I think that the people here speculating about the FBI and private keys are greatly overestimating the competency of these hackers.
While it's possible this it he FBI flexing some muscle that they have a backdoor into bitcoin's hashing algorithm, what seems much more likely (to me) is:
There is a more sophisticated hacking group which created this particular ransomware package. They sell this ransomware package to less sophisticated criminals.
Is it so hard to imagine a scenario where the more advanced creators of this ransomware kit gave instructions to their purchasers on things like private keys, and the end user simply ignored them?
Somebody ignoring a warning when installing a software, and that allowing the FBI to subpeona access to the server where it was running, and grab this private key, seems FAR more likely to me than the FBI having a backdoor into BTC, or this all being a cover spy novel plot, or anything like that.
They just mention they had access to the private key of the account so that makes sense how they got access. If FBI has broken SHA256, then Bitcoin is a done deal. I hope they share how they got access to the private key.
The mining algorithm can just be changed with a hard fork.
The only think that would irrevocably kill Bitcoin is breaking private keys (ie discovering others private keys, or signing transactions without private keys). A fork could not solve it as there'd be no way to prove which coins you actually owned before the fork.
Wrong. IF there exists a general purpose formula (which isn't known yet) for all quantum problems, so secp256k1 is broken, then it would only reduce the complexity sqrt(N), from 2^256 down to 2^128. Which is unsolvable. (source: Stanford cryptography I course on coursera).
AND even if the elliptic curve cryptography of bitcoin is broken, say you can solve it in a year/month/week/day, the fact is most BTC unspent transaction outputs (UTXO's) are scripted "pay to public key hash".
The entity proving ownership of the UTXO needs to show a public key (that is so far unknown ... if they haven't reused this address before), AND this public key needs to hash into the address, AND the signature signed by the private key verified.
So if somebody announced they had solved secp256k1 and could break it in 1 week, your funds are safe. (1) They probably don't know your public key. Relax. And (2) You just wait for the BTC soft fork to support new crypto, then do a transfer to yourself. You transmit your transaction to the mempool (exposing your public key for the first time), and it will be mined in 10-30 minutes. Not enough time for the hackers to monitor the mempool and come up with a valid signature. Then your new UTXO is a different spend script for how to spend it next time using some new unbreakable crypto.
As long as there was some pre warning that such a quantum computer+algorithm was going to become available, Bitcoin would be able to fork, and users would be able to move their funds to quantum proofed (or at least hardened) wallets.
It surely depends on which aspect of SHA they would have broken, but the whole point of Bitcoin is the hash being completely unpredictable and requiring brute force. That's the Work in Proof of Work.
They might be saving for bigger things, however this is a lot more than $3million. It's about holding the US economy hostage, as these will increase in frequency.
Indeed, stopping large-scale oil pipelines means US economy is held hostage, to a degree. Not all of it but some of it. Question is will it increase or not. This FBI action gives us some hope that criminals can be stopped.
Can be stopped? Doesn't sound like this is what happened here, the company paying the ransom is what stopped the hostage. The FBI simply recovered the ransom (and some more), but probably can't cover for the economic damage from the hold-up.
I mean we know the hack wasn’t sophisticated at all. It seems to me the hackers are opportunists, scanning for vulnerabilities and weak VPNs. People are confusing grunt work with sophistication. They would’ve used ransomware against any target that they breached that they thought could pay. Too young or too stupid to think through the consequences.
Thread below indicates what happened is they were incredibly naive and eventually used a US exchange wallet. Just script kiddies really.
Most likely, that is why i'm convinced US will put regulation in place for "green miners" and "clean exchanges" so US based renewable miners are only allowed to sell and bring new clean bitcoins into circulation.
> I think that the people here speculating about the FBI and private keys are greatly overestimating the competency of these hackers.
It's like if some dumbass was beating the crap out of people to steal their money and everyone in the boxing community was suprised that he's not a world class boxer.
It is also possible that criminals made themself look stupid and sacrificed a small part (~70 of 310 BTC) of monthly income to throw FBI a bone, so they can fuck off gracefully.
A "backdoor in bitcoin's hashing algorithm" would not help them recover a private key. "bitcoin's hashing algorithm" is, for PoW, SHA256. The only relevant break for PoW would be a break in preimage resistance; this would allow the attacker to mine blocks faster, which does not allow them to calculate private keys. They could use that to mine an alternate history where the ransomware attack did not occur, but that would of course be immediately obvious.
Preimage attacks tend to be much more rare than collision attacks. MD5 for example still has no publicly known practical preimage attacks.
They seized private key and if it was encrypted/hashed they cracked it. It could've Bitcoin brain wallet and they cracked the actual ASCII password of the wallet.
Hashing is for ensuring data integrity and encryption is for protection of data and information I know it but I meant hashing bitcoin private key with some hashing algorithm in order to conceal it.
Second reply: I saw that you work in applied cryptography and blockchain technology @ Cryptography Services (NCC Group) so you might be familiar with somewhat Grey Hat russian forum InsidePro; back in the day I saw people there requesting Bitcoin private key recovery for their lost private keys or if they encrypted and/or hashed wallet private keys and couldn't recover plaintext anymore and I can say that amateur crackers could recover private keys pretty efficiently and I can only wonder what professional law enforcement agency can do.
If FBI could crack smartphone encryption/protection from multi trillion dollar company I'm speaking about Apple and that terrorist's Iphone then they do pretty much anything.
