1. Hello,


    New users on the forum won't be able to send PM untill certain criteria are met (you need to have at least 6 posts in any sub forum).

    One more important message - Do not answer to people pretending to be from xnxx team or a member of the staff. If the email is not from [email protected] or the message on the forum is not from StanleyOG it's not an admin or member of the staff. Please be carefull who you give your information to.


    Best regards,

    StanleyOG.

    Dismiss Notice
  2. Hello,


    You can now get verified on forum.

    The way it's gonna work is that you can send me a PM with a verification picture. The picture has to contain you and forum name on piece of paper or on your body and your username or my username instead of the website name, if you prefer that.

    I need to be able to recognize you in that picture. You need to have some pictures of your self in your gallery so I can compare that picture.

    Please note that verification is completely optional and it won't give you any extra features or access. You will have a check mark (as I have now, if you want to look) and verification will only mean that you are who you say you are.

    You may not use a fake pictures for verification. If you try to verify your account with a fake picture or someone else picture, or just spam me with fake pictures, you will get Banned!

    The pictures that you will send me for verification won't be public


    Best regards,

    StanleyOG.

    Dismiss Notice
  1. Username 1

    Username 1 Porn Star Banned!

    Joined:
    Apr 19, 2021
    Messages:
    1,139
    “How about dropping the drama and telling the truth for once “ to quote a “straight shooter “
     
    • Like Like x 1
    1. shootersa
      What part don't you believe @Username 1 ?
      Shooter is devastated that you disbelieve Shooter!
      *sarcasm off
       
      shootersa, May 14, 2021
      Truthful 1 likes this.
    2. Username 1
      I believe your story. It is the dramatic flourish in your prediction of what will happen this summer that has me rolling eyes emoji!!
       
      Username 1, May 15, 2021
      stumbler likes this.
    3. shootersa
      Well then, if you google
      "shortages projected summer 2021"

      And check the sources you will likely change your mind.
       
      shootersa, May 15, 2021
      Truthful 1 likes this.
    #61
  2. deleted user 555 768

    deleted user 555 768 Porn Star Banned!

    Joined:
    May 9, 2014
    Messages:
    75,527
    I'm seeing a lot of FB videos like this lately, people filling bags with gas, does it mean people are that desperate or that stupid?

    [​IMG]
     
    #62
  3. deleted user 555 768

    deleted user 555 768 Porn Star Banned!

    Joined:
    May 9, 2014
    Messages:
    75,527
    [​IMG]
     
    1. FuntimeFla
      Well not all of them Photo A: This guy is using a container that approved for liquid fertilizers, and DEF ( Diesel Exhaust Fluid ). Could be an approved container.
      Photo B: At least they are using approved containers, and the man is smart, he has the old lady doing the heavy lifting while he just pumps the gas. Though I'm not so sure stacking them sideways is all that smart unless the vent caps can be tightly sealed.
      Photos C and D. Yes, complete morons, I would like to the end result of such Rube Goldberg machinations.
       
      FuntimeFla, May 15, 2021
      deleted user 555 768 likes this.
    #63
  4. freethinker

    freethinker Pervy Bear

    Joined:
    Aug 17, 2009
    Messages:
    31,322
    It was all just a Biden-Harris plot to annoy T1.
     
    • Like Like x 1
    #64
  5. stumbler

    stumbler Porn Star

    Joined:
    Oct 10, 2006
    Messages:
    105,074
    I don't think we can believe a word of this but its obvious President Biden got to Putin and Putin got to his hackers.

    DarkSide, Blamed for Gas Pipeline Attack, Says It Is Shutting Down
    The hacking group, which the F.B.I. has said was responsible for the ransomware attack, said it had received “pressure” from the U.S.

    [​IMG]
    [​IMG]
    A Colonial Pipeline site in New Jersey. Cybersecurity analysts cautioned that the DarkSide claim that it has disbanded could be a ruse.Credit...Michael M. Santiago/Getty Images
    [​IMG]
    By Michael Schwirtz

    May 14, 2021Updated 6:03 p.m. ET


    The criminal hacking group DarkSide, which the F.B.I. has blamed for carrying out a ransomware attack that crippled fuel delivery across the Southeastern United States this week, has announced that it is shutting down because of unspecified “pressure” from the United States.

