Darkside ransomware gang says it lost control of its servers & money a day after Biden threat
Source: The Record
A day after US President Joe Biden said the US plans to disrupt the hackers behind the Colonial Pipeline cyberattack, the operator of the Darkside ransomware said the group lost control of its web servers and some of the funds it made from ransom payments.
A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. CDN servers, said Darksupp, the operator of the Darkside ransomware, in a post spotted by Recorded Future threat intelligence analyst Dmitry Smilyanets. Now these servers are unavailable via SSH, and the hosting panels are blocked, said the Darkside operator while also complaining that the web hosting provider refused to cooperate.
In addition, the Darkside operator also reported that cryptocurrency funds were also withdrawn from the gangs payment server, which was hosting ransom payments made by victims. The funds, which the Darkside gang was supposed to split between itself and its affiliates (the threat actors who breach networks and deploy the ransomware), were transferred to an unknown wallet, Darksupp said.
This sudden development comes after US authorities announced their intention to go after the gang.
Read more: https://therecord.media/darkside-ransomware-gang-says-it-lost-control-of-its-servers-money-a-day-after-biden-threat/
WA-03 Democrat
(3,046 posts)Now that Putins puppy is out, crime is not paying that well.
The US is back on cyber offense. Stay frosty St. Petersburg!
dweller
(23,628 posts)Well played
✌🏻
joetheman
(1,450 posts)The other guy would have been boasting all over himself.
Now to make these crimes major terrorists acts with sentences to match.
hadEnuf
(2,188 posts)DBoon
(22,356 posts)Budi
(15,325 posts)Every thief since the beginning of thievery has an exit plan. How well that plan is executed at the vital moment is the trick.
Let's hope they skipped a step in their rush out the door.
Appears they met their match, with President Biden.
New Sherriff, as they say...😎
WA-03 Democrat
(3,046 posts)I would speculate they are so far in their system that Darkside has no control over their system. The tables were so quickly turned it smells like a trap to them too I bet. No one hacks better than the US.
SWBTATTReg
(22,112 posts)about US capabilities on software, computer system hacking, etc. Generations of Americans have grown up teething on keyboards, monitors, computers, you name it. The capabilities of these generations of Americans is not fully recognized, as we constantly hear about the Russians, their allies in eastern European countries, etc. endlessly of their computer capabilities, to the point where I want to stick my finger in my throat and throw up.
Thank you.
It does show just how quickly Darkside was hacked (associated IP addresses were ID'ed, etc. and then hacked)...amazing.
stopdiggin
(11,296 posts)WE can do things too. In fact -- in most cases, we can do it better than you.
Messing with people needs to come with a price attached. And also totally agree with Biden's program to emphasis 'hardening' our targets -- both government and private. Way overdue.
WA-03 Democrat
(3,046 posts)we will design our very own operating system and a web browser. Who knows, maybe a processor one of these days too. Oh shit, we have done design every fucking one from the desktop to the computer you carry in your hand. Maybe these Cisco guys can do a switch and router then we be banging. What or why does 100% of all internet traffic hits a US designed central exchange switch? Imagine a giant pool that you can never go through to the bottom or the side. You have to know what you want before they will dig.
The US backs up the entire internet all day in real-time. All these systems have a G mode.
stopdiggin
(11,296 posts)but that doesn't mean US government control. (and I guess whether you see that as a 'problem' kind of depends on point of view). Or are you implying ("all these systems have G mode".) that the US government does have control of the entire infrastructure?
GregariousGroundhog
(7,518 posts)The article specifically states that the hacker's former webhosting provider is refusing to cooperate with them. My guess is that the victim's and/or their internet service provider were able to provide the FBI with log information regarding what IP addresses the attack came from and that the webhosting provider which owns that IP address either voluntarily seized the hacker's data or did so after being presented with a search warrant by the FBI.
stopdiggin
(11,296 posts)which suggests more penetration and access than just shutting down some servers. Or -- inside double cross. Somebody on the 'team' made off with the dough.
