[HN Gopher] Justice Dept. recovered most of the ransom for Colon...
___________________________________________________________________
Justice Dept. recovered most of the ransom for Colonial Pipeline
cyber attack
Author : germinalphrase
Score : 11 points
Date : 2021-06-07 21:07 UTC (1 hours ago)
(HTM) web link (www.nytimes.com)
(TXT) w3m dump (www.nytimes.com)
| jimsmart wrote:
| Broken link for me - but the link to NYT in a comment below seems
| to work fine, maybe someone can fix things :)
| thatguy987 wrote:
| I'm trying to figure this out and failing: How was the DOJ able
| to recover these funds?
|
| The article just says
|
| > a magistrate judge in the Northern District of California had
| granted a warrant to seize funds from the wallet earlier in the
| day.
|
| But my understanding is that a judge can't just seize the wallet
| -- you'd need their private key. Anyone know what happened from a
| technical standpoint?
| dragonwriter wrote:
| > But my understanding is that a judge can't just seize the
| wallet -- you'd need their private key. Anyone know what
| happened from a technical standpoint?
|
| The affidavit [0] supporting the warrant details the flow of
| Bitcoin between various addresses and notes that the FBI has
| the private key of the address targeted for seizure, but
| doesn't explain how they got the private key.
|
| [0] linked, along with the warrant and other docs, from the DoJ
| press release: https://www.justice.gov/opa/pr/department-
| justice-seizes-23-...
| BombNullIsland wrote:
| FSB "politely asked" the idiots that did this for the private
| key so that the money could be handed back.
|
| This hack, and the major changes in operations practices that
| it will eventually bring for pipeline, grid and generator
| operators, has done a lot of damage to Russia's ability to
| harm US energy infrastructure during wartime.
| dragonwriter wrote:
| That's an interesting theory and would make sense as a
| defusing move (whether or not they had an ongoing
| relationship with DarkSide), but is there any support for
| this or is it speculation?
| BombNullIsland wrote:
| I reckon that intelligence on all sides knows who the
| ratbags are. May have even bought expoits from some of
| them.
| PretzelPirate wrote:
| This twitter thread has an interesting take based on the
| warrant:
| https://twitter.com/jordanschachtel/status/14019885434933329...
| dragonwriter wrote:
| The twitter thread is a hot mess:
|
| (1) It asks the question "why would they need a warrant if
| they had the private key". The answer is obvious: the same
| reason they'd need a warrant to seize cash from your house
| even if they had your front door key. Legally, the FBI needs
| a warrant to seize property in your possession, outside of
| very narrow exceptions, and "well, we have the technical
| capability to take it" doesn't itself qualify for any
| exception.
|
| (2) It concludes from a warrant and supporting affidavit that
| explicitly ask the court to permit the FBI to seize BTC to
| which thet have the private key that...the FBI did not have
| the private key, but instead was serving the warrant on a
| "custodial wallet provider" like Coinbase. It it possible the
| wallet seized was custodial, but there is literally nothing
| supporting this interpretation of the FBI not actually having
| the private key ut serving the warrant on a third party
| rather than seizing it by use of the key in their possession.
| In fact, every element of that narrative is directly
| contradicted by the documents pointed to to support it.
| BombNullIsland wrote:
| nm
| dragonwriter wrote:
| > This is a common LEO practice called "parallel
| construction" that is used when they don't want to tell
| you how they actually acquired evidence.
|
| Aside from "if it was parallel cobstruction, the
| documents obviously wouldn't reflect it" (which is true
| but not _evidence_ ), what os the evidence of parallel
| cobstruction here?
|
| > There are three ways they have the key:
|
| There are a lot more than your three:
|
| > 1. A non-FBI intelligence agency hacked a computer
| containing the private key.
|
| > 2. A US intelligence agency physically beat it out of
| an American.
|
| > 3. A non-US intelligence agency physically beat it out
| of a non-American.
|
| 1a. remove non- before FBI in 1. 2a/3a. Swap US and non-
| US in 2/3 (US intelligence agencies operate abroad and
| vice versa). 4. An agent of US intelligence infiltrated
| DarkSide and got access to the key without beating it out
| of anyone. 5. #4, but An agent of non-US intelligence did
| the same. The sponsoring nation provided the info to the
| US for foreign relations reasons. 6. A foreign
| intelligence service had contact with DarkSide and, for
| reasons, requested (likely with additional threat or
| inducement, express or implied) the information and that
| the funds be left there, and provided it to the FBI. ...
| dkdk8283 wrote:
| I get 404. Has the article been retracted?
| thatguy987 wrote:
| Looks like it may have moved here? Not sure.
|
| https://www.nytimes.com/2021/06/07/us/politics/justice-depar...
|
| Especially weird because this link is under "politics"
___________________________________________________________________
(page generated 2021-06-07 23:03 UTC)