    In a statement written in Russian and provided to The New York Times on Friday by the cybersecurity firm Intel 471, DarkSide said it had lost access to the public-facing portion of its online system, including its blog and payment server, as well as funds that it said had been withdrawn to an unknown account. It said the group’s main web page and other public-facing resources would go offline within 48 hours.

    “Due to the pressure from the U.S., the affiliate program is closed,” the statement said, referring to intermediary hackers, the so-called affiliates, it works with to break into corporate computer systems. “Stay safe and good luck.”

    What that pressure may have been is unclear, but on Thursday, President Biden said the United States would not rule out a retaliatory strike against DarkSide that would “disrupt their ability to operate.” The White House spokeswoman, Jen Psaki, said the administration was waiting for recommendations from U.S. Cyber Command, but government officials on Friday declined to comment further about whether any action had been taken.


    Cybersecurity analysts cautioned that the DarkSide statement could be a ruse, allowing its members to regroup and deflect the negative attention caused by the attack. The group’s announcement was reported earlier by The Wall Streetl Journal.

    The crisis began when Colonial Pipeline, the operator of one of the nation’s largest fuel pipelines, announced on May 7 that it had been hit with a ransomware attack, in which criminal groups lock up computer systems and hold data hostage until the victim pays a ransom. In response, the company protectively shut down its pipeline, which delivers nearly half of the jet fuel and gasoline used on the Atlantic Coast, disrupting air travel and causing drivers to descend on gas stations in a surge of panic buying.

    To free up its computer systems, Colonial Pipeline paid the extortionists about 75 Bitcoin, or nearly $5 million, according to people briefed on the transaction. The decision allowed the company to get gas flowing again, but may have complicated the Biden administration’s efforts to stave off new attacks.

    In a statement on Friday, a Colonial spokeswoman said, “There is an ongoing investigation, and we’re not commenting on the ransom.”

    Elliptic, a computer security company specializing in cryptocurrency, said on Friday that it had identified the Bitcoin wallet used by DarkSide to collect the Colonial Pipeline ransom payment. In a statement, Elliptic said Colonial Pipeline sent the ransom payment to DarkSide last Saturday.

    ry
    Since the DarkSide account was opened in March, Elliptic said, it had received $17.5 million from 21 Bitcoin wallets, indicating the number of ransoms it had collected just this spring. Cybersecurity analysts assess that the group has been active since at least August, and has most likely used a number of different Bitcoin wallets to receive ransoms.

    The intense scrutiny that followed the Colonial Pipeline attack has clearly unsettled ransomware groups. This week, the operators behind two major Russian-language ransomware platforms, REvil and Avaddon, announced strict new rules governing the use of their products, including bans on targeting government-affiliated entities, hospitals or educational institutions.

    The administrator of XSS, a popular Russian-language cybercrime forum, announced an immediate ban on all ransomware activity on the forum, citing, among other things, the bad press associated with the industry. In a statement posted in the forum, the administrator called the attention a “critical mass of harm, nonsense, hype and noise,” saying even the spokesman for President Vladimir V. Putin of Russia had weighed in on the Colonial Pipe attack. (The spokesman, Dmitri S. Peskov, denied that the Kremlin had been involved in the attack on the pipeline.)

    “The word ransom has become associated with a whole series of unpleasant things — geopolitics, blackmail, government cyberattacks,” the XSS administrator wrote. “This word has become dangerous and toxic.”

    Even if DarkSide has shut down, the threat from ransomware has not passed. Cybercriminal networks often disband, regroup and rebrand themselves in an effort to throw off law enforcement, cybersecurity experts say.

    “It’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways,” said Mark Arena, Intel 471’s chief executive. “A number of the operators will most likely continue to operate in their own close-knit groups, resurfacing under different aliases and ransomware names.”

    Indeed, DarkSide gave no indication that its members were getting out of the ransomware business or even letting victims currently infected with the group’s malware off the hook. In its statement, DarkSide said it would hand over its decryption tools to affiliates, giving these intermediaries, who were responsible for infecting computer systems with the group’s malicious software, the ability to negotiate ransoms with victims directly.