> amateur crackers could recover private keys pretty efficiently
That's only if the key was derived from a weak password, which allows it to be brute-forced with standard password scanning techniques. If you're even slightly concerned with security you let a computer generate a fully random key using the proper amount of entropy—preferable on an air-gapped system or an HSM (hardware wallet). No one is going to be "recovering" private keys which were generated and handled securely without a very large budget and physical access to the storage medium.
This story makes absolutely no sense at all. The errors present by these hackers are so comical it's simply unbelievable. I'm supposed to believe some elite Russian hacking group keeps their crypto wallets running on a US host where the FBI just logs right in and snatches the private key? I'm starting to entertain the conspiracies that the future of commodities price manipulation is fake ransomware attacks. There needs to be a serious audit of CME derivatives trading. There will come a day when some oil futures trader pays a ransomware group or an employee at a pipeline company and makes billions.
People overestimate criminals. The ones that get caught, especially.
What would you do if you were a foreign intelligence service? Participate in attacks yourself?
No! You would drop hints and supply tools sideways to sloppy groups of idiots enabling them to be destructive, maybe acquiring some funds, and keeping your hands as clean as possible. Then when it comes out that "elite russian hackers" were incompetent idiots, it makes people think the claims of your connection to the crimes are even less likely.
Tricks and disinformation are the name of the game.
If you actually were elite, you would hide and practice and save your actual actions for critical moments and not show your hand for a few million dollars. Or you'd go into security consulting which is a far safer, more profitable, and overall smarter thing to do.
I think it was the RSA hack where the second (and presumed more elite) team had gained access to the first group of hackers and just followed their APTs. Noone really found out about the second group when the story was reported on.
People also underestimate the amount of people trying to commit crimes like this.
If there are millions of people trying to ransomware businesses and hundreds of important businesses with really bad security, depending on how talented the best hackers are - the odds could be quite high you get hacked by a not-so-talented hacker.
Gangs are multiple people, they have higher expenses (can’t go to a normal bank, have to pay off local police, etc.), and the long-term prospects are risky so they need to get rich and find safe places to store the money after laundering it. Plus every so often you get on the wrong side of someone nasty and end up involved in something much riskier or dead.
Even if you’re completely amoral, getting a hefty paycheck, 401k, etc. is going to be appealing to most people with that skill level. It’s not a coincidence that a lot of this happens in places where people have poor career options which makes that more appealing.
Yes, but... if you're in Russia, my understanding is that you really don't have too much to worry about, so long as you only go after targets outside of Russia.
And as long as you're happy with never going outside Russia yourself - I seem to recall a situation some years ago where one culprit was offered a good tech job in the west, and was arrested when arriving at the airport for some scam they did many years ago.
They could also be paid in cash, use that to buy BTC and then lose their wallet. It's a random problem, not related to receiving valid payment for legitimate work.
right, the deployers are not the people creating the tools.
this is a true criminal SaaS, partly because its low risk, high reward for the developers and partly because its a russian funded op that needs to cover its ass in the nature of its attacks on democracy and corporatism.
The Mossad did something dumb like that once. Neckties are not widely worn in Israel, so the photo office that made fake passports had some neckties on hand when taking pictures. But only three different neckties. After a while, some other countries caught on.
I encountered this myself. I was hit by a browse-and-get-owned zero day. I found out one day later from a blog post, where an anonymous person had hacked the command and control server and wiped the hacker's database in a remarkably brief time. Clearly, their skills were not on par.
The responsible vulnerability was in Java applets, which I had disabled for security reasons. But Java secretly re-enabled itself after updating. I kept Java uninstalled for a long time after that.
If you imagine the extremely unlikely scenario where the DOJ put out a statement that anyone in the US who happened to extract money out of persons or companies in Russia would not be prosecuted or hindered by US law enforcement, what sort of people would jump in to try their hand at that. It seems to me it would certainly be an attractive idea for script kiddies to jump on to if they felt it was low/no risk.
> I'm supposed to believe some elite Russian hacking group keeps their crypto wallets running on a US host where the FBI just logs right in and snatches the private key?
What is it that's so implausible? That's just one possible interpretation. I see many possibilities here. Below are some, where "The FBI" loosely refers to the bureau, collaborating agencies and their partners and contractors:
* The FBI has (through active exploitation of hosts/services) gained access to a large number of BTC private keys, which they can utilize if and when they become a point of interest
* The FBI has some channel to index and get access to cryptocurrency wallets/private keys from hosts running on cooperating service providers such as GCP, AWS and Azure.
* The FBI continuously monitors for BTC addresses/public keys and opportunistically bruteforces them looking for weak keys, keeping a catalogue of broken ones and waiting until they become a point of interest
* These coins were sent through some anonymization network/protocol/service and the wallet in question actually has no relationship to the hack at all but just belonged to some clueless user.
I have already been assuming all of the above to be going on and this particular instance could be a result of either.
There is also the more boring explanation that these 64 something BTC was supposedly "tumbled" but not enough, transferred to a centralized exchange and subsequently frozen. It's also important to remember that it's not a single group/entity responsible for the whole chain here. Darkside provides the software and affiliate program, and maybe some servers. The attacks themselves are performed by "partners" (who just pay for access and could be anyone anywhere). Most likely the wallet here was not under control of Darkside ("The Russan elite hacker group") themselves but some affiliate who could be anything from a "lucky" clueless script kiddie and an actual professional who made one stupid mistake along the way.
