• Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Cryptocurrency Hackers
  • Ripple
  • Litecoin
  • Contact Us
Newsletter
Crypto Hoarding
  • Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Cryptocurrency Hackers
  • Ripple
  • Litecoin
  • Contact Us
No Result
View All Result
  • Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Cryptocurrency Hackers
  • Ripple
  • Litecoin
  • Contact Us
No Result
View All Result
Crypto Hoarding
No Result
View All Result
Home Cryptocurrency Hackers

How the FBI Got Colonial Pipeline’s Ransom Money Back – The Wall Street Journal

Admin by Admin
June 11, 2021
in Cryptocurrency Hackers
0
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter

After Colonial Pipeline Co. on May 8 paid roughly $4.4 million in cryptocurrency to hackers holding its computer systems hostage, the Federal Bureau of Investigation followed the digital money.

Over the next 19 days, court records show, a special agent watched on a publicly visible bitcoin ledger as hackers transferred the 75 bitcoins to other digital addresses. A May 27 transfer of nearly 64 bitcoins landed at a virtual address to which the FBI gained access, providing an opportunity to get a warrant and pounce.

Related articles

Hackers have stolen $1.4 billion this year using crypto bridges. Here’s why it’s happening – CNBC

August 10, 2022

FTC Probes BitMart Exchange Breach, Marking Agency’s First Crypto Case – Bloomberg

August 10, 2022

On Monday, the Justice Department said it had recovered some of the cryptocurrency, equal to about $2.3 million of Colonial’s initial ransom.

The operation demonstrates investigators’ growing technical ability to disrupt the financial infrastructure that has enabled ransomware gangs to squeeze hundreds of millions of dollars from victims each year, cybersecurity experts say. Despite cryptocurrency’s reputation as a hard-to-trace medium of exchange useful to criminals and other groups that operate outside the traditional financial system, crypto experts say it is at times easier to track than hard currencies such as U.S. dollars.


Newsletter Sign-up

WSJ Pro Cybersecurity

Cybersecurity news, analysis and insights from WSJ’s global team of reporters and editors.


“You can’t hide behind cryptocurrency,” said Elvis Chan, assistant special agent in charge of the cyber branch of the FBI’s San Francisco field office.

Senior Biden administration officials have in recent weeks characterized ransomware, in which criminals lock an organization’s data or computer system and demand payment, as an urgent national-security threat. On Wednesday, the chief executive of a meat company said it had paid an $11 million ransom to cybercriminals after a hack that contributed to the shutdown of plants that process roughly one-fifth of the nation’s meat supply.

While Monday’s announcement was noteworthy for the size of the recovery and the broad impact of the initial attack on the pipeline company, law-enforcement officials in recent years have established a track record of tracing cryptocurrency and at times seizing it.

Money Trail

Hackers move ransom payments to evade law enforcement but the Justice Department has been able to trace and seize cryptocurrency

1. Hackers break in and deploy ransomware.

2. Ransomware locks up company data, potentially crippling its computer systems and operations.

3. Victims receive a message demanding payment for a tool to unlock their data. Hackers share address for a digital wallet where victims can deposit cryptocurrency, often bitcoin.

4. Victims often call cybersecurity firms to negotiate with hackers and check for any affiliation with sanctioned governments or individuals. Brokers can convert cash to cryptocurrency, facilitate transfer.

5. Hackers often move funds among wallets to disguise their activity or pay associates who took part in the hack. Some ransomware gangs hire money-laundering services to help clean the cryptocurrency. Hackers convert digital money into hard currency, such as U.S. dollars, at cryptocurrency exchanges abroad.

1. Hackers break in and deploy ransomware.

2. Ransomware locks up company data, potentially crippling its computer systems and operations.

3. Victims receive a message demanding payment for a tool to unlock their data. Hackers share address for a digital wallet where victims can deposit cryptocurrency, often bitcoin.

4. Victims often call cybersecurity firms to negotiate with hackers and check for any affiliation with sanctioned governments or individuals. Brokers can convert cash to cryptocurrency, facilitate transfer.

5. Hackers often move funds among wallets to disguise their activity or pay associates who took part in the hack. Some ransomware gangs hire money-laundering services to help clean the cryptocurrency. Hackers convert digital money into hard currency, such as U.S. dollars, at cryptocurrency exchanges abroad.