WA-03 Democrat
(3,046 posts)They have lost control of their finances. They have lost control of their blog. That is a lot of things to go wrong the day after this was "resolved" and the President signed an emergency declaration of cyber security. What are the chances of anything happening after President Biden planning and executing on something? As Malcom Nance says that is a lot of coincidences to plan for. It is another wake up call that our utility IT systems need updating.
This is not a case of things running fine and dandy and the web-host in a neutral country.
Sgent
(5,857 posts)can be part of a multi-pronged takedown by the CIA / NSA / CISA / USCC.
Fortinbras Armstrong
(4,473 posts)Was threatened with criminal proceedings. No matter where it's based, accessory to grand larceny and extortion is not something one wants to be accused of. If the FBI says, "If you cooperate, we won't bring charges and we also won't release your name" most people would be anxious to help.
GregariousGroundhog
(7,518 posts)Feel free to google 'Section 230', but at a high level ISPs and webhosts are generally shielded from what their customers do online. The only exception I'm aware of are when a provider fails to act consistently on Digital Millennium Copyright Act (DMCA) notices.
Fortinbras Armstrong
(4,473 posts)Actual criminal activity is not protected. We have here grand theft and extortion.
Ilsa
(61,694 posts)about zero day threats, Iranian hackers, etc.
I hope the story gets out for everyone to see that Biden has got this.
SergeStorms
(19,195 posts)Or am I misunderstanding this? I have little knowledge of block chain currencies.
WA-03 Democrat
(3,046 posts)Yes, nothing is 100% safe. Here's a good read but yes it crypto currency is a multi-billion USD a year crime. [link: https://www.marketplacefairness.org/cryptocurrency/hacking-statistics/|
I have always been a bright yellow chicken of this market. I believe with President Biden, the mob is not going to be able to use these things to launder money.
SergeStorms
(19,195 posts)I'll give it a read. I want to learn more about this area of finance, but I have to admit, sometimes they seem to be talking in a language I don't understand. I'm 72, and its getting more difficult to teach this old dog new tricks. Thanks again.
alfredo
(60,071 posts)Probatim
(2,525 posts)Will the nutters now complain Biden is going rogue? After placing blame for the hack squarely on his shoulders?
BobTheSubgenius
(11,563 posts)On the one hand, they do get to complain about him going rogue. But that also acknowledges a great deal of competence, in planning, execution and stealth exit.
Probatim
(2,525 posts)until after he knew the switch had been flipped.
One thing to make a threat and another to follow through on it.
marble falls
(57,077 posts)I think he was pre-empted with the question about Colonial paying $5M, he was waiting till the ducks fell to make an announcement.
BobTheSubgenius
(11,563 posts)And a belated welcome to DU!
COL Mustard
(5,897 posts)It was a foreign sourced attack on a private US company. Nothing Biden could have done to prevent it...if the company had weak IT security, that's their issue, not the US Government's.
Probatim
(2,525 posts)Biden was already blamed for gas shortages caused by the hackers. Why is it his fault? RW Media/Rs set the tone and feed off of each other.
Now we'll hear how Biden is "setting a dangerous precedent by inserting the US Gov't in these operations".
It might not happen tonight but by Sunday, all the talking heads will be paraded out to tell us what a terrible idea this was
NQAS
(10,749 posts)but this does sound like socialism.
Government stepping in to assist private company that failed to protect its systems.
Yes, this kind of cyber offense is a legitimate government concern, and I'm glad to see this result, but it is clearly government intervening in a private company's affairs (regardless of the importance of the company's in moving oil around the country).
Just sayin'.
alittlelark
(18,890 posts)SWBTATTReg
(22,112 posts)intercede and interrupt the criminal endeavors...especially since more than likely, multiple companies are probably involved in the data network(s) being used (company A owns the originating piece, company B owns the transport piece, company C owns the terminating piece of the data call, etc.), so what company is the one that should act against the evil doers?
There are multiple laws governing efforts to secure the national data networks from harm, and probably far more laws/etc. now...this isn't socialism as you call it. It's effective policing and securing the vulnerable data networks from harm.
