DarkSide Will Be Back, As Russia, China, Iran Create 'Safe Havens' For Hackers

An anonymous reader quotes a report from CNBC: Nation states are serving as safe havens for sophisticated criminal cyber actors and that is leading to an "increased blending of the threat," said John Demers, assistant attorney general at the National Security Division at the Department of Justice, speaking on a CNBC Evolve livestream on Wednesday. He said that is also a reason to believe that DarkSide could be back, or is still operating under a new name.

"When nation states aren't doing their part to investigate and root out hacking activity happening within their borders, then any number of things could have been the answer to ... what happened to the DarkSide infrastructure including that ... they're just off renaming themselves, so we'll see." "Groups like that will come back," he added. "Probably Darkside itself, those actors that comprise that group, will be back if they're not already out there in other forms operating as we're talking about."

Michael Orlando, acting director of the National Counterintelligence and Security Center, said during the CNBC Evolve livestream that ransomware attacks on critical infrastructure rise to the level of national security threat and the "safe haven" aspect is one part of the cybersecurity riddle the government and business world will have to counteract. "We do know that countries like Russia and China, Iran and others certainly create safe havens for criminal hackers as long as they don't conduct attacks against them. But that's a challenge for us that we're going to have to work through as we figure out how to counter ransomware attacks." DarkSide received a total of $90 million in bitcoin ransom payments before shutting down. The hacker group coincidentally lost control of its web servers and some of the funds the day after President Joe Biden announced plans to disrupt the hackers.

DarkSide origin

[ickleberry]

DarkSide started as a Diaspora guild (an old very simple mumorpuger if you don't remember). Then later Xiaspora (Written by Freak Nigh in VB6). Most of the DarkSide crew came from Petrich, Bulgaria

Re:

[andydread]

[Citation Needed]

and the bribe will be keep going up

[Joe_Dragon]

and the bribe will be keep going up

WW3...with a computer.

[Ostracus]

Isn't this what fiction has been warning us about? The internet as the new battleground.

Re:

[Thelasko]

It actually reminds me of privateers in the days of piracy on the high seas [wikipedia.org]. Piracy was illegal in most places. However, one could obtain a license to commit piracy [wikipedia.org] from the government so long as you only attacked targets belonging to foreign adversaries.

It's an interesting grey area. Where the governments aren't doing the attacking, but they allow private individuals to do it with impunity.

If law enforcement was serious

[bobstreo]

A quick drone strike may convince them that there is no such thing as a "safe haven"

You could always drop off a Seal Team or two...

Re:

[Ostracus]

Darn seals are dangerous. [youtu.be]

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[PPH]

Just push a new BGP configuration to the routers facing these haven countries. Problem solved.

Russia? Never heard of them.

Re:

[geekmux]

Why are people still willing to buy the "those are the bad guys" story? I thought we'd have realised by now that when the government scares us with that shit it because they're trying to distract us from the fact that we're being screwed.

Yes, I would agree with this. Gets infuriating when you think "OK, this is the diversion, what is actually going on?" with every government announcement.

That said, statistically the statement is accurate from time to time. Let's stop pretending ransomware is an industry barely turning a profit, and has no financial incentives for the "bad guys".

Re:

[geekmux]

If people were serious, Europe and the US would do what Russia and Iran is doing, and China has done. Make a Great Firewall. This way, one has to be on the nation's soil, or find a way to a machine on the nation's soil to launch attacks, and propaganda gets stopped at the edge.

Sure. And then all you have to worry about, is a Firewall nation having a nice hacking program sponsored by the fucking State, since those are the folks who are looking the other way as it passes right on through their "great" firewalls...

Re: If law enforcement was serious

[Pinky's Brain]

Also ban cryptocurrency.

Re:

[jabuzz]

It's easier allow hackers in the West to keep a percentage of the funds they steal from named groups. Perhaps have them register beforehand with law enforcement. Paint a target on them a mile wide. If they can't make money because they are getting it stolen as fast as they make it and/or they are spending all their time defending it then it will stop.

Re:

[jvbrug]

An idea I have heard mentioned would be for the US to return to issuing Letters of Marque [wikipedia.org]

"Create"?

[Luckyo]

A large portion of hacking activity today comes from former CIS countries and a handful of the poorest Eastern European countries. Largely due to combination of corruption within the police forces coupled with comparatively low income coupled with local criminal underworld offering a solid protection from police even when police get pressure from the foreign nations and actually have to act to show they're doing something.

In Russia, the special feature is that such hackers are hired by the national security people when they are discovered. It's why FBI stopped asking Russian authorities for help in investigating cybercrime. What happened was that FBI would provide details on who the skilled hacker is and what he has done, and then FSB/GRU would contact him and make him an offer he couldn't refuse.