> The errors present by these hackers are so comical it's simply unbelievable.
True crime stories abound with comical errors (as do plenty of true not-crime stories). As it turns out, real people fuck up in comical ways all the time.
> I'm supposed to believe some elite Russian hacking group keeps their crypto wallets running on a US host where the FBI just logs right in and snatches the private key?
No, you aren't supposed to believe either (a) that DarkSide are an elite group, or (b) any particular narrative about how the FBI got the private key. AFAICT, no one is selling the first claim, and the only people selling narratives about how the FBI got the private key are doing conspiracy-theory-level creative interpretation of documents.
Also completely baffled how the feds got access to the private key and why an elite Russian hacking group would store their crypto on a US based server.
At the same time, the obvious tin foil hat answer of it was the feds who concocked the entire scheme also doesn't add up. If the NSA/CIA was behind it, they would be smart enough to not use a US based server / wallet. That makes the story inconsistent, and brings up the questions I am asking here. Instead, they would just use a clean wallet (preferably out of Russia). I.E. the misdirection and misinformation does not add up if it was an "inside job" by the US government.
"Script kiddies" got their name because 20 years ago any kid could download some code and create a DDoS attack by running a pre-written script. Ransomware hacks seem a bit more sophisticated, even with today's highly modular malware. I think it is an interesting proposal: a fake attack as shown by the disparity in savvy between the attack and the payment, or a really dumb screw up.
EDIT: as "koheripbal" says below, maybe their tumbler is a boob (paraphrased).
> According to FireEye, affiliates are required to pay up to 25% of ransom payments under $500,000, and 10% of any successful extortion attempts over $5 million.
So the ransomware authors might not always be the people collecting the initial payments. Although according to the press release here, it was siezed from the DarkSide group itself? So it's still a bit confusing.
Question really becomes where did that group get the software from? It could be multiple levels of indirection such as people hired to develop the stuff aren't really connected to activities. They might just as well be contractors not so well paid...
> "Script kiddies" got their name because 20 years ago any kid could download some code and create a DDoS attack by running a pre-written script. Ransomware hacks seem a bit more sophisticated, even with today's highly modular malware.
They're downloadable and leased out.
This allows people to focus on choosing targets instead of the entire vertical integration and liability at each step.
Many so called "professionals" are still running operations with 5+ year old distributions that haven't been patched in almost as many years, and servers that people are afraid to reboot. I was once contracted by a company that was literally afraid to have any employees reboot a server because they had no idea how it worked, if it would come back up, and what to do if something didn't restart. They wanted an outside guy to take the blame.
I took the job on the side. It was literally the equivalent of "set up a couple of static web servers with FTP accounts, and move everything over." It was about 8 hours of work and 100 hours of meetings.
I was reading the article in utter confusion too. I personally think it's the authorities trying to save face, as I don't think even a computer-literate high school kid would make these mistakes.
I don’t think it’s an understatement to say that their reach kind of is. If sanctioned the US government could almost certainly 51% attack any given crypto and redirect funds to whoever they want. This isn’t what happened but it’s laughable to think the US government isn’t capable of tracking down the account and seizing coins.
I doubt they could 51% Bitcoin with any sort of haste. Perhaps with a few year plan. Simply put it’s a procurement issue. There are limited ASICS and they are distributed among many operators, mostly foreign. There aren’t massive ASIC stockpiles in the US just waiting to be purchased. A government 51% attack would probably involve doing a private chip run.
> I doubt they could 51% Bitcoin with any sort of haste.
From when they planned for the capacity, probably not. But how do we, at any time, know that hasn’t happened in the past?
> A government 51% attack would probably involve doing a private chip run.
Sure, and when that classified capacity is acquired via, say, the NSA’s black budget, we’ll all know before (or, heck, even after, until they decide to something disruptive with it) they decide to light up the capacity...how?
OTOH, any attack won’t just be to redirect funds, because that can’t be done without broader disruption that would make it pointless for that purpose.
This could have been far downstream from the hackers themselves. They might just have been monitoring the bitcoins and waiting for some to land in one of many addresses for which they have the private key. Presumably FBI is continuously scooping up whatever private keys they can.
Yeah Elliptic and Chainanalysis make all their money by convincing people that all transfers are of the same Ultimate Beneficial Owner until it hits an exchange
As long as the ignorance stays high, they get government contracts
The reason why this story doesn't make sense is because it's most likely a lie.
Think about it for a second.
If they wanted to discourage copycat criminals, the easiest way to do it would be to claim they seized the crypto, right?
But what proof do we have that the feds actually seized anything? Is the bitcoin transaction publicly listed anywhere where we can audit what happened? And even if you see the coins were moved, how do we know it was actually the feds that moved them and not the actual criminals?
I don’t know, I can thing of reasons not to. They want to discourage companies both from lax security standards and from paying ransoms when they get attacked. Not paying them back would provide economic incentive that even if the DOJ is working to combat hacking, they won’t be saving you from your own incompetence.
Not saying that’s what they will do, just that I think it would make sense to me.
Computer security is hard. That's why ransomware attacks exist. It's just as hard for ransomware attackers as for their victims. If they were good at computer security, they'd be working a legitimate job. I find your incredulity strange, it's like hearing about the Valentine's day massacre and being shocked that mobsters could be at the receiving end of a Thompson for once.
>I'm supposed to believe some elite Russian hacking group keeps their crypto wallets running on a US host.
