[HN Gopher] 'Operation Endgame' Hits Malware Delivery Platforms
___________________________________________________________________
'Operation Endgame' Hits Malware Delivery Platforms
Author : todsacerdoti
Score : 87 points
Date : 2024-05-30 15:24 UTC (7 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| ck45 wrote:
| Link to press release:
| https://news.ycombinator.com/item?id=40521055
| warkdarrior wrote:
| The surveillance state noose is tightening around the free
| Internet with each action like this.
| eutropia wrote:
| Arresting malware distributors and seizing their domains
| threatens the free internet?
|
| Doesn't allowing near-infinite amounts of scams, fraud, and
| other abuse threaten the free internet far more than arresting
| bad actors?
| mint2 wrote:
| Like seriously, that was like saying that arresting the
| purveyors of contaminated, tainted meat is harming the food
| supply. It's an argument that seems to be intentionally
| reversed in order to destroy logical debate.
| ASalazarMX wrote:
| Could it be that the original commenter is saying state and
| corporate spying gets justified with these kind of
| succesful and positive operations, and this gives states
| the goodwill to push for deeper surveillance, which is then
| used unethically?
|
| Think how the world changed after the PATRIOT (lol) act,
| and how many terrorists have been actually detained in
| exchange for such invasive measures on the general public.
| I'd bet the most benefited from all these years of mass
| surveillance have been advertisers, not law enforcement.
| mullingitover wrote:
| > Could it be that the original commenter is saying state
| and corporate spying gets justified with these kind of
| succesful and positive operations, and this gives states
| the goodwill to push for deeper surveillance, which is
| then used unethically?
|
| I think so, but this is backwards. State and corporate
| spying gets justified by the _scammers and fraudsters_ ,
| not by whether or not the takedown operations are
| successful. If scammers and fraudsters weren't doing
| wildly unpopular things like taking health care systems
| hostage with ransomware, etc, we'd all have a lot more
| ammo to tell the cops to respect our privacy.
| clwg wrote:
| I've worked on several high-profile botnet takedowns that
| have resulted in arrests. There is a very fine line and a
| slippery slope that you absolutely need to stay on the right
| side of, or things can become very invasive and unethical[0].
|
| Online scams, fraud, and malware have been around since the
| '80s, and we've survived.
|
| Additionally, a huge industry has been built around it,
| employing many people and generating massive amounts of
| wealth compared to the direct costs of these activities. Just
| compare the cost of ransomware to the "cost of
| cybercrime"[1][2] which is mostly revenue for the
| cybersecurity industry, and there is a magnitude of
| difference.
|
| [0] https://www.vice.com/en/article/qj454d/private-
| intelligence-...
|
| [1]
| https://www.bleepingcomputer.com/news/security/ransomware-
| pa...
|
| [2] https://www.weforum.org/agenda/2024/01/cybersecurity-
| cybercr...
| moritzwarhier wrote:
| You consider total ransomware payments the "cost of
| ransomware"?
|
| And the revenue of the cybersecurity industry the "cost of
| cybercrime"?
|
| You seem competent, me I don't know much about practical
| cybersecurity.
|
| But the combined cost of companies or medical facilities
| being infected by ransomware surely is not covered by the
| total ransom payments, right?
|
| Sorry if I'n grossly misunderstanding your take, but I
| struggle to make sense of it.
|
| I see however your point about surveillance.
|
| And also, affected companies and institutions + the
| software companies, consultants etc they work with should
| carry a certain responsibility in some cases.
|
| For example, a social engineering breach with one employee
| who had normal privileges shouldn't allow to easily
| propagate over the whole network etc
| clwg wrote:
| The true cost of any of this is very hard to quantify.
| There are reputational costs (though you generally want
| to buy the dip after a hack), national security concerns,
| intellectual property theft, etc. So, it is a weak
| argument in that regard, but that's only because there's
| not a lot of good data to even form a solid opinion on.
| Sorry if my comment seemed a bit ambiguous.
|
| Personally, I have seen during incident response many
| organizations drop seven figures on EDR, IDS/IPS, and a
| bunch of widgets while ignoring or refusing to do simple
| things like network segmentation and configuration/patch
| management, and it's because they've been sold silver
| bullets by their vendors, so I also hold a bit of
| contempt for the industry as well.
| moritzwarhier wrote:
| Yeah, I was also thinking about hospitals and other
| crucial infrastructure where ransomware attacks have even
| cost lives.
|
| I got your point though, that's why I edited in the
| paragraph about accountability.
|
| Thanks for your insights.
