Tag Archive for: troll

After years of losing, it’s finally feds’ turn to troll ransomware group

/in


After years of losing, it’s finally feds’ turn to troll ransomware group

Getty Images

After years of being outmaneuvered by snarky ransomware criminals who tease and brag about each new victim they claim, international authorities finally got their chance to turn the tables, and they aren’t squandering it.

The top-notch trolling came after authorities from the US, UK, and Europol took down most of the infrastructure belonging to Lockbit, a ransomware syndicate that has extorted more than $120 million from thousands of victims around the world. On Tuesday, most of the sites Lockbit uses to shame its victims for being hacked, pressure them into paying, and brag of their hacking prowess began displaying content announcing the takedown. The seized infrastructure also hosted decryptors victims could use to recover their data.

The dark web site Lockbit once used to name and shame victims, displaying entries such as "press releases," "LB Backend Leaks," and "LockbitSupp You've been banned from Lockbit 3.0."
Enlarge / The dark web site Lockbit once used to name and shame victims, displaying entries such as “press releases,” “LB Backend Leaks,” and “LockbitSupp You’ve been banned from Lockbit 3.0.”

this_is_really_bad

Authorities didn’t use the seized name-and-shame site solely for informational purposes. One section that appeared prominently gloated over the extraordinary extent of the system access investigators gained. Several images indicated they had control of /etc/shadow, a Linux file that stores cryptographically hashed passwords. This file, among the most security-sensitive ones in Linux, can be accessed only by a user with root, the highest level of system privileges.

Screenshot showing a folder named
Enlarge / Screenshot showing a folder named “shadow” with hashes for accounts including “root,” “daemon,” “bin,” and “sys.”

Other images demonstrated that investigators also had complete control of the main web panel and the system Lockbit operators used to communicate with affiliates and victims.

Screenshot of a panel used to administer the Lockbit site.
Enlarge / Screenshot of a panel used to administer the Lockbit site.
Screenshot showing chats between a Lockbit affiliate and a victim.
Enlarge / Screenshot showing chats between a Lockbit affiliate and a victim.

The razzing didn’t stop there. File names of the images had titles including: “this_is_really_bad.png,” “oh dear.png,” and “doesnt_look_good.png.” The seized page also teased the upcoming doxing of LockbitSupp, the moniker of the main…

Source…

Russia’s Notorious Troll Farm Disbands

/in


When Yevgeny Prighozin, the head of the notorious mercenary army known as the Wagner Group, staged an aborted coup against the Russian government, his brief revolt led to the deaths of 13 Russian fighter pilots and a serious blow to Vladimir Putin’s sense of invulnerability. Now the fallout of that strange story has also apparently taken another casualty: the most notorious troll farm in the world, known as the Internet Research Agency.

But we’ll get to that. First, Elon Musk is having a tough week. After Twitter’s baffling decision to temporarily limit the number of tweets users can read each day, Mark Zuckerberg sucker-punched the self-sabotaged platform with the launch of Threads. The Instagram-linked microblogging app surged to the top of the app store charts, gaining a staggering 30 million users in 24 hours—a clear sign that many people are willing to ignore Meta’s privacy-invading ways.

If you want to get in on the Threads action but don’t want to share all your data with Meta, there’s a better way: Don’t join. Instead, wait until Threads connects to the broader decentralized social media ecosystem enabled by the ActivityPub protocol, which is also used by Mastodon. It should enable you to interact with Threads without signing up for an account or downloading the app. And if you’re still trying to pick which Twitter alternative to jump on—or just want to see what data each platform collects—we’ve broken down the privacy policies of Threads, Bluesky, Mastodon, and more.

Even if you don’t share your data with Meta, the information about you that’s already out there is likely up for sale. But it’s not just companies buying up your personal details—cops and spies are purchasing that data too. That is, unless the US Congress puts a stop to it. A bipartisan group of lawmakers has submitted an amendment to the National Defense Authorization Act, which Congress must pass each year, that would forbid intelligence agencies from buying sensitive data about Americans. The amendment has to survive a long debate before it can become law, but if Congress keeps it intact, US spies will no longer be able to buy your location data and search histories on the open market.