They host their hacking tools and other software close to the victim because if you see your network infrastructure logs linking back to an IP address in Russia or China for example it would immediately rise alarm and suspicion.
It always struck me as improbable that all these high profile (and notoriously hard/impossible to attribute) attacks on “critical infrastructure” or whatever are always instantly and authoritatively pinned (by US authorities) on groups operating in the US’s geopolitical enemies.
You find it improbable that geopolitical enemies tend to be the ones that attack us? Feels like saying "I find it weird that people I insult disproportionately punch me in the face".
I don't disagree, obviously. But the question here is if it's reasonable to find that hackers in countries that we consider to be political enemies disproportionately are the ones hacking us.
There are numerous incentives that, to me, make it not only reasonable but extraordinarily likely.
Plus, recent political history and the kinds of benefits delivered by political actors suggest several things: hacking's taken on a special significance as wielded by state actors, there's a considerable amount of delegation to shall we say less expert practitioners who are only loosely controlled, and there's a great deal of effort put forth to deny ANYTHING of the sort ever goes on, ever ever.
To me all this seems par for the course. There's nothing unusual about any of it. It's what you would expect. It's basically like distributed stochastic terrorism, indirectly/loosely driven by a more capable state actor with specific intent to establish deniability.
Not even plausible deniability. Just some convenient way to say 'Nyet! And we are VERY OFFENDED that you would even suggest such a thing!'.
I think you are assigning too much “us vs them” to the ransomware marketplace.
With ransomware criminals, “us” is the attacker, and “them” is everyone with a computer who might pay. Political boundaries don’t factor in to it at all. It is by nature an anonymous attack, hence the term “ransom”.
It is strange to me that almost all high-profile ransomware attacks that have been publicized in the US are claimed by the FBI to be Russian or Chinese. There are plenty of other countries with greedy criminals that know software, too.
> I think you are assigning too much “us vs them” to the ransomware marketplace.
Attacking things in a foreign jurisdiction is massively appealing from a "what will get me thrown in jail by my own government if things go wrong" perspective. You don't need any political loyalty for that calculation.
The problem is that state-level actors are considerably more sophisticated in their activities than what was seen here. There was a story on HN a while back that can best be summed up as "Defending against this is impossible: Mossad is gonna Mossad and there is nothing you can do about it:
https://news.ycombinator.com/item?id=26591669
When your government greenlights criminal activities against their enemies it helps a lot. Many* cyber criminals act as mercs for hire, and are in fact hired for official government operations against the US.
It's simply not true that political boundaries don't factor in. They're a massive part - most obviously, consider extradition or whether the attacker's government will cooperate with the US.
* I say many, but it's more like "it happens", but it feels important to point out.
I always thought it would be fun, if one had enough pull, to get a Letter of Marque and Reprisal issued to oneself snuck onto one of the giant omnibus bills that nobody in the Congress reads in its entirety before voting on it. It could easily be interpreted to cover cyberprivateering.
It is absolutely trivial for an attacker in the US or anywhere to make their ransomware attack appear to come from Russia (to someone who doesn’t know that).
I don't see how that's relevant to the incentives of foreign enemies attacking us. As I said, there are many. It basically stops being criminal activity.
Do you really think that's not the case, or that that isn't going to considerably skew where these attacks come from?
I think he's making the point that the attributions of "This came from <insert geopolitical enemy here>" are without any evidence. How exactly do you determine that a hack originated in Russia when Russian ips will not hand over their traffic to US authorities? Just because a lot of illicit web traffic originates from Israeli servers, for example, does not mean that it originated in Israel. In reality, our cyber security agencies have no idea where these guys are coming from: it COULD very well be from Russia, sure, but it could also be from your neighbor next door who vpn'd in through a chain of servers starting in france and ending in mali.
> I think he's making the point that the attributions of "This came from <insert geopolitical enemy here>" are without any evidence.
Badly, I guess, because no one has mentioned evidence or a lack of evidence anywhere in the thread.
> How exactly do you determine that a hack originated in Russia when Russian ips will not hand over their traffic to US authorities?
There are a lot of different ways. GEOIP is just one method. Examining the artifacts for code-reuse from other malware is another big one. Looking at the types of attacks is another ie: "this malware uses these techniques, and these are favored by groups 1,2,3".
There's a lot more to it than that, and not all of it is public. I've seen attribution done through backdoor channels that were not strictly legal.
> In reality, our cyber security agencies have no idea where these guys are coming from
That might be easier to believe if these ransomware strains didn't do things like automatically disable themselves on computers with Russian language support installed.
Yes, nobody in the west using a compromised russian box for c&c would ever put such code in their ransomware payload. That would obfuscate its origin, and we all know criminals aren't clever enough for that sort of thing.
There can only be one explanation: russian hackers operating with Putin's tacit approval. Us in the west should add this to the mounting pile of "evidence" supporting going into another cold war, because that will surely improve the entire situation. Attributing the unattributable to our preconceived enemies to escalate a conflict always ends well.
Snark aside, on a technical, factual level, this simply isn't evidence of origin, not even a little bit. "russian hackers" is such a tired punchline now that if I, being in the west, were to suddenly jump the fence after 3 decades and choose A Life Of Crime, using russian configuration file names, UTC+3 daytime operating hours, russian-hosted c&c IPs (or, better yet, russia-controlled but plausibly deniable ones like belarus or kazakhstan), and silly stuff like skipping infection of ru-locale machines would be obvious things I would be doing to fuel this existing narrative sailwind. It's utterly silly to think that this in any way suggests origin.
