Tag Archive for: FBI’s

FBI’s Qakbot operation opens door for more botnet takedowns


The FBI’s recent takedown of the QakBot botnet sent shockwaves throughout the cybersecurity community when it was first announced last week. QakBot had become the malware of choice for dozens of hacking groups and ransomware outfits that used it to set the table for devastating attacks.

Since emerging in 2007 as a tool used to attack banks, the malware evolved into one of the most commonly-seen strains in the world, luring an ever-increasing number of machines into its powerful web of compromised devices. Justice Department officials said their access to the botnet’s control panel revealed it was harnessing the power of more than 700,000 machines, including over 200,000 in the U.S. alone.

But almost as interesting as the takedown was the way law enforcement agencies pulled off the disruption.

Senior FBI and Justice Department officials — who called it “the most significant technological and financial operation ever led by the Department of Justice against a botnet” — explained in a briefing that they managed to infiltrate the botnet’s infrastructure and take a range of actions to shut it down.

Using a court order, the law enforcement agencies deployed the botnet’s auto-updating feature against itself to send out a custom application that uninstalled QakBot and disabled the feature on devices in the U.S.

“It’s as if the boss gave the order, ‘leave this workplace and don’t come back,’” said John Hammond, principal security researcher at the cybersecurity intelligence firm Huntress.

Chester Wisniewski, field CTO of applied research at Sophos, said the tactic reminded him of NotPetya, where a software downloader feature was abused by Russian hackers to download malware instead of updates.

“Almost all modern botnets have auto update functionality and if you can gain control of the communications channels you can essentially make them self-destruct,” Wisniewski said. “If we start having success with that though, criminals could start using digital signatures to make this more difficult.”

Other botnets

The FBI and other law enforcement agencies have conducted similar operations in the past to take down botnet networks.

The FBI’s targeting of the…

Source…

I was FBI’s most wanted hacker ‘Mafiaboy’ – I’m now terrified cyber attacks can bring down entire CITIES


A BORED teenager “broke the internet” in one of the most infamous hacking attacks of all time – turning him overnight into one of the world’s most wanted men.

Michael Calce was just 15 when he brought down the biggest sites on the web, became the target of an FBI manhunt, and landed himself in prison.

Michael Calce was the infamous hacker known as 'Mafiaboy'

2

Michael Calce was the infamous hacker known as ‘Mafiaboy’Credit: MICHAEL CALCE
As a 15-year-old he masterminded one of the worst cyberattacks America had ever seen

2

As a 15-year-old he masterminded one of the worst cyberattacks America had ever seenCredit: Getty

The teenager managed to temporarily topple some of the world’s largest websites, including Amazon, eBay and Yahoo!

Now 39-years-old, Michael told The Sun Online how since breaking the internet, he’s spent the rest of his life trying to protect it.

The former hacker turned cybersecurity chief warned the world is not ready for a new terrifying frontier in cyber-warfare, which “scares the living daylights” out of him.

The need for protection of online services is greater than ever, with so many critical services and systems dependent on the tech.

I was a hacker raided by FBI - US is going to throw the book at Pentagon leaker
Inside the internet underworld where nerds are paid thousands to become hackers

He warned that hackers now have the power to weaponize infrastructure against whole populations – something as simple as hacking into a water treatment centre could poison thousands.

“The shock factor of a missile hitting a power grid has an immediate effect,” Calce explains. “A hacker sitting behind a computer and shutting down the grid doesn’t have the same effect, but the reality is the same.”

These current threats, he says, are far more serious than his own “internet breaking” onslaught back in 2000.

Michael’s hack attack caused an estimated $1.2billion worth of damage and landed him in a youth prison for eight months.

But havoc-causing aside, he exposed just how weak and vulnerable those early years of the internet were.

In a little less than a few minutes, a talented kid playing around on his computer had sent America spiralling with the knowledge that a new frontier of warfare had arrived – cyberattacks. 

“Imagine you’re 15 years old, and the president of the United States is talking about you and saying that they’re looking for you,” he tells The Sun Online.

