FBI Held Back Ransomware Decryption Key From Businesses To Run Operation Targeting Hackers (washingtonpost.com) 45
An anonymous reader quotes a report from The Washington Post: The FBI refrained for almost three weeks from helping to unlock the computers of hundreds of businesses and institutions hobbled by a major ransomware attack this summer, even though the bureau had secretly obtained the digital key needed to do so, according to several current and former U.S. officials. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs. But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared. The planned takedown never occurred because in mid-July REvil's platform went offline -- without U.S. government intervention -- and the hackers disappeared before the FBI had a chance to execute its plan, according to the current and former officials. The previously unreported episode highlights the trade-offs law enforcement officials face between trying to damage cyber criminal networks and promptly helping the victims of ransomware -- malware that encrypts data on computers, rendering them unusable.
Tradeoffs (Score:2)
Re: (Score:2, Insightful)
Since the FBI is grossly incompetent, you help the ones you can instead of waiting to "catch Mr. Big". This is demonstrated by their incompetence with Carnivore, Whitey Bulger, Kevin Mitnick, and Aaron Swarz. There are *no* successful convictions of computer crime by the FBI in the last 10 years. The convictions for which the FBI take credit were not run by them: they were run by angry non-federal security personnel.
Re: (Score:1, Troll)
Pretty much this. The chances that one of their own didn't tip off REvil is just about 0%. I'm starting to think the FBI itself is a Russian psy-op.
Re: (Score:1)
Yea, this was modded down for trolling but it's not trolling. I'm speaking truth in earnest to try to warn you all. Wake up and start paying attention.
Re: (Score:2)
The FBI is not just incompetent; they are corrupt. That's been the case ever since J. Edgar, and it's still the case. Not everything they do is corrupt, but everything they do is tinged by corruption.
Re:Tradeoffs (Score:4, Insightful)
There was no tradeoff. They sacrificed schools and hospitals and got nothing. Turns out they were a day late and a dollar short.
The winning move was helping schools and hospitals recover. Sadly the FBI chose a different move.
Re:Tradeoffs (Score:4, Insightful)
Re: (Score:2)
We may not know the names of those who died as a consequence, however it appears that ransomware at a hospital can/does lead to increased deaths: https://www.theverge.com/2021/... [theverge.com]
Re: (Score:3)
During the Second World War, after German codes were broken, British intelligence learned there was going to be a major bombing campaign. The issue for the British government is did they do what they could to prevent the attack, or let the bombing happen because the value of not letting the Germans know their code had been cracked was worth the sacrifice. The British government opted for the latter, and thus the devastating bombing of Coventry occurred. Was it right to sacrifice one city for the greater str
Re: (Score:2)
Just for the record, the "Sacrifice of Coventry" story from "The Ultra Secret (1974)" has been been largely discredited by other Ultra participants and by historians.
Re: Tradeoffs (Score:2)
Consider.
Computer Security is the red headed step child of business models
Coventry (Score:3)
In one particular intercepted communication, Bletchley learned of a plan to bomb Coventry, a British city with a significant civilian population. Churchill and the British cabinet w
Re:Coventry (Score:5, Informative)
The Coventry bombing in question was on November 15th 1940, not "the latter stages of WW2". The British did have advanced knowledge of a massive bombing raid, but they did not know where it was going to happen. They knew about the electronic navigation aids used by the Germans but, on that particular night, they jammed the wrong frequency (according to RV Jones who was in charge).
The story about Churchill throwing Coventry under the bus is a myth.
Re: (Score:2)
Actually, breaking the Enigma chippers helped greatly in the war in the Atlantic. The Allies could route convoys around wolf packs helping to ensure vital men and material made it to the UK. Had that not been possible, the Germans U Boot fleet may very well starved the UK out of the war before allied technological advantages and changing tactics enabled by them turned the tide against the U Boots.
It's all in the timing. (Score:5, Insightful)
Could it be that someone tipped off the REvil group about the FBI and that's why they disappeared?
They got tipped off [Re:It's all in the timing.] (Score:4, Insightful)
Could it be that someone tipped off the REvil group about the FBI and that's why they disappeared?
Sure looks like it to me.
