EFFECTED USERS: Everyone who uses computers.
Hair of fire 5 of 5
SUMMARY: Cyber war is a new type of warfare, and you and your business really are involved.
Obviously, Criminals like to get paid, but don’t like to be prosecuted
Lots of types of crimes; let’s talk specifically about Extortion and Ransom
In the beginning, there was cash. Criminals could not use other electronic forms of payments for extortion or ransom (credit cards, wire transfers, etc) because it would be easier for authorities to prosecute them (criminals don’t like to be prosecuted) *and* the actual funds could be seized though legal means like court orders, and working with the governments of friendly countries.
The problem with cash: it’s a physical object. The criminal needs to find a way to get the victim to transport and hand-off the cash without the criminal getting caught, meaning the criminal and the victim needed to at some point be in the same place, even if at different times – – reference the plot of a few hundred Hollywood movies and (probably) tens of thousands of FBI files.
Along came Bitcoin and other cryptocurrencies…This changed everything. Cryptocurrencies are based on a key, (or a long string of alphanumeric characters). Cryptocurrencies are *not based on a user identity (like a bank account or a credit card.
For the first time, criminals could use an electronic form of payment *without* being in the same place as the victim. This changed everything, and gave rise to ransomware (define ransomware).
But the other thing about Bitcoin and cryptocurrencies is that all transactions are ‘public’ – can see all Tx for each account. So, if the criminal ever wants to convert their Bitcoin into cash, that could be traceable event. (Criminal like to get paid.)
So, law enforcement carefully traces payments to a bitcoitn (or other) crypto account, and waits for funds to get to a place where they can seize it. That was largely theoretical until this week.
You may have heard of the Colonial pipeline ransomware attack….
Fuel shortages at Charlotte Douglas International Airport caused by the pipeline shutdown, American Airlines changed flight schedules temporarily. At least two flights (to Honolulu and London) had fuel stops or plane changes added to their schedules for a four-day period. The shortage also required Hartsfield–Jackson Atlanta International Airport to use other fuel suppliers, and there are at least five other airports directly serviced by the pipeline.
In the Colonial case, investigators were able to track multiple transfers of bitcoin by reviewing a public ledger, according to court documents. The transfers represented payments made by Colonial that had been transferred to an “address” whose password or “private key” was known to the FBI, which then recovered the money.
This changes everything…
Here with me today to talk about this is:
Konstantine Zuckerman is the CEO CYBRI a New York-based cybersecurity company focused on Red-Team penetration testing to help small and medium-sized enterprise (SME) detect critical vulnerabilities in their systems and networks.
Q: Why would criminals target Colonial Pipeline?
If you are the victim of ransomware, go to: https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
CYBRI Facebook: https://www.facebook.com/CYBRI/