Exactly, people do not understand how trivially easy it is to completely halt US investigations into internet traffic origins just by pivoting off of a box in a country which doesn't hand over its ip logs to the United States. I would imagine that, should you choose to hack a russian target, you would pivot off of an american box (or would the US hand those logs over? I actually think they might even if Russia wouldn't reciprocate).
I think you’re conflating a wide range of things: most attacks aren’t linked to those countries and the ones which are often take time to link. Ransomware attacks have been happening frequently for ages, but most of them don’t reach the level where they’re being classed as infrastructure attacks — they’re gangs of opportunists looking for easy money. You find them in countries like Russia because there are only a few places which don’t cooperate with US/EU law enforcement, especially at the level where someone without powerful backers can rely on it. These guys caught a much bigger fish than they were prepared for and weren’t anywhere close to being prepared for a nation-state to seriously pursue them. Anyone trying this from most other countries would either be caught or much better at staying hidden.
Well, "Russian hackers" doesn't mean, Russian military. If I was a Russian hacker, and didn't want to piss off my own government, I may well consider that my best targets would be my country's political enemies. From what I hear, it might even eventually get you a sweet job with gov.
There are only a few countries which don't extradite cybercriminals to the west and don't prosecute them for foreign attacks - so these few countries are very attractive from which to run such operations; and even for international crime organizations it's good to have the "dirty work" done from such places, where the grunts won't get arrested and be motivated to sell you out for a plea deal.
The problem is you don't even have to run your operation from the country: you just have to pivot off of a box in that country as part of your obfuscation chain. In Cyber Security land, a lot of bad actors originate out of Israel, but that doesn't mean they originated there.
It’s well known that the Kremlin is very hospitable to cyber criminals as long as the stay away from the Soviet bloc. It also just so happens that a country with that sort of reckless policy, has lots of other bad policies which make them an enemy of the US and many other countries…
It’s not a conspiracy. You just have the cause and effect backwards.
I recall seeing on HN lots of descriptions of just how hard it is to maintain strict opsec, or anonymity. Obscurity sometimes is the best security, but these clowns made themselves a big a$$ target for the FBI. Its one thing to be one among hundreds of small-time ransomware attacks, and another to be the one behind shifting the price of oil of the entire southeast US, and to be the subject of thousands of memes about Americans stockpiling gasoline in the backs of their SUVs.
Indeed was just discussing the same thing. Perhaps they simply are tracking if the money goes anywhere or using this as a way to hide their incompetence? Just saying they can do something they really can’t or put a legal hold on that wallet so if any exchange receives it they get fined?
And if they don't send? With electronically stored fiat, the feds can just ask the bank to give them the money right out of their account, and I'm sure the banks would cooperate. With paper cash they can just hold their arm while the SWAT team go on a rampage through their bedsheets for the cash.
What does one do for Bitcoin, short of a hard fork?
How do they get access to the wallet, assuming the dude won't tell them? With fiat they can do it with force, that's the difference. If the dude won't tell them they have no way to get access to it, other than the $5 wrench.
> If the dude won't tell them they have no way to get access to it, other than the $5 wrench.
This assumes perfect opsec: the guy is unphishable, has a quick-response switch to wipe their computers when their house is raided, etc. They get a lot of people through simple gaps: bust the door down when the target is in the bathroom, grab the unlocked computer in a public setting, etc.
The other big assumption is that the only copy of the key belonged to someone in the gang who is a high-value target. If it’s an exchange, they need to make an official request. Someone offering laundering services or a lower-value person in the gang, the offer is likely going to be offered a plea bargain for cooperating to get bigger fish versus a much longer sentence.
Even if it is the most culpable member of the gang, the prospect of a very long prison sentence versus something shorter is going to weigh heavily — especially if you know that they’re just going to leave you in jail until you give them the key anyway.
If the key is solely located only in the hacker's brain, yes it is out of their reach. Usually, however, if you gain access to the hacker's comp, they'll have it written down somewhere.
I think, at this point, doubting anything the government claims without hard evidence proving their case is the wiser play based on pure pattern recognition.
I have no idea why they censored out parts of the bitcoin addresses as googling the uncensored part and transaction quantities lets you find them on countless sites.
They only seized 69.6 as that's what was transferred to an exchange. It's interesting they split the resulting funds into two addresses. One to presumably return to who paid the ransom and the rest which would be held until whoever is indicted can prove they are not proceeds of crime (lol good luck).
You might find it interesting to know that, irl, I never talk about anything remotely conspiratorial. I live life like a normal person, and talk like this on forums as a hedge.
A private key is not needed if the funds are on an exchange. Apparently there is a warrant to seize property on Northern California so I guess it might be Coinbase.
And yeah... if the crackers sent the funds to an exchange they were comically dumb.
The warrant does not imply that the coins were on an exchange. The warrant only indicates that they needed legal authority to seize coins, wherever they are.
It seem more likely that the FBI/NSA had and gained some access to the gang's infrastructure and seized the money.
Transmitting ransom money to an exchange without any type of tumbler or atomic swapping, that it's not a realistic scenario.
That’s my prediction: these guys are like bike thieves who found out the hard way that they just stole a bike belonging to the police chief and so it’s actually being investigated rather than written off. I don’t think they were remotely prepared for this level of scrutiny.