    “You will be given decryption tools for all the companies that haven’t paid yet,” the statement read. “After that, you will be free to communicate with them wherever you want in any way you want.”

    https://www.nytimes.com/2021/05/14/business/darkside-pipeline-hack.html
     
    • Like Like x 1
    #65
  6. Username 1

    Username 1 Porn Star Banned!

    Joined:
    Apr 19, 2021
    Messages:
    1,139
    Oops
     
    #66
  7. shootersa

    shootersa Frisky Feline

    Joined:
    Dec 28, 2010
    Messages:
    82,013
    If not a word of the story is believable why is it "obvious" biden/harris got to Putin?

    And why post a story that isn't credible?

    *looks at who posted it.

    Oh.
     
    #67
  8. Truthful 1

    Truthful 1 coal fired windmills Banned!

    Joined:
    Apr 7, 2018
    Messages:
    39,816
    Gas shortage lol lol lol lol lol lol lol lol lol. Just wait till you get the gas prices less affordable than driving electric cars and the gas shortage will be over . But of course she won’t be able to stray too far from home , With your electric piece of shit . You also won’t be able to afford your electric bill . Unless they build hundreds of nuclear power plants . The Most effective cheapest way to build electricity is nuclear .
     
    #68
  9. Truthful 1

    Truthful 1 coal fired windmills Banned!

    Joined:
    Apr 7, 2018
    Messages:
    39,816
    Joe Biden says we need more Educated people . People who know how to fight Cyber attacks . Lol lol lol lol lol lol lol lol yeah joe that’s it , that would have stopped that attack . Lol lol lol lol lol lol look lol lol lol . Funny joe you only injure the people who vote for you . Great job Joey
     
    #69
  10. stumbler

    stumbler Porn Star

    Joined:
    Oct 10, 2006
    Messages:
    105,074
    #70
  11. shootersa

    shootersa Frisky Feline

    Joined:
    Dec 28, 2010
    Messages:
    82,013
    Here in Colorado while Trump was in office gas rarely topped $2.00.

    Since biden took office gas hasn't dropped below $3.00.

    Shooter doesn't see the price of gas dropping back below $3.00 while biden is in office. Also he'll be surprised if we don't have shortages.
     
    • Agree Agree x 1
    1. Truthful 1
      Thanks joe Biden As I said Joe never hurts the people of power the people who have plenty of money when you raise gas prices you only hurt the people who already are jeopardy . Bit why should that bother joe
       
      Truthful 1, May 23, 2021
    #71
  12. stumbler

    stumbler Porn Star

    Joined:
    Oct 10, 2006
    Messages:
    105,074
    This is something that has always bothered me. I cannot believe that there aren't people in the world and especially the US that are smarter and better than than the hackers. And apparently there better at stopping hackers but then they just go greedy and stupid about it.

    The Colonial Pipeline ransomware hackers had a secret weapon

    Pro Publica
    May 25, 2021


    [​IMG]
    Jim Watson/AFP



    Series: The Extortion Economy
    U.S. Companies and Ransomware

    On Jan. 11, antivirus company Bitdefender said it was “happy to announce" a startling breakthrough. It had found a flaw in the ransomware that a gang known as DarkSide was using to freeze computer networks of dozens of businesses in the U.S. and Europe. Companies facing demands from DarkSide could download a free tool from Bitdefender and avoid paying millions of dollars in ransom to the hackers.

    But Bitdefender wasn't the first to identify this flaw. Two other researchers, Fabian Wosar and Michael Gillespie, had noticed it the month before and had begun discreetly looking for victims to help. By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that “new companies have nothing to hope for."

    “Special thanks to BitDefender for helping fix our issues," DarkSide said. “This will make us even better."

    DarkSide soon proved it wasn't bluffing,
    unleashing a string of attacks. This month, it paralyzed the Colonial Pipeline Co., prompting a shutdown of the 5,500 mile pipeline that carries 45% of the fuel used on the East Coast, quickly followed by a rise in gasoline prices, panic buying of gas across the Southeast and closures of thousands of gas stations. Absent Bitdefender's announcement, it's possible that the crisis might have been contained, and that Colonial might have quietly restored its system with Wosar and Gillespie's decryption tool.

