« prev   random   next »

2
0

California Bitcoin exchange proves to be weak point for amateur Colonial Pipeline hackers

By Patrick follow Patrick   2021 Jun 7, 5:29pm 138 views   7 comments   watch   nsfw   quote   share    


https://dossier.substack.com/p/the-colonial-pipeline-hack-the-russians?token=patrick.net

Top Department of Justice officials claimed to strike a major blow against the culprits of the Colonial Pipeline cyber ransomware attack Monday, announcing that they had seized almost all of the funds paid to the hacking group responsible for facilitating the hack. ...

Now, here’s where things get weird:

In their triumphant statements this morning, the DOJ claimed to have seized the funds from the hackers...

Now, the DOJ does appear to have secured the funds, but not in the fashion that it is being advertised by federal officials and widely reported in the corporate press. ...

A DOJ warrant from Monday morning gives us much more detail about how the government actually secured the bitcoin funds. They did so by putting legal pressure on a bitcoin wallet or exchange that had servers in Northern California. Yes, you read that correctly. These alleged Russian hackers did not in fact have custody over their bitcoin. Instead, they were using a custodian for their funds with servers in the United States. Using a custodian for your funds instead of maintaining possession of them is a very basic error, especially for an allegedly sophisticated hacking gang. Given that bitcoin transactions are publicly available, it was easy for the feds to track the funds transferred from Colonial to this hacking outfit, as Colonial’s initial transfer to the hackers’ wallet is public information. All they had to do was “follow the money,” which amazingly made its way into a U.S. based custodial address.

The latest events surrounding the Colonial Pipeline drama simply do not square with the narratives coming out of the Biden Administration and its stenographers in the corporate press. We were told this much-hyped hacking group of alleged Russians posed a serious threat to our entire critical infrastructure, yet in the same breath happened to have committed a laughably amateurish bitcoin custody faux pas that allowed for the feds to easily take back possession of the ransom funds. ...

In my opinion, this ransomware attack was successful largely due to Colonial’s lack of basic security measures in place. Similar to the notorious DNC emails hack (with the same claimed Russian government culprits), where John Podesta’s password was literally the word password, the hackers succeeded because Colonial had no measures in place to protect themselves. Everything else in the timeline going back to early May seems blown way out of proportion. Despite the claims made by some powerful people in D.C., there is no compelling evidence that this incident was some kind of Kremlin-directed operation to decimate America’s critical infrastructure.

In the end, the Russians and Bitcoin are not the antagonist actors in this story, though the DOJ seems more than happy to promulgate both of these narratives. Once the feds were able to identify that this bitcoin “hot wallet” (as opposed to an offline bitcoin wallet that is controlled by the hackers themselves) was connected to servers in the United States, it became a routine process to seize the funds through legal channels. The real issue is how horrifically poor our infrastructure is protected in this nation, to the point where a cheap ransomware attack by unnamed actors can result in a nationwide energy crisis. The story has nothing to do with U.S. adversaries and digital currencies, but of unbelievable incompetence and neglect on the part of Colonial and our overall security apparatus. It's called critical infrastructure for a reason.
1   Eric Holder   ignore (0)   2021 Jun 7, 5:47pm     ↓ dislike (0)   quote   flag      

At this point I won't be surprised if it turns out it was an inside job.
2   Ceffer   ignore (6)   2021 Jun 7, 6:08pm     ↓ dislike (0)   quote   flag      

Eric Holder says
At this point I won't be surprised if it turns out it was an inside job.

Yup. We are in the era where the burden of proof has flipped from presumptive credibility to 'false flag until proven otherwise'.
3   Eric Holder   ignore (0)   2021 Jun 7, 6:15pm     ↓ dislike (0)   quote   flag      

Ceffer says
Eric Holder says
At this point I won't be surprised if it turns out it was an inside job.

Yup. We are in the era where the burden of proof has flipped from presumptive credibility to 'false flag until proven otherwise'.


I'm thinking more along the lines of an employee(s) deliberately living a backdoor open and then staging the attack to grab some "fuck-you money" from the company.
4   EBGuy   ignore (0)   2021 Jun 7, 7:42pm     ↓ dislike (0)   quote   flag      

One does wonder if the negotiation went something like this.
DOJ: Hi friendly hacker person. I hear you know where the Bitcoin is.
Darkside hacker in Russia: Buzz off you lackey.
DOJ: Please return 85% of ransom. You can keep the remaining as a finders fee.
Darkside hacker: Get bent.
DOJ: There is a drone overhead and CIA has authorized missile launch in the next minute.
Darkside hacker: I just transferred the Bitcoin to a California based custodial account.
DOJ: Thank you. Win-win.
5   Hircus   ignore (0)   2021 Jun 7, 8:39pm     ↓ dislike (0)   quote   flag      

There's a chance the money they seized had already been used as a payment or purchase, and so the current owner didn't suspect the funds were illegitimate, and so saw no problem with keeping the money in an exchange. But also seems likely maybe the hackers just thought it was safe from seizure.

This makes me wonder what clever ways they will come up with in the future to launder crypto. It seems too easy to follow the transaction trail.
6   Misc   ignore (0)   2021 Jun 8, 9:10am     ↓ dislike (0)   quote   flag      

... BUT...BUT...BUT... Russia
7   EBGuy   ignore (0)   2021 Jun 8, 3:00pm     ↓ dislike (0)   quote   flag      

Hircus says
There's a chance the money they seized had already been used as a payment or purchase

That would be pretty funny if it was Tesla's account (and would explain some of Elon Musk's latest musings...)

about   best comments   contact   one year ago   suggestions