US Says It 'Hacked the Hackers' To Bring Down Hive Ransomware Gang (reuters.com) 34
The FBI revealed today that it had shut down the prolific ransomware gang called Hive, "a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands from more than 300 victims," reports Reuters. Slashdot readers wiredmikey and unimind shared the news. From the report: At a news conference, U.S. Attorney General Merrick Garland, FBI Director Christopher Wray, and Deputy U.S. Attorney General Lisa Monaco said government hackers broke into Hive's network and put the gang under surveillance, surreptitiously stealing the digital keys the group used to unlock victim organizations' data. They were then able to alert victims in advance so they could take steps to protect their systems before Hive demanded the payments. "Using lawful means, we hacked the hackers," Monaco told reporters. "We turned the tables on Hive."
News of the takedown first leaked on Thursday morning when Hive's website was replaced with a flashing message that said: "The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware." Hive's servers were also seized by the German Federal Criminal Police and the Dutch National High Tech Crime Unit. The undercover infiltration, which started in July 2022, went undetected by the gang until now.
The Justice Department said that over the years, Hive has targeted more than 1,500 victims in 80 different countries, and has collected more than $100 million in ransomware payments. Although there were no arrests announced on Wednesday, Garland said the investigation was ongoing and one department official told reporters to "stay tuned."
News of the takedown first leaked on Thursday morning when Hive's website was replaced with a flashing message that said: "The Federal Bureau of Investigation seized this site as part of coordinated law enforcement action taken against Hive Ransomware." Hive's servers were also seized by the German Federal Criminal Police and the Dutch National High Tech Crime Unit. The undercover infiltration, which started in July 2022, went undetected by the gang until now.
The Justice Department said that over the years, Hive has targeted more than 1,500 victims in 80 different countries, and has collected more than $100 million in ransomware payments. Although there were no arrests announced on Wednesday, Garland said the investigation was ongoing and one department official told reporters to "stay tuned."
Shutdown but no arrests? (Score:1)
Uh, I hope that means arrests made but just not announced yet. Otherwise those guys are gone never to be seen again.
Re: (Score:1, Funny)
Another staged puppet-show victory by the FBI. Evidence of real-world impact on actual criminals: none [slashdot.org].
Re: (Score:2)
And your evidence for this statement is pointed to other parts of the federal government not following proper security practices. Maybe you could get the FBI to put you on their internal memo list so you'd get the "real" info. Or you can continue to wallow in the post-modern "nothing is real" phobia so taken by those who hate the government.
Re: (Score:1)
Look, this has been happening for years. Government agencies and major corporations falling over left and right to the most laughable intrusions, showing complete technical ineptness that seems to belie their very operation. Meanwhile, every couple years the FBI pipes up with a press release to either sabotage an election or crow about a massive years-long deep-cover spoof job that finally at long last took down some "evil hacker organization" nobody has ever heard of - list of suspects, zero, list of crime
Re: (Score:3)
Uh, I hope that means arrests made but just not announced yet.
The FBI can't "secretly" arrest people. A sealed indictment is a possibility, but that only happens pre-arrest.
Otherwise those guys are gone never to be seen again.
They'll be back in business in a week.
It is unlikely they are operating from America or any friendly country.
What happened to the data? (Score:3)
Re: (Score:2)
Uh, I hope that means arrests made but just not announced yet. Otherwise those guys are gone never to be seen again.
It's almost as if you think the FBI can arrest anybody, anywhere in the world.
Re: (Score:2)
Yeah weird because they don't ever work with other governments or have extradition treaties and those other governments wouldn't want a piece of these guys either and all bad guys only live in unfriendly countries, right?
Got it. We are definitely on the same page, brother!
Re: (Score:2)
Apparently some physical hardware was seized in the EU. That may or may not mean they also have people arrested or at least identified. There may be some short-term lockouts in some countries that allow the respective police instances to keep that information back for a limited time, my guess would be not more than 48h after the actual arrest or so.
Re: must be.... (Score:1)
I guess no explaination for down mod attempted rape? That's ok as I really like the moderation system here and how it actually works. Hint. Not how you want the casual observer to believe it works so. ....carry on!
Hacked the hackers? (Score:3)
Hack the Gibson!
Re: (Score:2)
Re: (Score:1)
omg (Score:2)
Although there were no arrests announced
so they "brought down the gang" and arrested no one? this ai thing is getting out of hand already ...
Re: (Score:2)
Likely the actual perpetrators are located somewhere the FBI has no jurisdiction and has no way to arrest them, so the best they can achieve is to disrupt their operations.
Re: (Score:1)
With tools like extradition treaties, Interpol, etc, that's not as many places as one might think.
Re: omg (Score:1)
Not many, but big places. Good luck extraditing someone from places like China or Russia.
Re: (Score:2)
Good luck extraditing someone from places like China or Russia.
Why would you? You legally can't do anything worse to them than leaving them there.
Re: (Score:1)
a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands
The undercover infiltration, which started in July 2022
If they're normally collecting that much money from their victims, even Russia or China are probably not the worst places to live when you're that rich. It depends on how many people they have to share it between, but still, that is a lot of money.
Re: (Score:2)
That's assuming they're not just government employees, and they get to keep any of it.
lawful means? (Score:1)
"Using lawful means, we hacked the hackers," Monaco told reporters.
I, for one, would like to know the statute under which this was deemed 'lawful.'
Re: (Score:2)
Under the statute of "might makes right". From the reporting here in Europe, some physical hardware was seized, so at least some EU court orders may actually have made part of this legal. I still suspect that some systems got hacked without local court order in the country the system was in and that is clearly a criminal act. Nobody is going to complain though and that is wrong in itself.
Whack a mole (Score:2)
Life in prison if a hospital was attacked (Score:2)
Soviet Russia? (Score:1)
Exaggerated Numbers (Score:2)
a maneuver that allowed the bureau to thwart the group from collecting more than $130 million in ransomware demands from more than 300 victims,"
Let me guess how this was computed: Take all the active ransomware infections and assume each victim pays the ransom 100% in full. Which of course, is never going to be anywhere near that, maybe 10% of victims might actually end up paying the ransom.
But, the FBI loves Attaboys! Much like the DEA would seize a kilo of cocaine and claim its street value was some astronomical number based on selling it in .5gram increments at full retail, the FBI is claiming a number which is not realistic.
Whenever the
Also (Score:2)
"Seized" (Score:2)