17
votes
US Department of Justice recovers $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists
Link information
This data is scraped automatically and may be incorrect.
- Title
- Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang
- Published
- Jun 7 2021
- Word count
- 883 words
I have a question about this part:
Regulate.
The US authorities are supposed to enact regulation that forces companies to protect themselves in ways so company lack of cyber security isn't a huge threat to national security.
Security is the primary purpose of a society. Not being able to regulate society effectively to stave off external and internal threats is the most serious failure a government can demonstrate. It's a betrayal of the entire founding purpose of the nation state as a unit.
Regulation with a heavy stick means that adequate cyber security becomes a cost of doing business that's equal for everyone in the market.
That way you don't potentially lose out on competitive power by not gambling that you can get away with poor cyber security.
There needs to be a greater, persistent downside to having inadequate cyber security compared to the cost of having a defensible level of cyber security.
There are definitely some approaches they could take. They're not necessarily good ones, and would have a lot of side effects as well, but if it keeps taking out important services they may need to do something eventually. A lot of the potential methods involve going after the payments, because if companies didn't (or couldn't) pay the ransoms, there would be no motivation for the attackers.
For example, they could crack down on cryptocurrency in general. One of the major factors in the rise of ransomware attacks is that cryptocurrency has created a way to pay a ransom without having to go through the "real" financial system. It's anonymous enough, convenient enough, and can be liquidated easily enough now. Previously, there wasn't really any way to extort millions of dollars from a company and receive the payment safely.
They could also make paying ransoms illegal, with a huge penalty. If a company pays a ransom, fine them so much they go out of business. I'm sure some would still pay the ransom secretly, but it would stop most companies from risking it, and they'd probably make sure they have a good enough backup/disaster-recovery plan that they can actually recover from a ransomware attack and not need to pay the ransom if they get targeted.
Regardless of the preparedness of our private entities, these are foreign attacks against Americans and should be treated as such by our government. Biting back, and making it clear that we are not to be messed with, is one possible avenue.
You probably still expect the police to investigate the robbery of your house even if you left the door unlocked.
From last week: U.S. to give ransomware hacks similar priority as terrorism
The other, less dramatic and political option, is public-private partnerships... like the recently launched Ransomware Task Force, which includes quite a few heavy hitting agencies, institutes, and tech giants.
Can anybody ELI5 how the DOJ can just seize bitcoins, from a technical perspective?
The last section of the article talks about that, under "How did they do it?". That's actually the main reason I linked to this article instead of the official press release, because I think it's the most interesting aspect, and the official announcements didn't explain it.
Thanks!
The DOJ press release in that article said the FBI had the private keys. I'm guessing they were acquired during the seizure of the DarkSide servers or the computer hardware of the person that hired them to target Colonial Pipeline.
The impression I get from the article is that the FBI has already "tapped/bugged" a number of wallets possessed by bad actors. It could be similar to how you can crack passwords on one website and try to use the reversed password hash to try and break into accounts held by the same person on other sites.
So I guess the lesson is if you're going to transfer Bitcoin around from illegal activities you should always use a fresh wallet.