[Cryptography] In the latest unexpected ransomware twist ...
Phillip Hallam-Baker
phill at hallambaker.com
Tue Jun 8 19:21:58 EDT 2021
On Tue, Jun 8, 2021 at 6:30 PM Matt Palmer <matt at hezmatt.org> wrote:
> On Mon, Jun 07, 2021 at 06:03:03PM -0400, John Levine wrote:
> > payment, had been transferred to a specific address, for which the FBI
> > has the “private key,”
>
> As someone who collects private keys as a hobby (at pwnedkeys.com), I am
> heart-broken that the FBI will almost certainly never say how they got this
> particular private key.
>
We can exclude some possibilities. It certainly wasn't a big enough win for
Feds to use cryptanalysis of the wallet public key.
Another possibility to exclude is the FBI sent the ransomware.
It seems unlikely that they would have an undercover agent in the group
either.
So that pretty much requires us to focus on endpoint compromise. And note
that they probably have the IP address of the location used to launch the
penetration. And that was probably the work of a drug addled script kiddie
who got lucky rather than someone with brains. So it is not beyond the
bounds of possibility that the feds hacked the machine at the IP location,
broke the machine and snarfed the private key for the wallet.
Another very plausible explanation is that Putin's people were not amused
by the possibility of the US doing some retaliatory hacking in response to
an attack coming from their territory. There might even have been some sort
of 'warning shot' given. Putin's people know the vast majority of the
malefactors in their lands because its a mafia state and Putin's people
have to wet their beaks if they are going to look the other way. And the
money flows up, Putin didn't buy that billion dollar palace from money he
saved from his Presidential salary. So I can well believe that the hackers
had a visitation from Putin's people and were 'gently' persuaded to
disgorge the key.
Colonial Pipeline has totally changed the game for crypto-currencies. They
are calling them criminal-currencies in some places now. Jim Cramer stopped
recommending them a few weeks back and is now saying he just got lucky. I
think we are finally seeing a turning of the tide.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210608/aa9a4cb9/attachment.htm>
More information about the cryptography
mailing list