    Instead, Colonial paid DarkSide $4.4 million in Bitcoin for a key to unlock its files. “I will admit that I wasn't comfortable seeing money go out the door to people like this," CEO Joseph Blount told The Wall Street Journal.

    The missed opportunity was part of a broader pattern of botched or half-hearted responses to the growing menace of ransomware, which during the pandemic has disabled businesses, schools, hospitals and government agencies across the country. The incident also shows how antivirus companies eager to make a name for themselves sometimes violate one of the cardinal rules of the cat-and-mouse game of cyber-warfare: Don't let your opponents know what you've figured out. During World War II, when the British secret service learned from decrypted communications that the Gestapo was planning to abduct and murder a valuable double agent, Johnny Jebsen, his handler wasn't allowed to warn him for fear of cluing in the enemy that its cipher had been cracked. Today, ransomware hunters like Wosar and Gillespie try to prolong the attackers' ignorance, even at the cost of contacting fewer victims. Sooner or later, as payments drop off, the cybercriminals realize that something has gone wrong.

    Whether to tout a decryption tool is a “calculated decision," said Rob McLeod, senior director of the threat response unit for cybersecurity firm eSentire. From the marketing perspective, “You are singing that song from the rooftops about how you have come up with a security solution that will decrypt a victim's data. And then the security researcher angle says, 'Don't disclose any information here. Keep the ransomware bugs that we've found that allow us to decode the data secret, so as not to notify the threat actors.'"

    Wosar said that publicly releasing tools, as Bitdefender did, has become riskier as ransoms have soared and the gangs have grown wealthier and more technically adept. In the early days of ransomware, when hackers froze home computers for a few hundred dollars, they often couldn't determine how their code was broken unless the flaw was specifically pointed out to them.

    Today, the creators of ransomware “have access to reverse engineers and penetration testers who are very very capable," he said. “That's how they gain entrance to these oftentimes highly secured networks in the first place. They download the decryptor, they disassemble it, they reverse engineer it and they figure out exactly why we were able to decrypt their files. And 24 hours later, the whole thing is fixed. Bitdefender should have known better."

    It wasn't the first time that Bitdefender trumpeted a solution that Wosar or Gillespie had beaten it to. Gillespie had broken the code of a ransomware strain called GoGoogle and was helping victims without any fanfare, when Bitdefender released a decryption tool in May 2020. Other companies have also announced breakthroughs publicly, Wosar and Gillespie said.

    “People are desperate for a news mention, and big security companies don't care about victims," Wosar said.

    Bogdan Botezatu, director of threat research at Bucharest, Romania-based Bitdefender, said the company wasn't aware of the earlier success in unlocking files infected by DarkSide. Regardless, he said, Bitdefender decided to publish its tool “because most victims who fall for ransomware do not have the right connection with ransomware support groups and won't know where to ask for help unless they can learn about the existence of tools from media reports or with a simple search."

    Bitdefender has provided free technical support to more than a dozen DarkSide victims, and “we believe many others have successfully used the tool without our intervention," Botezatu said. Over the years, Bitdefender has helped individuals and businesses avoid paying more than $100 million in ransom, he said.

    Bitdefender recognized that DarkSide might correct the flaw, Botezatu said. “We are well aware that attackers are agile and adapt to our decryptors." But DarkSide might have “spotted the issue" anyway. “We don't believe in ransomware decryptors made silently available. Attackers will learn about their existence by impersonating home users or companies in need, while the vast majority of victims will have no idea that they can get their data back for free."

    The attack on Colonial Pipeline, and the ensuing chaos at the gas pumps throughout the Southeast, appears to have spurred the federal government to be more vigilant. President Joe Biden issued an executive order to improve cybersecurity and create a blueprint for a federal response to cyberattacks. DarkSide said it was shutting down under U.S. pressure, although ransomware crews have often disbanded to avoid scrutiny and then re-formed under new names, or their members have launched or joined other groups.

