Business

How the FBI Regains the Colonial Pipeline Ransom

After payment by Colonial Pipeline on May 8th Cryptocurrency of about $ 4.4 million The Federal Bureau of Investigation has tracked digital money against hackers holding computer systems hostage.

For the next 19 days, court records showed that hackers were watching hackers transfer 75 Bitcoins to other digital addresses in a public Bitcoin ledger by a special agent. On May 27, a transfer of approximately 64-bit coins landed on a virtual address accessible to the FBI, providing an opportunity to obtain a warrant and raid.

On Monday, the Justice Ministry said: Regained some of the cryptocurrency, Equivalent to about $ 2.3 million in the colonial first ransom.

According to cybersecurity experts, the operation demonstrates the growing technical capabilities of investigators who disrupt the financial infrastructure that has allowed ransomware gangs to exploit hundreds of millions of dollars from victims. Despite the reputation of cryptocurrencies Media that are difficult to track exchanges Cryptocurrency experts say it can be easier to track than coins such as the US dollar because it helps criminals and other groups operating outside the traditional financial system.

“You can’t hide behind cryptocurrencies,” said Elvis Chan, an assistant special agent in charge of the FBI’s San Francisco bureau’s cyber bureau.

For the past few weeks, senior Biden administration officials have seen ransomware, where criminals lock their data and computer systems and demand payments, as an urgent national security threat. On Wednesday, the CEO of the meat company said $ 11 million ransom Cybercriminals after Hacking led to the closure of a factory that processes about one-fifth of US meat supply.

Monday’s announcement was noteworthy regarding the scale of the recovery and the widespread impact of the first attack on pipeline companies, but recent law enforcement officials have tracked and sometimes seized cryptocurrencies. It has been established.

Flow of funds

Hackers pay ransom to avoid law enforcement, but the Justice Department was able to track and seize cryptocurrencies

1. A hacker breaks in and deploys ransomware.

2. Ransomware can lock your company’s data and cause your computer system and operations to malfunction.

3. The victim receives a message requesting payment for a tool to unlock the data. Hackers share the address of a digital wallet where victims can deposit cryptocurrencies (often Bitcoin).

4. Victims often call cybersecurity companies to negotiate with hackers and confirm their relationship with them. Authorized government or individual. Brokers can convert cash into cryptocurrencies to facilitate transfers.

5. Hackers often transfer funds between wallets to disguise their activities or pay their peers who participated in the hack. Some ransomware gangs use money laundering services to clean up their cryptocurrencies. Hackers convert digital money into hard currencies such as the US dollar on foreign crypto exchanges.

1. A hacker breaks in and deploys ransomware.

2. Ransomware can lock your company’s data and cause your computer system and operations to malfunction.

3. The victim receives a message requesting payment for a tool to unlock the data. Hackers share the address of a digital wallet where victims can deposit cryptocurrencies (often Bitcoin).

4. Victims often call cybersecurity companies to negotiate with hackers and confirm their relationship with them. Authorized government or individual. Brokers can convert cash into cryptocurrencies to facilitate transfers.

5. Hackers often transfer funds between wallets to disguise their activities or pay their peers who participated in the hack. Some ransomware gangs use money laundering services to clean up their cryptocurrencies. Hackers convert digital money into hard currencies such as the US dollar on foreign crypto exchanges.

1. A hacker breaks in and deploys ransomware.

2. Ransomware can lock your company’s data and cause your computer system and operations to malfunction.

3. The victim receives a message requesting payment for a tool to unlock the data. Hackers share the address of a digital wallet where victims can deposit cryptocurrencies (often Bitcoin).

4. Victims often call cybersecurity companies to negotiate with hackers and confirm their relationship with them. Authorized government or individual. Brokers can convert cash into cryptocurrencies to facilitate transfers.

5. Hackers often transfer funds between wallets to disguise their activities or pay their peers who participated in the hack. Some ransomware gangs use money laundering services to clean up their cryptocurrencies. Hackers convert digital money into hard currencies such as the US dollar on foreign crypto exchanges.

1. A hacker breaks in and deploys ransomware.

2. Ransomware can lock your company’s data and cause your computer system and operations to malfunction.

3. The victim receives a message requesting payment for a tool to unlock the data. Hackers share the address of a digital wallet where victims can deposit cryptocurrencies (often Bitcoin).