China to my knowledge is a lot more chaotic in this regard, largely due to larger geographic spread of skilled IT personnel compared to Russia. Bitcoin related scammers for example are known to have hubs in remote places like Xinjiang, while most hacking activity tends to be clustered in a handful of West Russian cities in Russia due to how Russian economics work. But I imagine that Chinese NatSec people have a similar program to Russians on hiring such people for NatSec purposes.

Iran might actually be a newer entrant to the field, as they're far less developed than Eastern Europe, Russia or China in terms of their ability to produce top tier talent in the world of cybersecurity. But I imagine that after stuxnet, they made that their priority. Would be interesting to hear from a specialist on Iran on that one.

Re:

[Luckyo]

Israel is pretty much opposite of a "whale". Their primary advantage is their extreme agility in most if not all fields of national security, which is why they can punch above their weight and compete with actual whales like US, Russia and China.

But they don't compete in the same way, because they have neither the numbers of people, nor resources to do so.

Re:

[kot-begemot-uk]

1. Hackers are hired everywhere after discovery if they are good. The Bugtraq gadfly career model did not originate in Russia - it originated in USA.

2. USA is not doing itself any favours by not providing a single shred of evidence to 99% of its accusations and bluntly refusing to participate in international legal cooperation. Despite all the politics, legal cooperation in Europe continues even today. For example Poland extradited a wanted mobster to Russia on Tuesday and they extradited someone to Italy

Re:"Create"?

[Luckyo]

I see why you told me not to look for an answer. This was the result for the first search, and it wholly debunks your point:

https://www.bbc.com/news/uk-15... [bbc.com]

>Figures released in the report show between January 2004 and July 2011, there were 130 requests by the US for people to be extradited from the UK, compared with 54 requests from the UK to the US.

>A total of seven US requests were refused by the UK, compared with none of the UK's requests.

Re:

[jabuzz]

Unless you happen to be an Irish or Algerian terrorist, in which case the answer from the USA was historically "fuck off", though 9/11 changed that equation somewhat.

Re:

[Luckyo]

I'm sorry, I don't care about rapid shifting of goal posts towards a completely different issue with a completely different time frame, considering the history of the previous claim aimed in the same direction and the fact that I literally spent less than a minute on duckduckgo to debunk it.

Re:

[Luckyo]

I take your desperate screeching trying to get off topic and I drink to it.

Re:

[Luckyo]

Projection much?

Re:

[AmiMoJo]

I'm not convinced that Western countries are much better.

Taking the UK as an example, GCHQ might get involved if it's causing an international embarrassment, but beyond that the cops are only really interested in child pornography. All the scams and low level hacks are basically ignored. The police don't understand them, don't have the knowledge or resources to do anything about them, and would really rather prefer you didn't add to their crime stats.

Re:

[Luckyo]

Western countries are not just much better. They're worlds better. When was the last time you heard of a major ransomware attack from one for example?

The reason for this is simply because we have legal systems that actually look for and prosecute people who do that.

Re:

[dowhileor]

They break toys because they don't want you to have what they don't/never will have, it's that simple. It's funny how it's impossible to commit any crime at all in these countries unless the victim is in a western democracy.

Do cybercriminals in Russia pay taxes?

[Required Snark]

Perhaps they even get tax exemptions because they are implementing state policy.

Re:

[BardBollocks]

thanks for the troll modding - seems i hit a nerve ;)

Could've said it in two words

[Ken_g6]

DarkSide is.

If ya can't beat 'em, hire 'em

[mnemotronic]

Elon Musk and Larry Ellison could offer a really nice salary, new identities and a secure location (Lanai), plus a chance to ride on a SpaceX rocket to all the bad guy hackers. Just come work for a different team.

State sponsored terrorism

[BubbaDave]

No different than state sponsored groups bombing a pipeline.
Time for real consequences for those harboring these terrorists.

War or capitulation is coming anyway, it is unavoidable with genocidal terrorist countries like russia, china, and iran, we may as well get on with it.
Saudi arabia too, time for 9/11 payback you pricks.

I think we should send a ballistic non-nuke against a russian pipeline.
Tell them if they take over the ukraine next time it'll be a nuke.

Different Approach Needed

[The Cynical Critic]

The fact that these people are basically untouchable thanks to nation-level sponsorship suggests that a different approach than trying to go after the attackers themselves is desperately needed. In my opinion that approach is to stop them from profiting off their attacks by making it illegal to actually pay their ransoms. Put laws in place and then prosecute executives for doing that if they still do it after the laws are passed. After a few C-suites end up behind bars the message should be fairly loud and

Yet more anti commie agitprop ..

[takionya]

America seems desperate to pick a fight with Russia, China and Iran.