Finally,…

Source…

Cloudflare rallies the troops to fight off another so-called patent troll – TechCrunch

/in


Nearly four years ago, we wrote about a battle between Cloudflare, the San Francisco-based internet security and performance company, and Blackbird Technologies, a firm that quickly amassed dozens of patents, then began using them to file dozens of patent infringement lawsuits against companies, including Cloudflare.

The suit was typical in every way, except how Cloudflare responded to it. Unlike many targets of similar lawsuits that opt to settle, Cloudflare fought back, asking very publicly for help in locating prior art that would not only invalidate the broad patent that Blackbird was using to sue Cloudflare, but to invalidate all of Blackbird’s patents. The public answered the call, and two years and 275 unique submissions later, the case against Cloudflare was dismissed and Blackbird’s operations were diminished.

One might surmise that given the stink that Cloudflare raised, other patent trolls might choose an easier target. Yet last month, Cloudflare was sued yet again, this time by Sable Networks, a “company that doesn’t appear to have operated a real business in nearly ten years — relying on patents that don’t come close to the nature of our business or the services we provide,” as says Doug Kramer, general counsel of CloudFlare.

Unsurprisingly, Cloudflare isn’t going to take this newest action lying down. This morning, after revealing the lawsuit publicly, it invited the engineering community to again “turn the tables” on patent trolls by inviting them to participate in a crowdsourced effort to find evidence of prior art to invalidate the “ancient, 20-year-old patents” that Cloudlflare says that Sable is is “trying to stretch . . . lightyears beyond what they were meant to cover.”

Cloudflare is also offering a $100,000 bounty to be split among entrants who provide the most useful prior-art references that can be used in challenging the validity of all of Sable’s patents, not just those being asserted against Cloudflare.

The idea is to deal a big enough blow to Sable that not only is its case against Cloudflare hobbled but also future cases against other entities.

“We feel fortunate that we didn’t run into one of these cases…

Source…

A Ransomware Gang Bought Facebook Ads to Troll Its Victim

/in


This week, president Donald Trump continued to contest the results of the United States presidential election, which he lost handily to Joe Biden. But along the way, the Trump campaign’s lawsuits and other offensives have inadvertently demonstrated just how free of fraud the election was.

We also took a deep dive into the world of Covid-19 apps, which represent a privacy minefield, especially when developers don’t use Apple and Google’s Bluetooth-based protocol. And a former Microsoft engineer was sentenced to nine years in prison for stealing $10 million in store credit from the company.

Elsewhere, we showed you how to stop WhatsApp from hogging so much of your phone’s storage, and how to set up parental controls on all of your accounts. And lastly, if you have some time to set aside this weekend, check out this feature from our December/January issue about the lengths that hackers went to to expose rampant corruption in Brazil.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

Ransomware continues to evolve in all sorts of unpleasant and unexpected ways. The latest spin: The notorious Ragnar Locker gang apparently hacked into a deejay’s Facebook page and took out ads through his account to pressure the Campari Group, a recent victim, to pay up. (Yes, that sentence was a journey!) The ad campaign hit nearly 8,000 Facebook users before it got shut down. The ad itself warned that the hackers would release Campari’s data online if they failed to capitulate. As ransomware groups become increasingly emboldened, expect them to continue showing up in unexpected places—and causing unfathomable damage.

Authorities have warned for months that public health organizations and vaccine developers would be high-value targets for state-sponsored hacking groups. And lo! Microsoft this week revealed that Russia and North Korea have both gone on the offensive, targeting seven researchers and pharmaceutical companies at work on a Covid-19 vaccine. In some cases, they’ve had success, though it’s unclear who the affected companies are to…

Source…