]
Maybe it's buried in the details and I missed it, but this is not the
first time the FBI cracked a ransomware operation, but the real story
is they got the keys and in the past they've just published
them. ("FBI urges ransomware victims to reach out"). This is how you
do law enforcement. Win hearts and minds with practical redress.
Otherwise you're just cutting heads of a hydra - which is what silly
plans for social media client-side scanning will only ever be able to
do.
So the last time, I ended up researching it for a Cybershow episode
(sorry dang :) and got down dark rabbit holes like these ones [0,1]
and realised just how hard this is. It's not just infiltration, it's
very stealthy, careful, long-term work. Getting right into the heart
of the beast and getting all the stuff, off an airgapped machine!
Imagine discovering a severe exploit with massive lateral impact and
needing to do a delicate, intricate coordinated disclosure so that
nobody gets tipped-off... and then cutting it at the root and bagging
all the loot, That's gotta feel good.
It’s my understanding the Celtics have a “win song.” So, as a fellow sports fan, I hope they play “All I Do Is Win” by DJ Khaled in Boston at least four times between now and June 23.
I would prefer Team America's America song.
I wonder if companies that don't pay the ransoms even keep the encrypted data for the future, or they cut their losses and just delete everything with the idea they're never going to get the data back.
In the panic of sifting through and restoring backups I doubt many of them actually take the time to do an extra backup of the encrypted data.
And of course the hardest hit companies don't even have viable backups, so it's even further from their mind to actually take a backup of the encrypted data.
"...LockBit was set up by a Russian coder named Dimitri Khoroshev...He maintains the image of a shadowy hacker, using online aliases like "Putinkrab," "Nerowolfe," and "LockBitsupp." But, really, he is a criminal, more caught up in the bureaucracy of managing his company than in any covert activities.
Essentially, he licenses LockBit ransomware, allowing hundreds of affiliate criminal groups to run shakedowns.In exchange for the use of his software, he gets a 20% cut of whatever ransoms they collect from innocent people and companies around the world.
To help his affiliates succeed, he provides them assistance through hosting and storage, by estimating optimal ransom demands, and by laundering cryptocurrency.
He even offers discounts for high-volume customers."
It's a tough life for a ransomware CEO: Ladies and gentlemen, I'm thrilled to announce that this quarter, we've achieved an unprecedented 99.9% encryption rate, with ransom payments up by 20%. We're setting new industry standards, one locked file at a time. It's nothing personal, just business...
Matt Levin had a few columns on "what is the right amount of crime", starting from the topic of ransomware-as-a-service: you want a lot of crime but you don't want to have your clients target hospitals for example. That level of crime will put too much heat on you. He went on often to discuss how a non-zero amount of crime is likewise expected and beneficial for the bottom line of many companies.
Not sure about beneficial as such… more like, a low level of fraud/theft/crime might cost less than the fraud/theft/crime-prevention measures, and therefore be rational to tolerate.
To help his affiliates succeed, he provides them assistance through hosting and storage, by estimating optimal ransom demands, and by laundering cryptocurrency.
Just wanted to say that at some point I switched from “you should do X” to “I think it would be fun if you did X”, because I don’t actually usually know what other people should do. In my case for example writing HN comments is fun, but making videos is stressful.
In a recent press release [1] the USDT said "According to the Department of Justice, LockBit has targeted over 2,500 victims worldwide". Now finding 7k decryption keys gives us a more realistic view on the insane problem ransomware has become and how many companies pay without publicy declaring a security incident.
FISA hearings and processes are very secretive and unconstitutional. We've become accustomed to intelligence agencies blatantly violating our rights but it's okay because it might stop criminals.
The state claims state secrets and prevents jurisdiction/standing when these laws are challenged. It doesn’t work.
There is a large body of history about these unconstitutional laws at this point. It would be wise of anyone willing to make such claims to orient themselves with the current status quo and how we arrived here.
This assumes an infallible judicial system which ours is NOT. I find the blind trust in the courts a very boring and unhelpful take. What do you personally think about FISA, Patriot Act, etc.. which makes it easy for the government to spy on its own citizens?
"Just a week ago, our field offices in Charlotte, Indianapolis, Jacksonville, Los Angeles, and Cleveland worked with the Defense Criminal Investigative Service and U.S. Secret Service—along with international partners from Denmark, France, Germany, and the Netherlands—to conduct a technical operation against four groups who offer malware as a service, in the first such operation ever conducted.
That operation, Endgame, defeated multiple malware variants, took down more than 100 servers, and dismantled the infrastructure for four key pieces of global malware, which had been responsible for hundreds of millions of dollars in damages and had even compromised the critical-care online system a hospital needed to keep patients alive. "