My thoughts exactly. Isn't the tactic to phish multiple potential victims and then they just get email responses from the victims whose data was caught? From the attackers' perspective they could have accidentally made a big catch instead of "targeted critical national infrastructure".
DarkSide's announcement that they were shutting down said that their servers were compromised and taken offline. Presumably the private key was on the server and the server was hosted on a business that responds to U.S. subpoenas.
The warrant is for a location in Northern California and they needed a warrant to get it.
Use your head man, this means they literally went to a Federal Judge and said "hey we have probable cause that this address is on Coinbase" and the Judge was like "wow that is pretty probable" and then they took the warrant to Coinbase who was like "oh damn that's legit ..... can we squirm out of dealing with this .... no ... oh wow that is our address too, okay here is the private key" and then the FBI transferred it
> The warrant is for a location in Northern California
No, its not.
Its for a particular Bitcoin address for which the FBI had the primary key. The FBI can’t legally seize coins just because it has a private key any more than it can seize physical property because it has a key to a house. It needs a warrant to use the key, which will only be issued with probable cause that the material is subject to seizure.
> Use your head man, this means they literally went to a Federal Judge and said "hey we have probable cause that this address is on Coinbase"
They literally did not; the warrant and supporting affidavit are public (with some redactions), and that is not, even remotely, what they say.
> Transmitting ransom money to an exchange without any type of tumbler or atomic swapping, that it's not a realistic scenario.
Maybe not nowadays, but some time ago, after the possibility of tracing transactions was already well known, criminals were still a) first sending all the ransoms they collected directly from the initial ransom address to one address, linking them b) then sending them to their exchange account. No tumbling or obfuscation whatsoever.
As someone who has been on the receiving end of federal seizure orders for cryptocurrency private keys, they were in my case satisfied by publishing a transfer (signature) to a USG address, not actual disclosure of private key material, despite that being explicitly stated in the order.
I have heard that they have been developing an in-house technical capability and department for this since at least the time period of the Ulbrich arrest and the "first" Silk Road.
I don't understand why so many people are jumping to the conclusion that the FBI broke sha-256.
Theres so many other lower hanging fruit posibilities...
1: they served the server provider with a warrant they provided physical access.
2: their server infra was running vulnerable code for another service.
3. weak passwords / weak security in general
4. they cut a deal with the upstream ransomware providers and were provided with the private key used.
Netsec Twitter's theory is that the attacker(s) had a VPS operating in the US that the FBI was able to access and which contained the key to the wallet where the final payment ended up.
The FBI doesn't need the VPS to be in the United States for that
The FBI specifically has had expanded Congressional authority for like 10 years to operate extraterritorially on cyber matters
FBI agents will show up physically in any country and request cooperation from local municipal police (maybe) to seize electronic property as well as affect arrests in a way compliant with both jurisdictions. Given that private key crypto seizure is consequence free and irrevocable, if the FBI had access to the memory at a foreign data center they could have just taken it without worrying about local procedural nuances.
Using crypto the proper way already shield against this, because you have to assume that you can't trust your own security or the data center operators, let alone the state. The server should only have the Master Public Key[1] for giving a one-time use address and rotating down the index in one of the address trees immediately after any input is received (rotate to a new account upon receipt of funds, new accounts are from an infinite tree of arrays at each node). The mnemonic for the master public key would have been generated offline and never on any device. Moving the funds, whenever one feels like it, can be signed offline and physically handed to a node that will append the signed transaction to the blockchain.
but anyway I'm leaning towards it being a private key on Coinbase that they got a warrant to check for, and it was correct, and they seized those assets
The legal requirements to search a US-hosted VPS might be higher than an extraterritorial one. US servers have rights, and those largely end once they're off US soil. That's why there's any warrant at all.
I am by far no ransomware expert, but it really seems like amateur hour if they were running a Linux based Bitcoin full node using the mainline CLI daemon and client, with a wallet, on some hosting company geographically within the United States. Why would it need to be in the US?
I only know a few criminal hackers, but within that sample their skillset is really niche. They know what they know well, but otherwise they're just trying to solve problems like any engineer.
Kinda like data scientists - they can be masters with a couple of libraries and concepts, but if you have a data science team you also are more or less guaranteed to have a jupyter notebook open to the world, or something along those lines.
The connections need to pass through the US just once in order to give the US a chance to attack it.
Since they created the internet, they have field advantage. It's almost impossible not to use a US based provider, it goes as deep as ipv4 distribution.
> The connections need to pass through the US just once in order to give the US a chance to attack it.
Less than once if the US were, purely hypothetically, to have a well-funded foreign sigint operation that might cooperate with domestic law enforcement on priority issues.
So many questions. Why are they running a bitcoin node on a vps? do they need to make automated payments or something? it's very easy to run a bitcoin node locally, or even airgap the signing keys.
>Based on ... I have probable cause to believe that the aforementioned property may be seized...
Forgive me if this is a dumb question; I have not used a blockchain explorer for anything consequential. Isn't that wallet just the last place it ended up? So, you have chain of custody but does that prove that the owner of that wallet is the "target"?
I think generally speaking, someone in possession of stolen property isn't entitled to keep that property even if they had nothing to do with the theft and had no reason to believe it was stolen. That prevents them from being guilty of a crime - but authorities can still come seize the property without compensating them at all for their loss.
In a way it's similar to getting stuck with counterfeit money. You didn't do anything wrong, but no one is going to just hand you the replacement real money you "deserve" - you just got unlucky.
