It’s not every day where we have the opportunity to talk directly to a cybercriminal. But as crazy curious cyber defenders, our secondary goal was to get a better understanding of who we were dealing with so we could “ know our attacker”. Of course, the primary goal was to identify and help the victimized member of our community. But what type of businesswoman is she? What are her motivations? Is it all about just a quick payout, or is there more to her plans? She’s laying out her terms - establishing price, contact information, and evidence to build trust. We’re looking at a businesswoman at work. If you’re interested message me here or on wikr… i’m also on jabber. , eastern side…… I’m asking for $600 BTC. However, not everyone agreed with our decision. It was an interesting thought exercise that challenged us to remove our preconceived notions. While we wrote this blog, we definitely had fun imagining our hacker as a woman. If Britt is responsible, w0zniak is a man Playing chess probably starts with an offensive approach to defense. Security will always be a cat and mouse game, but that game doesn’t have to be checkers. They are on high alert, knowing their shady deeds are being watched. Since our story was published, we’ve seen hackers warn each other about who they talk to and what they see. Some Dark Web hackers are not super thrilled with our effort MSPs need to closely audit admin accounts after employees depart.w0zniak didn’t have the greatest online OPSEC.Additionally, the Coinbase account that received payment for the MSP access was registered to Britt’s name, SSN, address, and date of birth. What’s especially interesting is the Vultr account sold by w0zniak belonged to Marquavious Britt and included the last four of Britt’s SSN in the password. Insider threat: w0zniak was a disgruntled ex-employee of the MSPīased on the criminal complaint affidavit, w0zniak is likely the Torum handle belonging to Marquavious Britt, who worked for our victim MSP until he was “terminated for failure to complete tasks assigned to him.” We received this information shortly after we released our blog and here are a few key updates: The Huntress team recently learned that a person allegedly tied to the w0zniak account has been arrested in Atlanta. But before we dive in, here's where this story stands. In a rare encounter, we found ourselves directly interacting with a cybercriminal that took us down a dark web rabbit hole.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |