The bluff (perhaps) behind the blocking of DarkSide hacker servers
DarkSide hackers said they lost control of their servers. But it could be a clever ruse. The analysis by Umberto Rapetto, director of Infosecnews
What goes around comes around. Within twenty-four hours of Biden's declaration of war on the cyber front, hackers – who had blocked Colonial Pipeline systems and caused half of America's fuel pumps to dry out – were "accidentally" electrocuted.
The criminal group Darkside has announced that it has totally lost control of their servers and that they no longer find themselves the loot of the many digital incursions which – by unduly encrypting the data of an infinite number of computers around the world – had allowed them to collect substantial ransoms ( the "ransom" that labels the type of malware used).
The bandits saw the blog with which they advertised their misdeeds fell silent, paralyze the telematic infrastructure that constituted the "gunboat" from which harmful instructions were fired, empty the virtual "pockets" in which they kept mountains of bitcoin like Scrooge Scrooge struggling with the dollars in his deposit.
The event, to say the least epochal, is the demonstration of the seriousness of the Executive Order of the US President and above all of the extraordinary reactivity of the stars and stripes cyber war machine.
The "confession" of "Darksupp", spokesman for the aggregation of criminals that has long been terrorizing the planet, surprised all the insiders and seems to be the first positive sign on a battlefield in which hackers have so far largely dominated the stage of conflict.
ARE OURS ARRIVING?
What would have happened (the conditional is a must) has the vague flavor of stories with a happy ending, with the "good guys" who turn the situation upside down, manage to restore order, restore serenity to the people who have witnessed a dramatic attack on everyday life that has allowed the community to understand the real weight of technological vulnerabilities.
The evanescence of the "hacker danger" took shape with the blockade of the massive US oil pipeline and, when so many petrol stations ran dry, even the most distracted motorists were able to touch the tragic nature of certain pitfalls up to that moment without connotations within everyone's reach.
The digital assault on the Colonial Pipeline was the straw that broke the camel's back.
Joe Biden said "We do not believe that the Russian government was involved in this attack, but we have strong reasons to believe that the criminals who carried out the attack live in Russia."
If the diplomatic conflict with Moscow is cleared, there remains the anxiety for the fragility of the world which is increasingly “connected” and “network-dependent”. There is a growing fear of an invisible war that could have difficult consequences even to imagine.
Darkside reported that the cryptocurrency funds (accumulated "laboriously" with a myriad of ransomware attacks) are no longer available, magically volatilized by no known "fortuitous" external intervention that led to their transfer to an unknown destination.
During a press conference on Thursday, Joe Biden said he was in direct communication with the Kremlin on the imperative for the countries responsible to take decisive action against these ransomware networks. On that occasion the President had prophetically asserted "We are also going to pursue a measure to interrupt their ability to operate".
WHAT IF IT WAS A MAKEUP?
Remembering a vintage politician, thinking badly makes you sin, but you could be right….
Darkside's dismayed announcement could be a witty ruse. The hacker group may have simulated the sinking of their pirate vessel to leave the scene after the Executive Order.
For what reason? Simple. Throwing a bin at their affiliates, avoiding sharing the accumulated loot with their associates. The network of criminals who collaborated in the many misdeeds would be screwed up by the alleged disappearance of the Darkside safe….
A LAST CONSIDERATION
The suggestive hypothesis of the possible comfortable escape of the bandits should not distract us.
In spite of Ennio Flaiano, the situation is not only serious but also incredibly serious and does not concern only the United States.
Every day in Italy, companies, institutions and large organizations find themselves crippled by ransomware that make archives and applications unusable. Despite not being talked about, the spread is almost endemic and the recent case of the Banca di Credito Cooperativo di Roma is just one example.
Ask "what are you doing?" it is legitimate. To give a true answer would simply be a duty.
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/mondo/il-bluff-forse-dietro-al-blocco-dei-server-degli-hacker-darkside/ on Sun, 16 May 2021 18:15:18 +0000.