I am guessing that the key pair generation process was faulty. The FBI found an exploit in a wallet used by the hackers allowing the private key to be predicted. The prefix is bc1,which is uncommon. A few weeks ago there was such a vulnerability with Cake Wallet.
Or they installed malware on the hacker's computers and were able to log the private key as it was generated.
Or the hackers foolishly stored the key pairs on a server
Bitcoin is falling and this news does not help because it shows that some aspect is less secure than previously thought.
bc1 is for bech32 addresses. A feature of the new segwit. Aparently there is a way to predict the private key derived from using multiple times the bc1 address. Details are available here: https://sudonull.com/post/8212-Bitcoin-Pseudo-Random-Number-...
Could it be that bech32 is less secure than thought?
Almost certainly what's not secure is the endpoint, wherever the keys were stored. That shouldn't really be news. The endpoints are always the weakest links in an encrypted channel.
bc1 isn't an uncommon prefix, its a bech32 native segwit address that's been in use for years now (IIRC 1 and 3 are the other prefixes, 1 being the first and most popular and 3 being a backwards compatible segwit address, i.e. non native). Stats: https://txstats.com/dashboard/db/bech32-statistics?orgId=1
faulty key pairs being generated is a well known issue with poorly developed wallets, not with Bitcoin itself. None of the popular wallets have this issue so it doesn't undermine Bitcoin.
I'm wondering if the attackers sent their coins through a mixer, and now some chump with money on coinbase just got his coins jacked b/c he deposited after using a shady mixer.
Can someone explain simply why it is supposed to be so hard to track ransomware bitcoin payments, if all bitcoin transactions are in a shared public ledger?
If the victim pays someone we know which account it goes to, right? Then we know that account is criminal.
If bitcoins move from that account to other accounts we know that accounts that receive them are essentially "hiding stolen goods". So they are criminal accounts as well.
Then at some point they want to get dollars, and FBI can catch them by following where the dollars were sent. No?
>Can someone explain simply why it is supposed to be so hard to track ransomware bitcoin payments, if all bitcoin transactions are in a shared public ledger?
Clearly, it's not. This is a pervasive misconception. Bitcoin is not, and is not even meant to be, private. Even with obfuscation attempts, nearly every ransomware gang has their bitcoin payments fully tracked, as this one did. There is a robust industry of blockchain analytics that pulls in many many millions each year surveilling the bitcoin blockchain. Virtually all exchanges (fiat on and off ramps) collaborate with those analytics companies and require full KYC/AML of their customers, and can thus apply their KYC label data to blockchain metadata.
Bitcoin is not account based: it is based on unspent transaction output sets. UTXOs can be combined with many other UTXOs, combined into one, or split into many. This leaves a large amount of potential for obfuscation strategies such as CoinJoin[^1]. Nearly all of these gangs attempt to use CoinJoin or similar but make small mistakes such as being representative of a large amount of the volume, leaking information through timing, combining their outputs into one, or countless other potential errors, and often a simple "FIFO" strategy can trace flows. Obfuscation is not a robust anonymity strategy, and pseudonymity is not anonymity. To quote Vitalik Buterin, "If your privacy model has a medium anonymity set, it really has a small anonymity set. If your privacy model has a small anonymity set, it has an anonymity set of 1. Only global anonymity sets (eg. as done with ZK-SNARKs) are truly robustly secure."[^2]
Good explanation thanks. I'm only a bit confused now. You say "Bitcoin is not account based". But if we send bitcoin to some address doesn't that address in effect equate to an "account"?
Just like if you put money into my bank-account you will need to know the account-number (i.e. "address") of my bank-account?
Leaving aside services like bitcoin mixers designed to obfuscate the process, I think the usefulness of bitcoin for ransomware is that it allows you to move a big sum of money quickly without verifying your identity and without going through bank checks.
I think you are correct about getting dollars out being the risky part, but this way the criminals will at least have a head start in their race against the FBI.
The FBI doesn't have access to every Bitcoin exchange. There are exchanges in other countries that let you trade anonymously, either into fiat or other cryptocurrencies.
Do those other exchanges have some other type of anonymity mechanism? I guess I could see Monero on Bitcoin as a service, but if it isn't something like that it seems just as pseudoanonymous as regular BTC
I'm guessing the difference was the split of the 75 between different affiliates of the hackers. Maybe the initial hackers get X and the ransomware people get Y, and X+Y = 75. They only recovered one side of that transaction.
They didn't use any tumblers, that's how they got caught.
edit: it says so in the article:
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address
I think tumblers can be traced if they are backfired or monitored. Though perhaps that requires more assumptions than the fact that they were incompetent and didn’t use any.
>As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address
Honest question: what would a backdoored mixer look like? If it had a list of trapdoor addresses (or checked addresses in real-time) and made last-minute transaction changes, say. Would any criminal risk complaining if it identified them? Does the tumbler’s reputation have a mechanism for angry criminal user stories?
The tumblers seem like a centralized chokepoint for criminals trying to launder.
They could also get caught if say, authorities hacked the computers they were using to execute the Bitcoin tumbler "trades" (or whatever the terminology is)... or used similar means to gain access to a list of crypto wallets they owned along with their passwords.
> The Special Prosecutions Section and Asset Forfeiture Unit of the U.S. Attorney’s Office for the Northern District of California is handling the seizure
Hah, of course the DoJ office doing bitcoin investigations is in San Francisco.