| which wrote:
| Law enforcement industry partnerships weird me out a little
| bit too. Cases like this are maybe a little more innocent:
| https://www.wired.com/story/big-pipes-ddos-for-hire-fbi/.
| But then you have Spamhaus compiling literal dossiers and
| sharing them with police and pressuring hosts into sharing
| information to help with their extrajudicial ROSKO
| investigations. Or the "Shadowserver Foundation," which
| ostensibly exists to stop botnets, yet also for some reason
| hosts the seizure page for Liberty Reserve.
| BillTthree wrote:
| Are we following the rule of law here? We are talking about
| arresting bad actors, built on the fundamental principal of
| due process. There are rules to follow. If the department of
| justice wants to bring criminal charges against individuals
| or corporations, should the first step be 'sieze all assets'?
| When is the doj allowed to sieze assets, if we think its a
| scumbag foreigner but what if its an upstanding american tax
| paying LLC? Should your business be subject to immediate
| takedowns while the doj investigates and attempts to
| prosecute you?
|
| Has anyone been convicted of anything? We are siezing control
| of personally owned assets under the presumption the
| responsible parties will be found guilty. That seems like a
| slippery slope.
| randomlurking wrote:
| Why are you assuming that rules weren't followed? Is there
| any reason to suspect this? I'm not the greatest fan of the
| police by far, but it's not like this (seizing assets
| without prior conviction) is a novel or anything but
| standard procedure happening in the frame of clearly
| defined rules. Should a murderer run free up to his
| conviction, even when there's strong evidence of his
| crimes? Shouldn't the police seize assets of drug cartels
| at the moment they can instead of years later when
| everybody is convicted?
| pwillia7 wrote:
| depends on your definition of free
| swayvil wrote:
| A free internet allows a degree of lawlessness.
| Cody-99 wrote:
| How tight is the "noose of the surveillance state" when it
| takes them years to stop groups like this? For example, the
| smokeloader malware mentioned in the post has been around since
| at least 2011 [1]
|
| [1] https://attack.mitre.org/software/S0226/
| immibis wrote:
| They've been focusing on other, more important things, like
| protests about the police murdering people[0][1].
|
| [0] https://www.euractiv.com/section/digital/news/macron-
| mulls-s... [1] https://www.voaafrica.com/a/macron-decried-
| for-social-media-...
| k8sToGo wrote:
| Free internet isn't the Wild West.
| unnouinceput wrote:
| 4 people and 100 servers? that's all? that's a drop in a bucket,
| won't event make a dent in the black market of ransomware.
| Cody-99 wrote:
| >In addition, Europol released information on eight fugitives
| suspected of involvement in dropper services and who are wanted
| by Germany
|
| 4 people in the initial arrests. They already have arrest
| warrants for at least another 8.
|
| It seems they have arrested someone who provided a lot of
| infrastructure so it wouldn't surprise me if they were able to
| roll that into more arrests in the near future.
|
| >"It has been discovered through the investigations so far that
| one of the main suspects has earned at least EUR 69 million in
| cryptocurrency by renting out criminal infrastructure sites to
| deploy ransomware,"
| ASalazarMX wrote:
| Forget numbers, think Marvel's Endgame, envision cop
| superheroes from all over the world converging on the
| supervillain to enact justice and save civilization!
|
| I swear law enforcement and the military choose the cringest
| name codes, not much better than names kids would pick.
| bbarnett wrote:
| Government types do everything by committee and meeting, all
| responsibility for decisions is shared, everyone must agree.
|
| Thus nothing risky, edgy or creative makes it out of such
| meetings.
| nozzlegear wrote:
| > I swear law enforcement and the military choose the
| cringest name codes, not much better than names kids would
| pick.
|
| I have it on good authority that the people in law
| enforcement and the military -- and indeed all humans in
| general -- were in fact kids at one point. Maybe we all just
| like cool sounding codenames, even if some keyboard jockeys
| on a forum will call it "cringe".
| sandworm101 wrote:
| They may seem cringe but, at least the military names, are
| usually part of an underlying lexicon that outsiders don't
| understand. Some are inside jokes, others are cover for
| classified names.
| hombre_fatal wrote:
| You'd think we as software developers would have more
| humility when judging how other people name things.
| segasaturn wrote:
| It's standard law enforcement PR. People who are serious
| about cybersecurity topics might shake their heads a little
| at the self-aggrandizing naming and Matrix "hacker"
| backgrounds, but they aren't the target audience. The target
| audience is for the mass public, to glamorize the police as
| the Good Guys who are going after the Bad Guys.
