Matt Burgess reports:
Russian cybercriminals are almost untouchable. For years, hackers based in the country have launched devastating ransomware attacks against hospitals, critical infrastructure, and businesses, causing billions in losses. But they’re out of reach of Western law enforcement and largely ignored by the Russian authorities. When police do take the criminals’ servers and websites offline, they’re often back hacking within weeks.
Now investigators are increasingly adding a new dimension to their disruption playbook: messing with cybercriminals’ minds. To put it bluntly, they’re trolling the hackers.
In recent months, Western law enforcement officials have turned to psychological measures as an added way to slow down Russian hackers and cut to the heart of the sweeping cybercrime ecosystem. These nascent psyops include efforts to erode the limited trust the criminals have in each other, driving subtle wedges between fragile hacker egos, and sending offenders personalized messages showing they’re being watched.
Read more at WIRED.
Comments by DataBreaches
The article is timely, especially in light of BreachForum’s recent but short-lived takedown. Law enforcement seemed to encounter some difficulties in keeping control of the domain. As of this morning, BreachForums is back online and accepting new registrations and posts. If this was just a psyops operation, it may have unnerved a few people, but overall, how successful was this? The forum is not a honeypot at this point (unless ShinyHunters’ account was taken over or ShinyHunters became a federal agent). Can law enforcement seize BreachForums again? It seems likely. But given that CloudFlare canceled coverage, the forum is also vulnerable to DDoS attacks if law enforcement wants to disrupt it that way.
Can law enforcement say, “Oh, well, we just want ShinyHunters to think they got away with something so they take more risks?” Possibly, but….?
That said, DataBreaches is aware of at least one individual who was so scared by law enforcement’s personalized message that they followed up with law enforcement. DataBreaches is also aware of a few others who, in the past year, have decided that it was time for them to get out of cybercrime and who reached out to law enforcement to see if they could make some deal. So there is some evidence that what law enforcement is doing is having some effect on some individuals.
Over on Infosec.exchange, @cR0w commented:
The Wired article on LEAs using PSYOPS tactics is cool and all, but the feds should not be lauded for transitioning to the long game while their failure to implement physical disruption has directly enabled continued #ransomware attacks on hospitals and utilities. “Trolling” while people die is not a sufficient response.
DataBreaches would add that it’s not just ransomware. Law enforcement does not seem to have any effective or disruptive response to DDoS attacks.
People can also die when threat actors hit hospitals or critical infrastructure with powerful and sustained attacks. DataBreaches has been in contact with the FBI since the attacks on this site first began in March. To date, they have done nothing really helpful other than commiserating. If the same DDoSer hits a hospital with the power of the botnet being used against this site, what will law enforcement do then?