4. Victims often call cybersecurity companies to negotiate with hackers and confirm their relationship with them. Authorized government or individual. Brokers can convert cash into cryptocurrencies to facilitate transfers.

5. Hackers often transfer funds between wallets to disguise their activities or pay their peers who participated in the hack. Some ransomware gangs use money laundering services to clean up their cryptocurrencies. Hackers convert digital money into hard currencies such as the US dollar on foreign crypto exchanges.

Justice ministry officials said in November that they had seized about $ 1 billion of cryptocurrencies related to the Silk Road online black market. In January, law enforcement officials said the Justice Department had seized more than $ 454,000 of cryptocurrencies from a ransomware group known as NetWalker.

Federal officials released illegal cryptocurrencies operating abroad in August, including foreclosure of accounts and funds associated with the Izz ad-Din al-Kassam brigade, an armed group of al-Qaeda and Palestinian militant groups Hamas. The network was previously dismantled.Agents of the Domestic Revenue Agency have had additional U.S.-based customers or used U.S.-based exchanges to trade for the purpose of funding the Group. Court records show, tracked to Dollar

The FBI has given little detail on how Colonial Pipeline seized some of the cryptocurrencies it paid to DarkSide. However, court records, along with interviews with analysts, explain a wide range of ways investigators tracked funds from pipeline operator vaults to Bitcoin addresses reached by court orders.

Cryptocurrencies are held in a digital account called a wallet. The wallet stores the address of the fund’s virtual locations and the private key (password) to access them. Fiat currencies are transferred personally using bank routing numbers and personal account numbers, while cryptocurrency owners move funds between addresses recorded in public ledgers called blockchains.

Cryptocurrency wallets provide owners with a certain amount of personal privacy and are free from regulatory and tax oversight in some countries. However, because the blockchain is open to the public, law enforcement investigators and outside experts can move funds between addresses through exchanges and online services that allow users to buy, sell and cash their shares. You can see that.

“We have effectively developed a map of hundreds of millions of Bitcoin addresses related to illicit actors around the world,” said David Carlyle, director of policy and regulatory issues at blockchain analytics firm Elliptic.

When ransomware victims transfer cryptocurrencies to hackers, sophisticated criminal groups often distribute money to hundreds of other wallets, Carlyle said. These transfers include profit sharing with related hackers who develop and lend ransomware, transfers to money launderers who clean up fraudulent funds, or attempts to convert cryptocurrencies into fiat currencies.

According to court records filed in the United States District Court for the Northern District of California, the Colonial Pipeline provided investigators with the Bitcoin address that paid the hackers on May 8 and set out to pursue them. According to the hacker, the hacker had transferred funds via at least six more addresses by the next day.

On May 13, Dark Side told affiliates: Servers and other infrastructure confiscatedHowever, I didn’t specify the location or method. On May 27, court records indicate that a total, including a colonial ransom and identified 63.7 Bitcoin, arrived at the final address, and this week the FBI seized some of its funds.

Share your thoughts

Should the government ban companies from paying ransomware to hackers? Why and not? Join the conversation below.

The FBI said in a request for a warrant on Monday that the investigator had the private key for that address. Authorities did not provide details on how the information was obtained, and the spokesman did not provide further comments.

The amount collected by the FBI is likely to be part of a ransom shared with DarkSide’s affiliates, said Pamela Clegg, director of financial research and education at blockchain analytics firm CipherTrace. On May 13, the same day DarkSide claimed the server was seized, the remaining Colonial funds not collected by the FBI were merged with other cryptocurrencies tied to ransom payments and are now about. She added that she was confiscated in a wallet holding 108 Bitcoins. ..

“Everyone is paying attention to whether those funds are being remitted,” Craig said of the wallet.

FBI officials said the method used to recover some of the colonial funds could be used in future cases, such as when hackers attempt to transfer cryptocurrencies through unfriendly foreign jurisdictions. It states that it has sex.

Chan, the FBI’s San Francisco bureau, said:

Cyber ​​attacks and business

Write to David Uberti david.uberti@wsj.com

Copyright © 2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

How the FBI Regains the Colonial Pipeline Ransom

Source link How the FBI Regains the Colonial Pipeline Ransom

Back to top button