| chucksmash wrote:
| "Endgame" was a word with an established meaning before
| Disney stuck it in the title of a superhero movie in 2019.
|
| The patch for "Operation Endgame" (in the screen cap at the
| top of the article) even shows chess pieces, not superheroes.
| sidewndr46 wrote:
| when you make the rules you get decide what counts as a win.
|
| Ever seen those "million dollar drug busts" that have a small
| pile of drugs on the table?
| twojacobtwo wrote:
| I think the article said another 8 are being placed on a most
| wanted list or are being pursued. So maybe 3 drops in the
| bucket?
|
| Assuming those are all master-control servers, how many would
| it take to make a significant difference?
|
| They're still monitoring and investigating transactions, so it
| seems likely the numbers will grow.
| striking wrote:
| > Droppers remain such a critical, human-intensive component of
| nearly all major cybercrime enterprises that the most popular
| have turned into full-fledged cybercrime services of their own.
| By targeting the individuals who develop and maintain dropper
| services and their supporting infrastructure, authorities are
| hoping to disrupt multiple cybercriminal operations
| simultaneously.
|
| I presume the counterargument is that it's like someone took
| down Gmail or some other centralized service or something.
| Maybe the disrupted centralization will send a lot of
| operations scrambling, even if it was only a few hundred
| servers that were doing all the work.
| endgame wrote:
| Strange, I wasn't informed.
| mrbluecoat wrote:
| best laugh in a while - well played
| PoignardAzur wrote:
| > _"These nascent psyops include efforts to erode the limited
| trust the criminals have in each other, driving subtle wedges
| between fragile hacker egos, and sending offenders personalized
| messages showing they're being watched," Burgess wrote._
|
| Is the "Think about your next move" messaging that intimidating
| to hackers, especially those living in non-US-aligned countries?
|
| I suspect this flood of weirdly cyberpunk imagery (seriously,
| mugshots with a Matrix background?) is more of an artistic choice
| to flatter the egos of the task force's agents than a strategic
| move. White hat hackers probably like pretending they're in a spy
| movie as much as black hats do.
| lyu07282 wrote:
| I just imagine the mentality (and skills) of a cyber security
| expert who decides to work within the German bureaucracy, it
| explains a lot
| atomicnumber3 wrote:
| An NSA or DOD guy doing digital forensics and cybercrime type
| stuff came to one of my college classes to teach a lesson or
| two. He mentioned that he would love if we came to work with
| him, but also people he talks to at colleges almost never do
| because even median pay at a generic private sector corp is
| better than the government wages for that work. So yes,
| people working in the majority of cybercrime shops are people
| who either couldn't hack it at a generic boring C# corpo job,
| or are specifically more interested in being a white hat than
| getting paid lots of crinkled, sweat-dampened VC money.
| lyu07282 wrote:
| It's not even just the money, I had a brief experience
| working within german bureaucracy and i couldn't imagine a
| more soul sucking, conservative and uninspiring
| environment. You definitely have to be a certain type of
| person for that environment, the unpleasant type imho.
| niemandhier wrote:
| I know a few. My observation ist there are basically two
| types: Market rejects and fanatics who work for the
| government out of an antiquated sense of duty.
|
| The latter tend to be quite good.
| CoastalCoder wrote:
| What about that sense of duty is antiquated?
| snakeyjake wrote:
| Based on what I have observed of l33t haxxors it is likely to
| send them into fits of apoplectic, impotent, rage.
|
| People in that state tend to make mistakes more often.
| OliverJones wrote:
| Looks like some web designers in law enforcement are having some
| fun making fun of the cybercreeps.
| pelasaco wrote:
| I didn't get why all wanted hackers have german flag under their
| names if all of them are coming from Ukraine. Are they germans or
| wanted in Germany?
| nickff wrote:
| The caption says:
|
| > _"A "wanted" poster including the names and photos of eight
| suspects wanted by Germany and now on Europol's "Most Wanted"
| list."_
| koolala wrote:
| Be careful cause they can pin cybercrime on anyone for any reason
| and there are no cyberlawyers besides AI 1000% smarter than them.
| jeffhuys wrote:
| Sure...
| koolala wrote:
| Dreams >= Nightmares
| JumpCrisscross wrote:
| > _included a countdown timer that was eventually replaced with
| the personal details of LockBit's alleged leader_
|
| Assuming these folks are somewhere lawless, I assume this is
| meant to let third parties take matters into their own hands?
___________________________________________________________________
(page generated 2024-05-30 23:00 UTC)