Infosec Update

Seedy

Totally not CDGator
Oct 17, 2020
395
724
It’s going to get a lot worse, before it gets worse.

That is all.
 

Seedy

Totally not CDGator
Oct 17, 2020
395
724
Very informative thread. Thanks for sharing!
What do you want to know?

ransomware: IT Industry is not prepared; ransomware industry is heavily funded.

Supply chain hacking is a real thing.

infrastructure IT is in bad shape

I’ll be happy to dig into details, if you are seriously interested. I just kept my OP superficial to avoid the obligatory “NERDS” GIF (BNA...)
 

Swamp Donkey

Founding Member
7-14 vs P5 Fire Stricklin First
Lifetime Member
Jun 9, 2014
78,161
109,975
Founding Member
Dementia Joe told them handsoff some of our computers.

Im sure they are scared to death.
 

Swamp Donkey

Founding Member
7-14 vs P5 Fire Stricklin First
Lifetime Member
Jun 9, 2014
78,161
109,975
Founding Member
Was it on the list of 13 things?
Democrat donors mostly.

Who cares? Putin doesnt care what is on the 13 New Obama Red Line Part 2 so why should we? Hell, Putin will attack those JUST BECAUSE they are behind the red line just to prove this guy is a pussy, just like he did with Obama.
 
Last edited:

CDGator

Not Seedy
Lifetime Member
Jul 24, 2020
15,801
43,745
Democrat donors mostly.

Who cares? Putin doesnt care what is on the 13 New Obama Red Line so why should we? Hell, Putin will attack those JUST BECAUSE they are behind the red line just to prove this guy is a pussy, just like he did with Obama.

Biden will give them money to stop. Oh wait, that means ransomware works.
 

Seedy

Totally not CDGator
Oct 17, 2020
395
724
0Day leads to 1,000,000 compromised endpoints leads to $70,000,000 ransom.

This is a new high watermark, and it may shape the future of ransomware gangs.

bTW, this happened on Friday. I wonder if anyone other than @CDGator has heard of it.
 

Nalt

Well-Known Member
Jul 23, 2020
6,626
18,109
0Day leads to 1,000,000 compromised endpoints leads to $70,000,000 ransom.

This is a new high watermark, and it may shape the future of ransomware gangs.

bTW, this happened on Friday. I wonder if anyone other than @CDGator has heard of it.
I had heard some rumblings but haven't looked into it for any details.
 

Swamp Donkey

Founding Member
7-14 vs P5 Fire Stricklin First
Lifetime Member
Jun 9, 2014
78,161
109,975
Founding Member
0Day leads to 1,000,000 compromised endpoints leads to $70,000,000 ransom.

This is a new high watermark, and it may shape the future of ransomware gangs.

bTW, this happened on Friday. I wonder if anyone other than @CDGator has heard of it.
It won't just be seizing all the ransom bitcoin this time.

I expect to see commandos kicking in doors.
 

Seedy

Totally not CDGator
Oct 17, 2020
395
724
It won't just be seizing all the ransom bitcoin this time.

I expect to see commandos kicking in doors.

you can only track the money if you have control of the Bitcoin tumblers.

Ransomware gang REvil is in Russia...

the rules of engagement are not clearly defined. This isn’t Russia v. USA. This is some illegitimate company doing harm to International companies.

Putin is KGB, Biden (and Trump and Obama) are all not equipped to go toe-to-toe with him.

Too much influx of USD into Russian economy.

hell, Putin shut down the government for one day to make a change to their constitution.
 

Swamp Donkey

Founding Member
7-14 vs P5 Fire Stricklin First
Lifetime Member
Jun 9, 2014
78,161
109,975
Founding Member
you can only track the money if you have control of the Bitcoin tumblers.
.
Dude, it is incredibly easy to track bitcoin... when the govt wants to. Honestly, cash is 1000 times harder to follow.

You may be more of an IT geek than me, but I doubt there are many on here with more financial crime experience.

Its a miracle dumbasses havent figured out how easy it is to be tracked yet.

Tumblers are almost zero problem. Youre aware that they are required to follow all antimoney layndering laws, right? Well, guess how quickly they fold when a fed shows up at the door?

Besides, you can tumble 100k somewhat eadily. Your arent tumbling millions easily.

I do however see that cutting off the world from world wide web might be a necessity in the future. (Out of my wheelhouse but I know it's being discussed.)
 

Seedy

Totally not CDGator
Oct 17, 2020
395
724
Dude, it is incredibly easy to track bitcoin... when the govt wants to. Honestly, cash is 1000 times harder to follow.

You may be more of an IT geek than me, but I doubt there are many on here with more financial crime experience.

Its a miracle dumbasses havent figured out how easy it is to be tracked yet.

Tumblers are almost zero problem. Youre aware that they are required to follow all antimoney layndering laws, right? Well, guess how quickly they fold when a fed shows up at the door?

Besides, you can tumble 100k somewhat eadily. Your arent tumbling millions easily.

I do however see that cutting off the world from world wide web might be a necessity in the future. (Out of my wheelhouse but I know it's being discussed.)


The way you describe it, Bitcoin shouldn’t be used for ransom payment. If that were true, why do they use it? Why are they using crypto(currencies) to buy their new Lambos/Ferraris/Bugatti’s?

Ransom recipient are not cowering, They are using the money to buy luxuries and “reinvesting” in their companies by buying more 0days, so they can do the next thing.

As long as the “hackers” stay in Russia (or China or wherever), they can essentially do whatever they want.

Crypto(currencies) are not my in wheelhouse, but I will say there isn’t any slowing down on pushing out ransomware, collecting the coin, and living the high life.

Geofencing the US from “the rest of the world” isn’t really feasible. Attribution is hard. They don’t fire up their home computers and start their campaigns. Instead, they bounce off of compromised hosts in other countries (even the US) and the use their ephemeral, cloud-based infrastructure to carry out their deeds.

Many in infosec come from military backgrounds (not me), and they have even seriously discussed on Twitter the need for a kinetic response (again, not me). Response, hack-back, or even deep dive attempts to attribute campaign to country/group is way above my pay grade (and can be highly illegal under CFAA - Computer Fraud and Abuse Act)

if there were a simple answer, we wouldn’t be in the position we are in.
 

Users who are viewing this thread

Help Users

You haven't joined any rooms.

    Staff online

    Forum statistics

    Threads
    31,642
    Messages
    1,615,560
    Members
    1,642
    Latest member
    fishermb