A conviction between ‘dark web’ mafias brought down the group of cybercriminals that attacked the Seville City Council and thousands of entities | Technology

Police notification of intervention on the LockBit access page following the international action against the kidnapping and extortion group last February.HANDOUT (via REUTERS)

The dark web, the dark network hidden from search engines, which conceals the IP (identity of the devices with which one works) and accessible only through specific browsers, is not a world without rules, despite being the platform for computer criminal activities , pedophilia, human trafficking or illegal sale of weapons and drugs. Like all mafias, they have their rules and violating them carries their punishments. The breaking of one of these laws, that of the distribution of money obtained through extortion, has been what has brought down LockBit, the largest kidnapping and blackmail organization. Among the many crimes attributed since its detection in 2019, it took down the website of the Seville City Council, the Port of Lisbon, the California budget office, a children’s hospital in Toronto and thousands of companies. The international police operation against this plot, which has resulted in two detainees in Eastern Europe, was possible after his conviction in the criminal society. The criminal group is now trying to re-emerge.

The National Crime Agency (NCA) of the United Kingdom announced on February 20 that it had “taken control of LockBit services” after infiltrating the mafia network in an operation called Cronus. In coordination with Europol, two people were arrested in Poland and Ukraine and 200 cryptocurrency accounts were confiscated. Four other alleged malicious actors were indicted in the United States.

“This investigation against the world’s most damaging cybercrime group demonstrates that no criminal operation, wherever it is located, and no matter how advanced, is beyond the reach of the agency and our partners. We have hacked to the hackers (hackers); taken control of their infrastructure, obtained their source code and decrypted the keys that will help victims decrypt their systems. As of today (February 20), LockBit is blocked,” says NCA director Graeme Biggar.

The director of the United States Federal Investigation Agency (FBI) shares the euphoria: “The FBI and our partners have successfully disrupted the LockBit criminal ecosystem, which represents one of the variants of ransomware (extortion for the hijacking of computer systems) most prolific in the world.”

Sergey Shaykevich, director of the Check Point Threat Group.
Sergey Shaykevich, director of the Check Point Threat Group.CP

But this international police operation was the end of a process that had already begun in the dark web and that was the initial trigger for the dismantling of the criminal team. As described by Sergey Shaykevich, director of the Check Point Threat Group during a multinational meeting in Vienna (CPX), the origin of the fall was a dispute over the benefits of extortion that was settled in a trial between criminals and an unsuccessful appeal that led to a disappearance sentence. “LockBit was blocked on the forums (of the dark web) and then fell down. It’s a double whammy,” he summarizes.

LockBit, and other similar organizations, use ransomware as a service (RaaS). According to the security company Kasperskyare programs that are accessed through the dark web, like the usual applications of conventional or clean web work environments. “Interested parties leave a deposit to use the programs that are contracted. “Ransom payments are split between the LockBit developer team and the attackers, who receive up to three-quarters of the extortion a week later if the goals have been achieved.”

Shaykevich reports that the dispute that gave rise to the trial against LockBit amounted to 20 million euros. “The reputation in ransomware It is the most important thing,” comments Check Point’s threat chief to explain how a disagreement between criminals led to the fall of a cybercrime giant.

One of the last victims of the group was the Seville City Council, from which LockBit claimed more than one and a half million euros for the recovery of municipal computer systems last September. The Councilor for Digital Transformation, Juan Bueno, said after the kidnapping that the attackers were “of Dutch origin.”

The event and the first attribution of the councilor, which was echoed by many media, showed that the City Council lacked the necessary protection and that the person responsible for Digital Transformation was unaware of LockBit, “the organization of ransomware most prolific in the world”, according to the British Home Secretary, James Cleverly.

“From Holland? No no no. Most are based in Russia. The two arrested in Poland and Ukraine are not the key members, who are in Russia,” says Shaykevich.

This false Dutch origin referred to the location of the last server from which the email with the malicious link that led to the kidnapping originated. These computer systems for data traffic, in the dark web, They are used for successive encryption that prevents tracking. According to the NCA, the operation Cronus This has led to the dismantling of 28 LockBit servers.

Possible revival

However, the trial on the dark internet and the subsequent international police operation does not imply the end of the entire LockBit infrastructure, which aspires to continue in the market for kidnapping and extortion attacks because they represent, according to Shaykevich estimates, more than 200 million euros of income each year.

An alleged person responsible for the group has stated in a statement that the police intervention has been possible due to a “vulnerability in the PHP programming language.” This name refers to the open source Hypertext Preprocessor system, common in web page development. “All other servers with backup blogs that did not have PHP installed have not been affected and will continue to deliver stolen data from the attacked companies,” the alleged claim states in English and Russian. hacker.

Security companies have already detected these attempts at recomposition, but question the viability of continuing with the same name after the criminal reputation crisis generated by the dispute in the dark web and after having shown a vulnerability exploited by the international police. “As long as people are not arrested, they will most likely change and build a new organization with a new name. But the step that has been taken is important and shows that law enforcement operates and that you can be punished,” explains Shaykevich.

Christopher Asher Wray, director of the FBI, agrees: “This operation (Cronus) demonstrates both our ability and our commitment to defend cybersecurity against any malicious actor seeking to affect our way of life. “We will continue to work with our national and international allies to identify, disrupt and deter cyber threats, and to hold perpetrators accountable.”

You can follow The USA Print in Facebook and x or sign up here to receive our weekly newsletter.

Subscribe to continue reading

Read without limits


Our Free Online Tools

Instagram Hashtags Twitter Trends Youtube Trends Google Trends Amazon Trending Products Age Calculator EMI Calculator Love Calculator Percentage Calculator Margin Calculator

Latest Articles

Popular Article Categories

Related Articles

Bobby Ford, vice president of HP: “Instead of going out looking...

There are not many of them, but it is not difficult to find people trained in philosophy in the senior...
Read more
Adrián, a 15-year-old boy from San Fernando de Henares (Madrid), was offered “free money” at the Plenilunio shopping center. ...
Figure 01 It is the closest prototype to the humanoid that science fiction had anticipated. The robot, which this...
The impact of artificial intelligence (AI) is one of the main topics of debate in Europe. And, in relation...
Journalist Kashmir Hill received a tip in November 2019 that a startup called Clearview AI claimed to be able to...
The European elections on June 9, to which more than 370 million citizens are called, can become fertile ground for...


Please enter your comment!
Please enter your name here