Federal Government Regulation There are three main federal cybersecurity regulations - - 1996 Health Insurance Portability and Accountability Act (HIPAA) - 1999 Gramm-Leach-Bliley Act - 2002 Homeland Security Act, which included the Federal Information Security Management Act (FISMA)
Read more at: https://www.appknox.com/blog/united-states-cyber-security-laws
NQAS
(10,749 posts)So would it depend on where along the system the hack occurred? If the failure that allowed the hack occurred within the Colonial system, then who's responsible for the failure to secure the network?
I don't have any heartburn with what seems to have been the USG response. I'd like to see more of that, even if we don't necessarily know that it's the USG doing it. As long as the hackers are disrupted.
I guess what bugs me is, somehow, the expectation that when there's a giant problem that the private sector either couldn't or wouldn't fix, the USG is where they turn. That being the case, I'd like to hear what the RWNJs have to say about this. (Actually, IDGAF about what the RWNJs have to say, but you get the idea.)
And it's not only the private sector. I read that the DC Police are currently the victim of a ransomware attack. Again, who's responsible? The network provider or the IT department? In this respect, I'm fine with infrastructure funding to address these issues for federal, state, and local agencies.
Turning to fiction, this was the subject of Lee Child's latest book, The Sentinel. Russian ransomware attack (with the usual Lee Child twists), but the failing was with the small town that refused to fund the work that would secure the town's network.
stopdiggin
(11,296 posts)Both of you obviously see a USG component in both defense and response measures. (I think -- certainly you do.) Defense of our infrastructure (and economy?) is -- well -- defense of the republic. Pretty much the same reason that we have the military.
I applaud Biden for bringing the focus of attention .... Security and tech people have been screaming for years. It's well overdue. Will we eventually be looking at "attractive nuisance" laws (or something similar) to force 'hardening' of both public and private sectors?
Baked Potato
(7,733 posts)All branches of government use equipment and systems ran by private companies. Clearly, private companies are not nearly powerful enough to carry out the maneuvers with the immediacy needed in these modern times.
Our system allows private companies full control until it threatens National Security.
What it sounds like happened is the cyber equivalent of a bank getting robbed and the FBI coming in to catch the robbers. Would that also be socialism?
stopdiggin
(11,296 posts)pandr32
(11,579 posts)Biden Brigade is fully operational.
jmbar2
(4,874 posts)Makes me proud.
MineralMan
(146,287 posts)Captain Zero
(6,805 posts)Tell him to go get a real job !!
asiliveandbreathe
(8,203 posts)like water..will always find a way...
abqtommy
(14,118 posts)Welcome to the real world.
IrishAfricanAmerican
(3,815 posts)progressoid
(49,983 posts)Pepsidog
(6,254 posts)dalton99a
(81,455 posts)50 Shades Of Blue
(9,975 posts)Captain Zero
(6,805 posts)Imho.
ScratchCat
(1,981 posts)I guess
50 Shades Of Blue
(9,975 posts)TheFarseer
(9,322 posts)irisblue
(32,968 posts)ScratchCat
(1,981 posts)Few countries where they are unreachable(well, without starting something bigger).
gordianot
(15,237 posts)I would not place bets they are still alive or they will be breathing in the near future.
Grokenstein
(5,722 posts)padah513
(2,500 posts)Pepsidog
(6,254 posts)Dictator in waiting promising to protect us. Look how we acted, we are prime for other bad actors to disrupt our country setting up the next real American Dictator.
ffr
(22,669 posts)halfulglas
(1,654 posts)Since Darkside brags that they are "good" hackers and don't hack nonprofits, etc. They may have been hacked by thieves worse than them, not better.
FakeNoose
(32,634 posts)SpankMe
(2,957 posts)I'm surprised that a hacker organization would publicly admit it's been hacked. Criminal orgs don't usually issue press releases.
I suspect there's been some response by US cyber. But there is no way of knowing the truth a this stage in the game. The US doesn't want to divulge any strategic information on its cyber capabilities, and the hackers can't be trusted to tell the truth.
The Unmitigated Gall
(3,803 posts)Stay in Russia, forever. Shitbirds.
calimary
(81,220 posts)Like your screen name!
And your message, also. Let's all think CONSEQUENCES. Literal AND - um - shall we say "creative"?
