At a glance.
- DarkSide affiliate's payoff in Colonial Pipeline attack seized.
- Encrypted chat app sting nets more than 800 arrests.
US seizes DarkSide affiliate’s payoff for Colonial hack.
Under a warrant issued by the Northern District of California, the Department of Justice recovered nearly sixty-four of the seventy-five Bitcoins Colonial Pipeline paid DarkSide, the New York Times reports. (SecurityWeek says this sum seemingly represents the affiliate’s proceeds, eighty-five percent of the full ransom.) Justice praised Colonial for rapidly reporting last month’s attack, enabling the Department’s new ransomware division to conduct a “first-of-its kind” operation to grab the cyber gang’s earnings, and put other hoods on notice that their infrastructure is at risk. FBI Deputy Director Paul Abbate warned in a Justice Department announcement, “There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors.”
Ars Technica recounts rumors that Colonial Pipeline paid the ransom at the request of the FBI. Evidence for this theory is the fact that DarkSide’s decryptor was known to be defective, yet Colonial elected to pay, and in Bitcoin no less, in spite of a ten percent upcharge for using the traceable currency. The Bureau had been studying DarkSide for more than a year, CNN notes, probing for “any possible holes in the hackers’ operational or personal security.” Colonial “quietly and quickly” looped in prosecutors and law enforcement following the attack, according to CEO Joseph Blount, and the FBI and Justice Department “were instrumental in helping [the firm] to understand the threat actor and their tactics.” Sydney Morning Herald observes that the perpetrators have yet to be indicted, and will likely never face justice.
Another area of speculation concerns how the FBI obtained the private key to DarkSide’s Bitcoin wallet. BBC News surveys several theories: “Perhaps the key was found on seized servers, or gifted by an angry insider, or handed over by a cooperative company used as part of the criminal infrastructure.”
800 arrested in global sting using FBI-run encrypted messaging service.
A Europol press release details the “biggest ever law enforcement operation against encrypted communication,” dubbed “Operation Trojan Shield,” a joint effort of the US FBI and Drug Enforcement Administration, Australian Federal Police (AFP), Dutch National Police, Swedish Police Authority, and Europol, with assists by authorities in the UK, Canada, Germany, New Zealand, Denmark, Austria, Hungary, Estonia, Finland, Lithuania, and Norway.
The FBI and AFP in 2019 took over encrypted device firm ANOM, eventually gaining access to roughly 27 million messages across 12 thousand devices used by three-hundred gangs in one-hundred countries—and charging a fee for their services, according to BBC News. Two coalitions involving France, Belgium, and the Netherlands took down the EncroChat and Sky ECC encrypted platforms in 2020 and early 2021, fueling a supply crunch, and in the latter case driving criminals into ANOM’s waiting arms.
Vice describes the effort as “a major coup for law enforcement,” a step beyond the usual techniques of cracking messages or shuttering services. Among the assets seized were eight tons of cocaine and nearly $50 million, with more “spin-off operations” yet to come. Europol says the “enhanced intelligence picture” Operation Trojan Shield provided “will support the continued effort in identifying operating high-value criminal targets on a global scale.” NBC notes that more than one-hundred “threats to life” have been thwarted thus far.