1. Hackers break in and deploy ransomware.

2. Ransomware locks up company data, potentially crippling its computer systems and operations.

3. Victims receive a message demanding payment for a tool to unlock their data. Hackers share address for a digital wallet where victims can deposit cryptocurrency, often bitcoin.

4. Victims often call cybersecurity firms to negotiate with hackers and check for any affiliation with sanctioned governments or individuals. Brokers can convert cash to cryptocurrency, facilitate transfer.

5. Hackers often move funds among wallets to disguise their activity or pay associates who took part in the hack. Some ransomware gangs hire money-laundering services to help clean the cryptocurrency. Hackers convert digital money into hard currency, such as U.S. dollars, at cryptocurrency exchanges abroad.

1. Hackers break in and deploy ransomware.

2. Ransomware locks up company data, potentially crippling its computer systems and operations.

3. Victims receive a message demanding payment for a tool to unlock their data. Hackers share address for a digital wallet where victims can deposit cryptocurrency, often bitcoin.

4. Victims often call cybersecurity firms to negotiate with hackers and check for any affiliation with sanctioned governments or individuals. Brokers can convert cash to cryptocurrency, facilitate transfer.

5. Hackers often move funds among wallets to disguise their activity or pay associates who took part in the hack. Some ransomware gangs hire money-laundering services to help clean the cryptocurrency. Hackers convert digital money into hard currency, such as U.S. dollars, at cryptocurrency exchanges abroad.

Justice Department officials in November said they had seized roughly $1 billion in cryptocurrency associated with the Silk Road online black market. In January, law-enforcement officials said that the Justice Department had seized more than $454,000 in crypto from a ransomware group known as NetWalker.

Federal officials have previously dismantled illicit crypto networks operating abroad, including the August seizure of accounts and funds tied to al Qaeda and the Izz ad-Din al-Qassam Brigades, the armed wing of Palestinian militant group Hamas. An Internal Revenue Service agent traced transactions intended to fund the groups to Turkish money launderers who had additional customers based in the U.S. or were using U.S.-based exchanges, court records show.

The FBI has shared few details about how it seized a portion of cryptocurrency that Colonial Pipeline paid to DarkSide, a ransomware gang that investigators say they believe operates in Russia. But court records, along with interviews with analysts, describe the broad method by which investigators traced the funds from the pipeline operator’s coffers to a bitcoin address they reached with a court order.

Cryptocurrencies are held in digital accounts called wallets, which store addresses for funds’ virtual locations and the private keys, or passwords, to access them. While fiat currencies are transferred privately using banks’ routing numbers and individuals’ account numbers, crypto owners move funds between addresses recorded in a public ledger known as a blockchain.

Crypto wallets provide owners a measure of personal privacy and freedom from regulatory and tax oversight in some countries. But blockchains are visible to the public, enabling law-enforcement investigators and outside specialists to watch the funds move between addresses and through exchanges, online services where users can buy or sell holdings or cash out.

“We’ve effectively developed a map of hundreds of millions of bitcoin addresses associated with illicit actors all around the world,” said David Carlisle, director of policy and regulatory affairs at blockchain analytics firm Elliptic.

Once ransomware victims transfer cryptocurrency to hackers, sophisticated criminal groups often distribute the money among hundreds of other wallets, Mr. Carlisle said. Those transfers can comprise profit-sharing with affiliated hackers who develop and rent out the ransomware, transfers to money launderers who clean illicit funds, or attempts to convert crypto to fiat currencies.

Colonial Pipeline provided investigators with the bitcoin address where it paid hackers on May 8, launching them on the trail, according to court records filed in the U.S. District Court for the Northern District of California. The hackers moved the funds through at least six more addresses by the following day, the records show.

On May 13, DarkSide told affiliates that its servers and other infrastructure had been seized, but didn’t specify where or how. On May 27, court records show, a sum including 63.7 bitcoins traced to the Colonial ransom landed at a final address, where the FBI this week seized that portion of the funds.

SHARE YOUR THOUGHTS

Should the government prohibit companies from making ransomware payments to hackers? Why, or why not? Join the conversation below.

The FBI said in its request for a warrant Monday that its investigators had in their possession the private key for that address. Officials didn’t elaborate on how it obtained the information, and a spokesman didn’t offer further comment.