The Unmitigated Gall
(3,803 posts)Its embarrassing how long Ive been following everyone here!
quakerboy
(13,919 posts)In that business its got to be a balancing act. Hack a school system or some fast food chain or a city, theres a remote chance you will face legal consequences. Generally speaking.
But I feel like in their shoes i'd be more careful in my targets. Touchy business going after a petrochemical company. Its my understanding those folks have a long history of not playing nice with their detractors in other countries. How much is a contract killing in Russia these days?
Deep State Witch
(10,424 posts)Suckas!
Hekate
(90,645 posts)...in the 2016 election? That the US would respond in a time and manner of our own choosing ?
Clearly he had to wait longer than we ever anticipated, but hes here now. Well done, Joe. Keep up the good work.
Botany
(70,496 posts)BTW I think Joe knows that the Russian Govt. helped out in the hacking of the pipelines
computers but did not want to say so in public. Joe also knows that Russia hacked our
2016 elections and installed Trump and Sen. Johnson too.
JustABozoOnThisBus
(23,338 posts)Maybe Darkside wasn't kicking a respectful share up to the boss.
If the U.S. has that capability, why would we expose it for a "paltry" five million dollar payment? And, the pipeline company may have bought $5M in bitcoin, but it was only worth $3M by the time they could cash it in. Thanks to Jeff Bezos.
HUAJIAO
(2,383 posts)Lovie777
(12,237 posts)that's all? .....................................................................
inwiththenew
(972 posts)Either that or it was designed to look they were hacked to throw off whoever is trying to track them down so that the money is never recovered.
Why else would a criminal organization put out a public statement that they lost money in an illegal act they just engaged in? This would be like the one of the drug cartel putting out a release saying they lost $5 million dollars they were laundering through one of their front companies.
Aussie105
(5,383 posts)If so, too bad, so sad!
But I bet there is more to this story.
roamer65
(36,745 posts)Easy as pie for them.
msfiddlestix
(7,278 posts)I've been practicing all day, first moment checking in on "the news".. very very interesting report.
I've never come across The Record before now, and wonder if other news sites are carrying this story.. I'll check later. Just curious during a quick break.
wryter2000
(46,037 posts)Your government at work
IronLionZion
(45,430 posts)all the articles on this say US officials haven't confirmed what the hacker group has said.
Karma13612
(4,552 posts)WELL DONE!!!
I am more and more worried about these cyberthreats and the consequences to water, power-grids, banking, ?stock market, healthcare institutions, etc.
This is good news!
tanyev
(42,552 posts)Hulk
(6,699 posts)From what I have read, this is a Ponzi scheme that has extremely negative affect on the world financial system as well as clandestine activities.
I know fools who are buying this garbage up, hoping to make their fortune on this dark wealth scheme.
Mysterian
(4,585 posts)These are enemies of the USA.
jrandom421
(1,003 posts)Send them a GPS guided GBU-43 (MOAB), 8500 KG of "Knock Knock, Hackers"
Turbineguy
(37,319 posts)chopped into little pieces by manchette wielding people seeking retribution....
Pluvious
(4,309 posts)Bitcoin is very traceable...
I'm surprised the crooks didn't use one of the untraceable tokens.
The wallet received the 75 BTC payment reportedly made by Colonial Pipeline on May 8, following the cyberattack that led to widespread fuel shortages in the U.S., Elliptic said in its report.
The wallet has been active since early March and has received 57 payments from 21 different wallets, including some matching ransoms known to have been paid to the group in other cases of blackmail, the firm said.
Since becoming active, the wallet has received bitcoin transactions totaling $17.5 million, Elliptic said.
Elliptic also said it has been able to gain intel on how DarkSide laundered prior attacks, potentially allowing authorities to locate the people behind them.
Earlier Friday, KrebsOnSecurity and others reported that the DarkSide group has decided to shut itself down after its own servers were seized and someone drained crypto from an account belonging to the group.
https://www.coindesk.com/bitcoin-wallet-used-by-darkside-for-ransom-payments-idd-by-elliptic
rockfordfile
(8,702 posts)I think Newegg does?