The hired gun used a hardware wallet and as long as he did not reveal identity trail along the way of marketing / advertising / promotion and contracting, might get away free and clear this time, but might have some difficulty in using his wallet going forward
the guy who tried to hire the gun was just plain foolish, using a commercial service that connects his bank account to his metaverse persona thinking himself anonymous
Now, here below is a load of rubbish to cover tracks of I am guessing a false-flag operation, because what it describes is neither logically likely nor technologically easy, that a bunch of braves stooped a fast hack midstream and recovered data before on-send
as described, team Russia can prove nothing about mother Russia's innocence
my observation, if Team USA has proof that Russia did it, then attack to retaliate, as would be right, else go back home and re-do homework, because should Russia be attacked, the next hack would not be an inside-job false-flag operation by friendly parties of the usual 3 and 4 alphabets sort
bloomberg.com
Cyber Sleuths Blunted Pipeline Hack, Choked Data Flow to Russia
Jordan Robertson
11 May 2021, 06:25 GMT+8
A small group of private-sector companies, with help from several U.S. agencies, disrupted ongoing cyber-attacks against Colonial Pipeline Co. and more than two dozen other victims, according to people with knowledge of the matter.
Colonial was able to recover some stolen data because of the intervention, which stopped the flow of stolen data headed to Russia -- believed to be the ultimate destination, according to three people involved with or briefed about the investigation into the breach.
The takedown, which occurred on May 8, was enacted by companies that included operators of U.S.-based servers used by the hackers, the people said. The intervention involved the White House, Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and National Security Agency, and shut off key servers used by the hackers, said the people, who requested anonymity because they weren’t authorized to discuss the ongoing investigation.
Colonial was the victim of a ransomware attack last week in which the hackers stole nearly 100 gigabytes of data, a breach that caused the company to shut down operations of the biggest fuel pipeline in the U.S. The hackers were using the servers that were disabled as a repository for storing information before relaying it to computers in Russia, the people said.
But Colonial’s data hadn’t yet been sent, which allowed investigators to retrieve it, the people said.
On Monday, President Joe Biden stopped short of blaming the Kremlin but said “there’s evidence” the hackers or the software they used are “in Russia.”
“They have some responsibility to deal with this,” he told reporters at the White House, after announcing that “my administration will be pursuing a global effort of ransomware attacks.”
Representatives from the White House, FBI, NSA and the Department of Homeland Security, which overseas the Cybersecurity and Infrastructure Security Agency, didn’t immediately respond to a request for comment, nor did the Russian Embassy in Washington.
The takedown represents an unusually swift response to a cyber-attack that’s had an uncommonly large impact, throttling gasoline supplies across the eastern U.S. and threatening a spike in prices.
Besides Colonial, the more than two dozen other victims of the ransomware attacks were across a range of industries, two of the people said. They wouldn’t identify the other victims of the attacks. Reuters previously reported that investigators managed to thwart some of the data theft by taking a cloud server offline and that the server carried data from other ransomware attacks under way.
What to know in techGet insights from reporters around the world in the Fully Charged newsletter.
The White House had pulled together an inter-agency task force to address the breach, including exploring options for lessening the damage, according to an official. Biden can invoke an array of emergency powers to ensure supplies keep flowing to big cities and airports along the East Coast. Alpharetta, Georgia-based Colonial said Monday that it is bringing the Texas-to-New Jersey pipeline back online in stages and intends to have it fully operational by the end of the week.
The FBI confirmed that the attackers used DarkSide ransomware in the attack; others have linked the attack to a ransomware group using the same name. Among the evidence linking the group to Russia is its use of the Russian language and its exclusion of Russian companies as hacking targets, according to cybersecurity experts.
They stole nearly 100 gigabytes of data from Colonial’s network on Thursday before locking up computers with ransomware and demanding payment, Bloomberg reported. Colonial shut down its computer network and the pipeline’s operations while it assessed the damage.
In the aftermath of the takedown, DarkSide issued a statement on the dark web Monday hinting at contrition. “We are apolitical. We do not participate in geopolitics,” the message says. “Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
Before it's here, it's on the Bloomberg Terminal.
LEARN MORE |