    “As sophisticated as they are, these guys will pop up again, and they'll be that much smarter," said Aaron Tantleff, a Chicago cybersecurity attorney who has consulted with 10 companies attacked by DarkSide. “They'll come back with a vengeance."

    At least until now, private researchers and companies have often been more effective than the government in fighting ransomware. Last October, Microsoft disrupted the infrastructure of Trickbot, a network of more than 1 million infected computers that disseminated the notorious Ryuk strain of ransomware, by disabling its servers and communications. That month, ProtonMail, the Swiss-based email service, shut down 20,000 Ryuk-related accounts.

    Wosar and Gillespie, who belong to a worldwide volunteer group called the Ransomware Hunting Team, have cracked more than 300 major ransomware strains and variants, saving an estimated 4 million victims from paying billions of dollars.

    By contrast, the FBI rarely decrypts ransomware or arrests the attackers, who are typically based in countries like Russia or Iran that lack extradition agreements with the U.S. DarkSide, for instance, is believed to operate out of Russia. Far more victims seek help from the Hunting Team, through websites maintained by its members, than from the FBI.

    The U.S. Secret Service also investigates ransomware, which falls under its purview of combating financial crimes. But, especially in election years, it sometimes rotates agents off cyber assignments to carry out its better-known mission of protecting presidents, vice presidents, major party candidates and their families. European law enforcement, especially the Dutch National Police, has been more successful than the U.S. in arresting attackers and seizing servers.

    Similarly, the U.S. government has made only modest headway in pushing private industry, including pipeline companies, to strengthen cybersecurity defenses. Cybersecurity oversight is divided among an alphabet soup of agencies, hampering coordination. The Department of Homeland Security conducts “vulnerability assessments" for critical infrastructure, which includes pipelines.

    It reviewed Colonial Pipeline in around 2013 as part of a study of places where a cyberattack might cause a catastrophe. The pipeline was deemed resilient, meaning that it could recover quickly, according to a former DHS official. The department did not respond to questions about any subsequent reviews.

    Five years later, DHS created a pipeline cybersecurity initiative to identify weaknesses in pipeline computer systems and recommend strategies to address them. Participation is voluntary, and a person familiar with the initiative said that it is more useful for smaller companies with limited in-house IT expertise than for big ones like Colonial. The National Risk Management Center, which oversees the initiative, also grapples with other thorny issues such as election security.

    Ransomware has skyrocketed since 2012, when the advent of Bitcoin made it hard to track or block payments. The criminals' tactics have evolved from indiscriminate “spray and pray" campaigns seeking a few hundred dollars apiece to targeting specific businesses, government agencies and nonprofit groups with multimillion-dollar demands.

    Attacks on energy businesses in particular have increased during the pandemic — not just in the U.S. but in Canada, Latin America and Europe. As the companies allowed employees to work from home, they relaxed some security controls, McLeod said.

    Since 2019, numerous gangs have ratcheted up pressure with a technique known as “double extortion." Upon entering a system, they steal sensitive data before launching ransomware that encodes the files and makes it impossible for hospitals, universities and cities to do their daily work. If the loss of computer access is not sufficiently intimidating, they threaten to reveal confidential information, often posting samples as leverage. For instance, when the Washington, D.C., police department didn't pay the $4 million ransom demanded by a gang called Babuk last month, Babuk published intelligence briefings, names of criminal suspects and witnesses, and personnel files, from medical information to polygraph test results, of officers and job candidates.

    DarkSide, which emerged last August, epitomized this new breed. It chose targets based on a careful financial analysis or information gleaned from corporate emails. For instance, it attacked one of Tantleff's clients during a week when the hackers knew the company would be vulnerable because it was transitioning its files to the cloud and didn't have clean backups.

    To infiltrate target networks, the gang used advanced methods such as “zero-day exploits" that immediately take advantage of software vulnerabilities before they can be patched. Once inside, it moved swiftly, looking not only for sensitive data but also for the victim's cyber insurance policy, so it could peg its demands to the amount of coverage. After two to three days of poking around, DarkSide encrypted the files.

    “They have a faster attack window," said Christopher Ballod, associate managing director for cyber risk at Kroll, the business investigations firm, who has advised half a dozen DarkSide victims. “The longer you dwell in the system, the more likely you are to be caught."

