The takedown of the world’s largest ransomware gang, the Russian-based LockBit, by the FBI, Europol, and the U.K.’s National Crime Agency, today was a major moment in law enforcement’s fight against cybercrime.
By some estimates, LockBit, which until its takedown by authorities ran a ransomware-as-a-service offering, is responsible for around 25% of all ransomware out there on the internet. “It is a significant success for the law enforcement agencies,” says Alan Woodward, professor of cybersecurity at the University of Surrey.
Boeing, children’s hospitals, and the U.K.’s Royal Mail were all high-profile victims of ransomware sicced on victims by the gang. More than $120 million in payments were made to LockBit between 2019 and its takedown on February 20 by more than 2,000 victims, according to Nicole M. Argentieri, acting assistant attorney general at the Department of Justice.
Taking down the gang from the inside and replacing it with a message saying it was under the control of the U.K.’s National Crime Agency (NCA), the lead agency in the investigation, was a notable moment—and one that investigators and crime fighters were keen to crow about. “As of today, LockBit is effectively redundant,” Graeme Biggar, director-general of the NCA, told a press conference in London. “We have hacked the hackers.”
But beyond the fact of taking down the criminal gang, today’s announcement was also significant in another way. It was perhaps the most hyped demonstration of a criminal gang takedown in law enforcement history.
In advance of the midmorning press conference in the U.K., the NCA and other agencies began sharing hourly countdowns to the official announcement of the outcome of their investigation, named Cronos, on social media. The message behind the drumbeat of posts was simple: Something big is coming. By the time the press conference arrived, and precisely what had happened was unveiled, there was more attention on the case. “The law enforcement agencies are learning that it matters to public trust to see that this is done,” says Woodward. “It also signals to the criminals there will be more to come.”
Indeed, the press conference today is just the start of a series of announcements unpicking the LockBit gang, with more expected to come. The gang’s website was also repurposed and rebranded with information about indictments, sanctions, and arrests that led from the initial Cronos investigation. “Policing and intelligence are stepping more into the limelight in general,” says Agnes Venema, a security and technology scholar at the University of Malta. “It’s probably one way of showing what they’re doing. People are asking politicians to take action on these things, and they can’t prove they’re effective unless they are public about it to a degree.”
The way in which the takedown has been communicated is also an interesting development, adds hacker and Predicta Lab CEO Baptiste Robert. “We can see some bigger, state organizations like the FBI and NCA communicating like hackers,” he says. “This is an image they want to show: We are hackers fighting hackers, and we are using the same speech and rhetoric as these guys, and we’ll fight with the same weapons.”
That’s something Woodward agrees with—particularly when considering how extensively they defaced LockBit’s website (traditionally, law enforcement might only post a seizure notice, whereas here they deployed what one watcher called “grade A trolling”). “The law enforcement agencies wanted to show that even with Tor, criminal networks are vulnerable and the criminals are not always that good at their own security so hacking the hackers is now a police tactic,” Woodward says.
Beyond the hype, there were other intriguing findings from the investigation—for instance identifying, after searches of what they found within the network, that the criminals hadn’t destroyed the data they were paid ransoms for. “Once the law enforcement agencies had access to the network it became clear that the criminals operating it had no inner security,” says Woodward. “It quickly gave up data such as the Onion addresses for the Tor sites involved.” Using that information and more seized by law enforcement, the agencies have also published keys that will help victims decrypt data ensnared by tools developed by the LockBit gang.
“Our work does not stop here: together with our partners, we are turning the tables on LockBit—providing decryption keys, unlocking victim data, and pursuing LockBit’s criminal affiliates around the globe,” says FBI deputy attorney general Lisa Monaco.
Robert points out that such a boastful approach to communication as has been displayed today is high risk, high reward. While law enforcement can crow now about their successes, such an approach can backfire—but in this instance, it’s shown to be successful. So far. “If LockBit comes back tomorrow,” he says, “that could change.”
Accedi per aggiungere un commento
Altri post in questo gruppo
A preliminary finding into last month’s Air India
In May of 1995, the video game industry hosted its first major trade show. Electronic Entertainment Expo (E3) was designed to shine a spotlight on games, and every major player wanted to stand in
Robinhood cofounder and CEO Vlad Tenev channeled Hollywood glamour last month in Cannes at an extravagantly produced event unveiling of the trading platform’s newest products, including a tokenize
In the mid-1990s, Hollywood began trying to envision the internet (sometimes called the “information superhighway”) and its implications for life and culture. Some of its attempts have aged better
Ever since AI chatbots arrived, it feels as if the media has been on the losing end o
Aside from the obvious, one of the best parts of the work-from-home revolution is being able to outfit your workspace as you see fit.
And if you spend your days squinting at a tiny lapto
Child psychologists tell us that around the age of five or six, children begin to seriously contemplate the world around them. It’s a glorious moment every parent recognizes—when young minds start