Michael, who went by the online alias of Mafiaboy, had become public enemy number one in North…

Source…

Hacking the Hackers: The FBI’s Takedown of the Hive Ransomware Gang


The FBI is the lead agency tasked with investigating cybercrime, including defending hospitals and health systems from frequent cyberattacks. Hear the dramatic story of their recent takedown of the Hive ransomware gang, whose criminal enterprise threatened patient safety.

View Transcript
 

 

00;00;00;21 – 00;00;24;25
Tom Haederle
Defending hospitals and health systems from frequent cyber attacks is a battle largely fought in the shadows out of the public eye. And when the good guys score a big win, as the FBI recently did with its takedown of a criminal gang whose cyber mischief threaten caregivers and patients, some of the operational details must remain in the shadows. Nonetheless, the following is a great story, with a lesson for cybercriminals everywhere: mess with health care and you will pay.


 

 

00;00;25;04 – 00;01;03;18
Tom Haederle
Welcome to Advancing Health, a podcast from the American Hospital Association. I’m Tom Haederle with AHA Communications, The HIVE Ransomware gang operated by what law enforcement calls a double extortion model. That is, it had two very effective ways to extort money from hospitals and health systems, and if one didn’t work, it would just switch to the other.

00;01;03;29 – 00;01;25;00
Tom Haederle
How the FBI put a stop to this is the subject of today’s podcast. The story is told by an FBI supervisor in charge of the HIVE investigation, in conversation with John Riggi AHA’s national advisor for Cybersecurity and Risk. John knows the FBI in these types of cases well, having spent nearly 30 years at the FBI. John, over to you.

00;01;25;27 – 00;01;50;25
John Riggi
Thanks, Tom. Great to be here again with you and all our listeners. This again is John Riggi, your national advisor for Cybersecurity and Risk. And what a special episode we have today, an exclusive interview with the FBI supervisory special agent Justin Crenshaw, who will be here to give us an inside look at the HIVE ransomware gang takedown.

00;01;51;04 – 00;02;19;08
John Riggi
Really an extraordinary opportunity. And we certainly appreciate Justin and the FBI making themselves available to speak with us about this very, very important takedown concerning this ransomware gang, which had been targeting, among others, hospitals and health systems….

Source…

House lawmakers seek explanation from FBI’s Wray over ransomware response


By Sean Lyngaas, CNN

(CNN) — Leaders of the House Oversight and Reform Committee are questioning the FBI’s handling of a July ransomware attack on a Florida-based IT firm that compromised up to 1,500 businesses.

Reps. Carolyn Maloney, a New York Democrat, and James Comer, a Kentucky Republican, have requested a briefing from FBI Director Christopher Wray after the bureau reportedly withheld a key to decrypt the ransomware for nearly three weeks, potentially costing victims millions of dollars in recovery costs.

“Congress must be fully informed whether the FBI’s strategy and actions are adequately and appropriately addressing” the threat of ransomware to the US economy, Maloney and Comer wrote Wednesday in a letter to Wray that was shared with CNN. The lawmakers said they want to “understand the rationale behind the FBI’s decision to withhold” the key to unlock computers infected by the ransomware.

The FBI has in recent years ramped up resources to address ransomware, with FBI field offices across the country communicating with victim US companies. But a growing chorus of lawmakers wants to know if the bureau is balancing the need to protect victims with the need to disrupt criminal groups based in Eastern Europe and Russia.

Disrupting the hackers

The Washington Post reported last week that the FBI withheld the decryption key as the bureau planned an operation to disrupt the hackers, a Russian-speaking ransomware syndicate known as REvil. That operation never materialized as REvil mysteriously went offline in mid-July, only to reemerge in September.

The Washington Post was first to report on the letter to the FBI.

The July ransomware incident at the IT firm, Kaseya, rippled across the firm’s customer base of small and medium sized businesses as the hackers were able to breach about 50 of Kaseya’s clients and some 800 to 1,5000 customers of those clients.

An FBI spokesperson said the bureau received the letter and referred CNN to Wray’s recent congressional testimony.

In testimony last week in the Senate, Wray…

Source…