Also interesting that they were able to recover only $2.3M out of the $4.4M paid. I wonder if Colonial Pipeline will ever see this money.
tl;dr: The hackers used the same full node wallet more than once, and the FBI was able to narrow in on an IP address because the first relay of the transactions was the same across multiple transactions. This server was in California, which allowed the FBI to seize it.
The warrant isn't proof that the server was in California. That's simply where the FBI field office that is going to access the bitcoin address is based out of.
Rather than the us just "having" the key, could it not be a possibility that they in fact managed to somehow crack it? If any power could surely it's the us right?
Really informative video but this is talking about hashing functions. Private keys are created differently using (some) shared information between the private and public keys. If there was one area I could see the us investing their time and effort since RSA came out it's here. Don't get me wrong, it would be out there if they could crack even one key but like I said, if anyone can it's them.
No. If anyone had the ability to crack bitcoin addresses, they would not spend that technology on something as inconsequential as this. It would be saved for national defense issues
Still stupid. As soon as some entity reveals they have the power to crack one of these algorithms, everyone scrambles to migrate to something orders of magnitude harder. It's a weapon you'd only be able to use for maybe a few weeks or months before all the worthwhile targets immunize themselves against you.
We already have quantum safe asymmetric cryptography, just no incentive to move fast to deploy it.
How would quantum solve any problems here? I thought the benefit of quantum crypto was the ability to send information while detecting eavesdroppers. I don't think quantum computers have outclassed traditional cpus in processing power.
If they FBI did actually crack a private key, it would almost certainly have to be with a top secret, insanely powerful quantum computer that's decades ahead of what is publicly known to exist. The existence of such a computer that could crack bitcoin private keys would also be a powerful tool against every organization on the planet and their ability to maintain secrets.
Bottom line, there are much more useful things you could use this computer for, like cracking all encrypted communications of a foreign power or hacking into their military or financial systems. Using it to crack a single bitcoin key to recover a few million dollars only serves to alert all your adversaries that it's time to upgrade their cryptography.
And who decides when it's time to make the switch? Because it's not a random government. It will most likely be the us putting pressure on technology companies to switch
Well HTTPS isn't used everywhere and governments have decided that banks need to meet an extremely strict set of rules to operate. As much as we'd like to think of the internet as the wild west, it is not.
HTTPS is used almost everywhere. And it's not like a government decrees something and it's done. Laws involve multiple stakeholders, and there are multiple governments which converge on the same decision.
It is correct to state that security best practices are not decided by one entity but rather figured out organically and on a non centralized basis.
Bitcoin keys are ECDSA (secp256k1) keys. The same scheme is used in many other areas of computer security; it would be incredibly foolish for the NSA to reveal an exploit they're sitting on, even indirectly.
Would it really be that foolish though? Could it not be perceived as a show of strength? That's why America stole them back in the first place right? $4m isn't a lot to the company hacked or to the USA. Why go to the trouble of stealing them back at all?
>As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address
does it mean that "tainted" BTC can be seized any time, even if the current holder may have no relation to the original crime?
That's not entirely true. Bitcoin is neither anonymous nor untraceable. governments however can't control it. They can only observe what's happening on the chain. Hope that helps.
The only thing anywhere in the “supporting” documents or diagrams concerning coinbase is that it is shown as the destination of a 0.001 BTC transfer from the address the funds went to.
This is one of several pieces I’ve seen claiming things about Coinbase and embedding documents or other evidence that doesn’t seem to come close to supporting the conclusion.
I’m not saying Coinbase wasn’t used and that that didn't have something to do with the seizure, but its being repeatedly claimed with the same kind of evidence presentation that tends to accompany conspiracy theories.
Don't they mean Putin in an agreement with the Biden administration made Darkside give some money back as a way of easing American public tensions and political fallout ahead of the summit?
I doubt Russia is too crazy about the idea of pipelines=targets. Especially one that doesn't even compete with them. 2x especially the billing! 64% of Russian exports are gas and oil.
LOL... I simply don't believe any of these press releases. For all we know, the government negotiated a deal with the cyber-attackers to create this press release as a way to try to thwart future attacks. Seriously wouldn't put it past them one bit.
Or, maybe something like the FBI knows who's behind it through other means (friendly foreign government, etc.). They contact them and let them know they are going to prosecute to the full extent of the law, long prison sentences. The hackers offer to give the money back in exchange for not being prosecuted, FBI agrees, private key is supplied by hackers.
It's possible they underestimated how serious things would get and got cold feet.
Yes, the countless lawsuits and evidence that the government lies on a consistent basis, especially involving acts of national security. We can pretend the Iraq War never happened based on fake evidence.
While it's possible this it he FBI flexing some muscle that they have a backdoor into bitcoin's hashing algorithm, what seems much more likely (to me) is:
There is a more sophisticated hacking group which created this particular ransomware package. They sell this ransomware package to less sophisticated criminals.
(https://www.theverge.com/2021/5/10/22428996/colonial-pipelin...)
Is it so hard to imagine a scenario where the more advanced creators of this ransomware kit gave instructions to their purchasers on things like private keys, and the end user simply ignored them?
Somebody ignoring a warning when installing a software, and that allowing the FBI to subpeona access to the server where it was running, and grab this private key, seems FAR more likely to me than the FBI having a backdoor into BTC, or this all being a cover spy novel plot, or anything like that.