    Typically, DarkSide's demands were “on the high end of the scale," $5 million and up, Ballod said. One scary tactic: If publicly traded companies didn't pay the ransom, DarkSide threatened to share information stolen from them with short-sellers who would profit if the share price dropped upon publication.

    DarkSide's site on the dark web identified dozens of victims and described the confidential data it claimed to have filched from them. One was New Orleans law firm Stone Pigman Walther Wittmann. “A big annoyance is what it was," attorney Phil Wittmann said, referring to the DarkSide attack in February. “We paid them nothing," said Michael Walshe Jr., chair of the firm's management committee, declining to comment further.

    Last November, DarkSide adopted what is known as a “ransomware-as-a-service" model. Under this model, it partnered with affiliates who launched the attacks. The affiliates received 75% to 90% of the ransom, with DarkSide keeping the remainder. As this partnership suggests, the ransomware ecosystem is a distorted mirror of corporate culture, with everything from job interviews to procedures for handling disputes. After DarkSide shut down, several people who identified themselves as its affiliates complained on a dispute resolution forum that it had stiffed them. “The target paid, but I did not receive my share," one wrote.

    Together, DarkSide and its affiliates reportedly grossed at least $90 million. Seven of Tantleff's clients, including two companies in the energy industry, paid ransoms ranging from $1.25 million to $6 million, reflecting negotiated discounts from initial demands of $7.5 million to $30 million. His other three clients hit by DarkSide did not pay. In one of those cases, the hackers demanded $50 million. Negotiations grew acrimonious, and the two sides couldn't agree on a price.

    DarkSide's representatives were shrewd bargainers, Tantleff said. If a victim said it couldn't afford the ransom because of the pandemic, DarkSide was ready with data showing that the company's revenue was up, or that COVID-19's impact was factored into the price.

    DarkSide's grasp of geopolitics was less advanced than its approach to ransomware. Around the same time that it adopted the affiliate model, it posted that it was planning to safeguard information stolen from victims by storing it in servers in Iran. DarkSide apparently didn't realize that an Iranian connection would complicate its collection of ransoms from victims in the U.S., which has economic sanctions restricting financial transactions with Iran. Although DarkSide later walked back this statement, saying that it had only considered Iran as a possible location, numerous cyber insurers had concerns about covering payments to the group. Coveware, a Connecticut firm that negotiates with attackers on behalf of victims, stopped dealing with DarkSide.

    Ballod said that, with their insurers unwilling to reimburse the ransom, none of his clients paid DarkSide, despite concerns about exposure of their data. Even if they had caved in to DarkSide, and received assurances from the hackers in return that the data would be shredded, the information might still leak, he said.

    During DarkSide's changeover to the affiliate model, a flaw was introduced into its ransomware. The vulnerability caught the attention of members of the Ransomware Hunting Team. Established in 2016, the invitation-only team consists of about a dozen volunteers in the U.S., Spain, Italy, Germany, Hungary and the U.K. They work in cybersecurity or related fields. In their spare time, they collaborate in finding and decrypting new ransomware strains.

    Several members, including Wosar, have little formal education but an aptitude for coding. A high school dropout, Wosar grew up in a working-class family near the German port city of Rostock. In 1992, at the age of 8, he saw a computer for the first time and was entranced. By 16, he was developing his own antivirus software and making money from it. Now 37, he has worked for antivirus firm Emsisoft since its inception almost two decades ago and is its chief technology officer. He moved to the U.K. from Germany in 2018 and lives near London.

    He has been battling ransomware hackers since 2012, when he cracked a strain called ACCDFISA, which stood for “Anti Cyber Crime Department of Federal Internet Security Agency." This fictional agency was notifying people that child pornography had infected their computers, and so it was blocking access to their files unless they paid $100 to remove the virus.

    The ACCDFISA hacker eventually noticed that the strain had been decrypted and released a revised version. Many of Wosar's subsequent triumphs were also fleeting. He and his teammates tried to keep criminals blissfully unaware for as long as possible that their strain was vulnerable. They left cryptic messages on forums inviting victims to contact them for assistance or sent direct messages to people who posted that they had been attacked.