The sum recovered by the FBI likely represents a cut of the ransom shared with DarkSide’s affiliates, said Pamela Clegg, director of financial investigations and education at blockchain analytics firm CipherTrace. On May 13, the same day DarkSide claimed its servers had been seized, the remaining funds from Colonial that haven’t been recovered by the FBI were consolidated with other crypto tied to ransom payments in a wallet that now holds about 108 bitcoins, she added.

“Everyone has their eyes on it to see if those funds are transferred,” Ms. Clegg said of the wallet.

FBI officials say the techniques they used to recover some of Colonial’s funds can be used in future cases, including when hackers attempt to transfer cryptocurrency through unfriendly overseas jurisdictions.

“Overseas is not an issue for this technique,” said Mr. Chan of the FBI’s San Francisco field office.

—Sadie Gurman and Dustin Volz contributed to this article.

Cyberattacks and Business

Write to David Uberti at [email protected]

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Share76Tweet47

Related Posts

Hackers have stolen $1.4 billion this year using crypto bridges. Here’s why it’s happening – CNBC

by Admin
August 10, 2022
0

Hackers have stolen $1.4 billion this year using crypto bridges. Here’s why it's happening  CNBCNomad offers 10 percent bounty in $190...

FTC Probes BitMart Exchange Breach, Marking Agency’s First Crypto Case – Bloomberg

by Admin
August 10, 2022
0

FTC Probes BitMart Exchange Breach, Marking Agency's First Crypto Case  Bloomberg

Hackers steal $611500 worth of user’s funds by hijacking the Curve Finance homepage – Kitco NEWS

by Admin
August 10, 2022
0

Hackers steal $611500 worth of user's funds by hijacking the Curve Finance homepage  Kitco NEWS

North Korean Cryptocurrency Hacking Poised To Get Even Worse – BankInfoSecurity.com

by Admin
August 10, 2022
0

North Korean Cryptocurrency Hacking Poised To Get Even Worse  BankInfoSecurity.comNorth Korean hackers are targeting crypto workers  Digital TrendsNorth Korean-sponsored crypto hacks on...

Ethereum DeFi Exchange Curve Suffers Frontend Hack – Decrypt

by Admin
August 9, 2022
0

Ethereum DeFi Exchange Curve Suffers Frontend Hack  Decrypt

Load More
  • Trending
  • Comments
  • Latest
Major Changes Coming to XRP Ledger As Ripple-Backed Startup Launches Key Amendment in Beta Testnet – The Daily Hodl

Major Changes Coming to XRP Ledger As Ripple-Backed Startup Launches Key Amendment in Beta Testnet – The Daily Hodl

April 21, 2021

SteveWillDoIt reveals hacker stole his crypto wallet: “I lost a lot of money” – Dexerto

July 26, 2021
Forte’s PTI gets financial transaction licenses for blockchain games – VentureBeat

Forte’s PTI gets financial transaction licenses for blockchain games – VentureBeat

February 11, 2022

Blockchain Use in Supply Chain Leads to Greater Benefits – The National Law Review

August 25, 2021

Ethereum just pulled off its final test run ahead of one of the most important events in crypto – CNBC

0

Rivals Ripple and R3 partner up | PaymentsSource – American Banker

0
Ripple seeks shelter in D.C. from Libra’s political storm – American Banker

Ripple seeks shelter in D.C. from Libra’s political storm – American Banker

0

Litecoin Gets Bullish Speculation, at Last, as Upgrade Approaches – Coindesk

0

Ethereum just pulled off its final test run ahead of one of the most important events in crypto – CNBC

August 11, 2022

What ‘crypto winter?’ Schwab launches ETF giving investors significant cryptocurrency exposure – CNBC

August 10, 2022

Hackers have stolen $1.4 billion this year using crypto bridges. Here’s why it’s happening – CNBC

August 10, 2022

Have Bitcoin and Ethereum Prices Bottomed Out? What Experts Say – NextAdvisor

August 10, 2022
Crypto Hoarding

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

Categories tes

  • Bitcoin
  • Blockchain
  • Cryptocurrency Hackers
  • Ethereum
  • Litecoin
  • Ripple

Newsletter

[mc4wp_form]

  • Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Cryptocurrency Hackers
  • Ripple
  • Litecoin
  • Contact Us

© 2017 JNews - Crafted with love by Jegtheme.

No Result
View All Result
  • Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Cryptocurrency Hackers
  • Ripple
  • Litecoin
  • Contact Us

Copyright (c) 2021 - Crypto Hoarding - All Rights Reserved - web design by TechyRack