One of the world’s biggest criminal hacking gangs on Tuesday woke up to a startling discovery: Law enforcement, after taking over their main Web site on Monday, were now threatening to reveal their personal details and data about their cybercrime organization.
The group, LockBit, had become notorious in cybercrime circles for using malicious software called ransomware to digitally extort victims, relying on underground marketing campaigns to boost its profile.
At one point, LockBit had promised US$1,000 to anyone who tattooed their logo on themselves, cybersecurity researchers said.
Photo: Handout via Reuters
The group’s ringleader, known by the online moniker “LockBitSupp,” had also become so confident in their own anonymity that they had promised US$10 million to the first person who could find and unmask them, the British National Crime Agency (NCA) said.
The international law enforcement operation, which had posted on the extortion Web site on Monday that it had taken control, on Tuesday said it had re-engineered LockBit’s core online system — mimicking the countdown clock that LockBit used in extortion attempts and posing its own US$10 million challenge, a review of LockBit’s “dark Web” site showed.
The core online system was re-engineered to target the hackers in the same way they had terrorized victims: with an advent calendar-like series of tiles, each marked with a countdown timer that, upon reaching zero, published stolen data.
Across the Web site’s front page, where victim names once stood, law enforcement agencies replaced the text and links with internal data obtained by hacking the hackers themselves.
The resulting display was a smorgasbord of law enforcement action against LockBit, which included indictments, sanctions, a tool with which victims can decrypt their data, and a new countdown with two days left on the clock which asked: “Who is LockBitSupp? The $10 million question.”
Before it was taken down, LockBit’s Web site had displayed an ever-growing gallery of victim organizations that was updated nearly daily. Next to the names were digital clocks showing the number of days left to the deadline given to each organization to provide ransom payment.
In June last year, technology news Web site TechCrunch said that LockBit had targeted Taiwan Semiconductor Manufacturing Co, a month after claiming responsibility for a ransomware attack against a plant in Mexico owned by Taiwan’s Hon Hai Precision Industry Co.
The unique law enforcement operation was the result of a years-long investigation by international police agencies and was designed to undermine the group’s credibility in the criminal underground, officials said.
“LockBit’s affiliates should be very concerned right now, especially as law enforcement continues to make decryptors available to victims,” Mandiant Consulting chief technology officer Charles Carmakal said.
The US has charged two Russian nationals with deploying LockBit ransomware against companies and groups around the world. Police in Poland and Ukraine made two arrests.
Before it was seized by police, LockBit would often publish caches of stolen data from victimized companies that did not pay — such as personal private information of customers, medical records, internal billing data and the communications of internal staff, among other things.
The leaks were intended to harm the reputation of victims and put them in legal jeopardy, netting LockBit more than US$120 million in ransom payments, experts said.
NCA Director-General Graeme Biggar on Tuesday told reporters that the true cost, including money spent by organizations and corporations scrambling to regain access to their networks and the effect on business, could have amounted to losses totaling Additional reporting by staff writer
ELECTION DISTRACTION? When attention shifted away from the fight against the militants to politics, losses and setbacks in the battlefield increased, an analyst said Recent clashes in Somalia’s semi-autonomous Jubaland region are alarming experts, exposing cracks in the country’s federal system and creating an opening for militant group al-Shabaab to gain ground. Following years of conflict, Somalia is a loose federation of five semi-autonomous member states — Puntland, Jubaland, Galmudug, Hirshabelle and South West — that maintain often fractious relations with the central government in the capital, Mogadishu. However, ahead of elections next year, Somalia has sought to assert control over its member states, which security analysts said has created gaps for al-Shabaab infiltration. Last week, two Somalian soldiers were killed in clashes between pro-government forces and
Ten cheetah cubs held in captivity since birth and destined for international wildlife trade markets have been rescued in Somaliland, a breakaway region of Somalia. They were all in stable condition despite all of them having been undernourished and limping due to being tied in captivity for months, said Laurie Marker, founder of the Cheetah Conservation Fund, which is caring for the cubs. One eight-month-old cub was unable to walk after been tied up for six months, while a five-month-old was “very malnourished [a bag of bones], with sores all over her body and full of botfly maggots which are under the
BRUSHED OFF: An ambassador to Australia previously said that Beijing does not see a reason to apologize for its naval exercises and military maneuvers in international areas China set off alarm bells in New Zealand when it dispatched powerful warships on unprecedented missions in the South Pacific without explanation, military documents showed. Beijing has spent years expanding its reach in the southern Pacific Ocean, courting island nations with new hospitals, freshly paved roads and generous offers of climate aid. However, these diplomatic efforts have increasingly been accompanied by more overt displays of military power. Three Chinese warships sailed the Tasman Sea between Australia and New Zealand in February, the first time such a task group had been sighted in those waters. “We have never seen vessels with this capability
‘NO INTEGRITY’: The chief judge expressed concern over how the sentence would be perceived given that military detention is believed to be easier than civilian prison A military court yesterday sentenced a New Zealand soldier to two years’ detention for attempting to spy for a foreign power. The soldier, whose name has been suppressed, admitted to attempted espionage, accessing a computer system for a dishonest purpose and knowingly possessing an objectionable publication. He was ordered into military detention at Burnham Military Camp near Christchurch and would be dismissed from the New Zealand Defence Force at the end of his sentence. His admission and its acceptance by the court marked the first spying conviction in New Zealand’s history. The soldier would be paid at half his previous rate until his dismissal