Or, possibly they hacked into an account of somebody who was part of the takedown plan and learned about it that way.
Re: (Score:2, Interesting)
One possible step further: someone at the FBI held back the key to give the hackers time to pack up, cover their tracks, and disappear. Someone on the inside working much too closely with WTF was out there playing.
Re: (Score:3)
More like the FBI et al weren't competent enough to move in a timely manner, and weren't competent enough to keep it need to know internally, so before they were even ready information leaked out first internally and then someone tipped off the bad guys (that's Revil for some of you knuckleheads). Or even better, they used it to catch a mole in their own organization (not likely I know). I definitely hope it isn't a mole higher up the food chain. However, it's happened before. But somehow I don't think Rev
Who Are REvil? (Score:4, Interesting)
As long as we keep thinking of “REvil” being some random ransomware gang, “someone tipping them off” remains an interesting if unlikely possibility.
But if you’re willing to consider the possibility that REvil are, in fact, an arms-length unit of a nation-state intelligence service, a service tasked with attacking a political foe, then this becomes a different question. Specifically, what if the hostile nation state currently backing REvil also had intelligence assets within the FBI? Is it possible that such an intelligence asset, given sight of internal reports suggesting that the FBI were moving with determination to tackle ransomware gangs, might suggest that their nation-state-sponsored REvil team “get the heck out of Dodge” before the Sheriff shows up?
Maybe the biggest risk that REvil faced wasn’t so much being caught or extradited, but more a case of being identified with sufficient clarity to prove the relationship between REvil and a state sponsor?
Re: (Score:2)
More likely they hacked the business of somebody who was friendly with Vladimir Putin and that's why they disappeared.
Plausable method ... (Score:4, Interesting)
They could have released the keys saying some Israeli security researcher cracked the key. The REvil group would not have been tipped off that they had been directly compromised.
Given Israeli security firms history of managing to crack encrypted phones and such it would have been very credible.
It also isn't the first time a TLA screwed over the people they were supposed to be serving and protecting for whatever "Greater Good" they wanted to carry out.
Re: Plausable method ... (Score:2)
Real crypto experts wouldn't buy an explanation like that.
Re:Plausable method ... (Score:4, Insightful)
Sure if you wanted to help those victim companies. But then anonymizing the source of the keys means the FBI wouldn't be able to be seen as the rescuers of those companies when it was ready to release the keys.
Re:Plausable method ... (Score:5, Interesting)
I bet they'd disappear faster if they thought Mossad had hacked them than the American FBI.
Re: (Score:2)
Apple told them to go jump in a lake and after telling a Judge that it was essential that they were given the “back door” because there was “no other way” of accessing the device they miraculously found some Israeli company that cracked the phone for them.
I’m not convinced we know the truth of that
Re: (Score:1)
Re:Coventry (Score:5, Informative)
Answer: He did no such thing [wikipedia.org].
And for the bonus round: 568, not thousands.
Thank you students, that concludes today's lesson in "how to distinguish fact from bullshit"
Re: Coventry (Score:2)
Re: (Score:2)
Because he had an ultra-big secret to keep.
to bust heads (Score:2)
Screw protecting anyone, there was an opportunity to bust heads.
Re: to bust heads (Score:2)
Re: (Score:2)
Top.
Men.
FBI should hand out the key (Score:4, Funny)
Then sit down with the victims and instruct them as follows:
Upon subsequent contact from REvil, just thank them for the key and inform them that the cryptocurrency payment was successfully transferred to the alternate address as instructed by their cohorts.
Then sit back and watch them murder each other for double-crossing the leaders.
Re: mole (Score:2)
seems reasonable tradeoff (Score:2)
Yet we trust these same organizations (Score:1)
FBI should arrest the head of MICROS~! (Score:2, Interesting)
Re: (Score:1)
Microsoft plays the same game White Bulger did for decades. Dangle the lure of helping them against "the big crime bosses", turn over a few minor secrets, and get away with murder.
non-paywall link (Score:2)
probably posted already but fuck paywalls
https://arstechnica.com/inform... [arstechnica.com]
Maybe accessing their servers tipped them off? (Score:1)
The FBI (Score:2)