Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

Conti Ransomware Gang Chats Leaked by Pro-Ukraine Member (therecord.media) 27

A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang's internal chats after the group's leaders posted an aggressive pro-Russian message on their official site, on Friday, in the aftermath of Russia's invasion of Ukraine. From a report: The message appears to have rubbed Conti's Ukrainian members the wrong way, and one of them has hacked the gang's internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists and security researchers. Dmitry Smilyanets, a threat intelligence analyst for Recorded Future, who has interacted with the Conti gang in the past, has confirmed the authenticity of the leaked conversations. The leaked data contains 339 JSON files, with each file consisting of a full day's log. Conversations from January 29, 2021, to last February 27, 2022, have been leaked and can be read online here, courtesy of security firm IntelligenceX.
This discussion has been archived. No new comments can be posted.

Conti Ransomware Gang Chats Leaked by Pro-Ukraine Member

Comments Filter:
  • in case you needed proof that cybercriminals are, indeed, mostly idiots... they actually kept logs of their conversations

    • What's the fun of crime if you can't brag about it?

      • Dude, logs or it didn't happen....

      • That's one thing I'll have to the Mafia. For the most part, and with a few notable exceptions, the heads of the families tended to keep a pretty low profile. The name of the game was profit, not lulz. The best leaders are always the ones that attract the least amount of attention.

        • But they all kept two sets of accounting books! One to show law enforcement and one for their own use. You'd think they would just not do accounting, but you sort of have to do it even in an illegal business.

          • But they all kept two sets of accounting books! One to show law enforcement and one for their own use. You'd think they would just not do accounting, but you sort of have to do it even in an illegal business.

            Uh... Who would think they wouldn't do accounting? You think they'd just leave everything in one person's head?

            • I have indeed run across people who wondered why some criminal boss kept the books in his house which he got convicted on.

              So even a ransomware gang is going to keep records. But the vital records weren't leaked, but the chat logs, which is interesting. Probably too busy to change settings on software they're using. Would have been good to just post the unlock keys for all the current victims maybe, or a master key if it existed.

    • You think every time they discuss something it vanishes into a black hole? How would you ever get any work done if after you received an assignment and gathered requirements, all your notes disappeared?
      • A bookie might keep a list of numbers, but they don't keep a literal transcript of every single thing they've said to the other gangsters.

      • Do you remember the character of Paulie (based on Lucchese underboss Paul Vario). Never talked on the phone. Tried his damnedest to leave no real paper trail at all, and he was responsible for a "commercial" enterprise a helluva bigger than anything these guys are running, and with a lot more moving parts. Of course, Vario ultimately died in prison, so even the best criminals can get caught in the end, but still, it suggests that a smart crook doesn't leave a paper trail than someone else can get their hand

    • by znrt ( 2424692 )

      well, i don't know russian but a cursory glance seems to show they did use proper channels for sensitive information, as you would expect. e.g.:
      https://privnote.com/lGK0PzdV#... [privnote.com]

      there is probably some interesting info in the chat, but most of it is probably just that: chatter

      one interesting bit though is that the "privnote" i just posted is one year old, yet the site says "The note with id lGK0PzdV was read and destroyed 18 hours and 11 minutes ago."

      • by edis ( 266347 )

        They coordinate activities and discuss particular next companies to process, also personal payments for job, supply wallet and amount due.

        Most illustrative for me was so far this from the bottom of the first linked log: https://vimeo.com/513049294 [vimeo.com]
        Shows how their things are actually done, and an advertisement.

        Overall, very entertaining reading, thanks a lot.

    • by ugen ( 93902 )

      Perhaps turning on logs was what he "hacked" the server for?

  • Demand Conti pay him all the Bitcoin they hold.
  • Years ago I was on an internal IRC channel with some co-workers when I checked my IRC client's logs for reference.

    My co-worker reacted with minor shock/horror that I was keeping logs of IRC.

    I find it hilarious that a ransomware group kept server side logs of their chats.

    • The amount of crime found on the logs of any corporations messaging logs is insane. This isnt a corportation, there is no value in identiy here, given that it will have the truthyness of online dating.

      Giving those IM systems to Microsoft, Google and the others has been a mistake, and only in the past year have I seen the CIO class scramble towards secure ways do email and IM.... the same way we did in 2014 .
    • The irony of modern electronic storage is that the it is by and large designed to retain information. Heck, when I get a new cell phone, all my texts from the old one come along for the ride, unless I specifically instruct the new phone not to import the data. IT guys are data hoarders. I have emails going back over 20 years, and now there are so many of them I wouldn't even know where to begin trying to delete them. And since storage is so cheap, it hardly seems worth the effort. Mind you, I'm not plotting

      • I do go back and check new feeds. Again nothing profound or enduring. Just stupid flame wars between soc.men vs soc.women, soc.culture.tamil vs soc.culture.indian, ...

        But some naive newbie posts asking for help in comp.lang.c++ and getting polite and useful responses from great professors with great knowledge ...

        Very early version of crowd sourced feedback on merchants. Most airlines would give deep discounts to people buying large blocks of tickets in flights to India back then. So whole eco-system of c

    • The presence of logs or not isn't really relevant. In order to *receive* messages in an XMPP setup, the server has to hold the messages for retrieval by the client. And the client doesn't have a deadline to check in. And further, the client isn't expected to keep its own archive of chats and relies on the server to do that.

      Even if there were no logs, there would still be a database holding the chats.

      They could have set up E2E encrypted messaging. But they probably trusted each other and figured HTTPS wa

  • Just rm -rf / the servers and devel machines and give us the names and GPS coords and account numbers of the leaders. Thanks
  • by OpenGLFan ( 56206 ) on Monday February 28, 2022 @02:39PM (#62312535) Homepage

    You know, I thought these ransomware hackers were pretty all right guys. But now that I find out that they're pro-Russian -- I must say, I don't care for them one bit.

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Working...