    In the course of protecting against computer intrusions, analysts at antivirus firms sometimes detected ransomware flaws and built decryption tools, though it wasn't their main focus. Sometimes they collided with Wosar.

    In 2014, Wosar discovered that a ransomware strain called CryptoDefense copied and pasted from Microsoft Windows some of the code it used to lock and unlock files, not realizing that the same code was preserved in a folder on the victim's own computer. It was missing the signal, or “flag," in their program, usually included by ransomware creators to instruct Windows not to save a copy of the key.

    Wosar quickly developed a decryption tool to retrieve the key. “We faced an interesting conundrum," Sarah White, another Hunting Team member, wrote on Emsisoft's blog. “How to get our tool out to the most victims possible without alerting the malware developer of his mistake?"

    Wosar discreetly sought out CryptoDefense victims through support forums, volunteer networks and announcements of where to contact for help. He avoided describing how the tool worked or the blunder it exploited. When victims came forward, he supplied the fix, scrubbing the ransomware from at least 350 computers. CryptoDefense eventually “caught on to us ... but he still did not have access to the decrypter we used and had no idea how we were unlocking his victims' files," White wrote.

    But then an antivirus company, Symantec, uncovered the same problem and bragged about the discovery on a blog post that “contained enough information to help the CryptoDefense developer find and correct the flaw," White wrote. Within 24 hours the attackers began spreading a revised version. They changed its name to CryptoWall and made $325 million.

    Symantec “chose quick publicity over helping CryptoDefense victims recover their files," White wrote. “Sometimes there are things that are better left unsaid."

    A spokeswoman for Broadcom, which acquired Symantec's enterprise security business in 2019, declined to comment, saying that “the team members who worked on the tool are no longer with the company."

    Like Wosar, the 29-year-old Gillespie comes from poverty and never went to college. When he was growing up in central Illinois, his family struggled so much financially that they sometimes had to move in with friends or relatives. After high school, he worked full time for 10 years at a computer repair chain called Nerds on Call. Last year, he became a malware and cybersecurity researcher at Coveware.

    Last December, he messaged Wosar for help. Gillespie had been working with a DarkSide victim who had paid a ransom and received a tool to recover the data. But DarkSide's decryptor had a reputation for being slow, and the victim hoped that Gillespie could speed up the process.

    Gillespie analyzed the software, which contained a key to release the files. He wanted to extract the key, but because it was stored in an unusually complex way, he couldn't. He turned to Wosar, who was able to isolate it.

    The teammates then began testing the key on other files infected by DarkSide. Gillespie checked files uploaded by victims to the website he operates, ID Ransomware, while Wosar used VirusTotal, an online database of suspected malware.

    That night, they shared a discovery.

    “I have confirmation DarkSide is re-using their RSA keys," Gillespie wrote to the Hunting Team on its Slack channel. A type of cryptography, RSA generates two keys: a public key to encode data and a private key to decipher it. RSA is used legitimately to safeguard many aspects of e-commerce, such as protecting credit numbers. But it's also been co-opted by ransomware hackers.

    “I noticed the same as I was able to decrypt newly encrypted files using their decrypter," Wosar replied less than an hour later, at 2:45 a.m. London time.

    Their analysis showed that, before adopting the affiliate model, DarkSide had used a different public and private key for each victim. Wosar suspected that, during this transition, DarkSide introduced a mistake into its affiliate portal used to generate the ransomware for each target. Wosar and Gillespie could now use the key that Wosar had extracted to retrieve files from Windows machines seized by DarkSide. The cryptographic blunder didn't affect Linux operating systems.

    “We were scratching our heads," Wosar said. “Could they really have fucked up this badly? DarkSide was one of the more professional ransomware-as-a-service schemes out there. For them to make such a huge mistake is very, very rare."

    The Hunting Team celebrated quietly, without seeking publicity. White, who is a computer science student at Royal Holloway, part of the University of London, began looking for DarkSide victims. She contacted firms that handle digital forensics and incident response.

    “We told them, 'Hey listen, if you have any DarkSide victims, tell them to reach out to us, we can help them. We can recover their files and they don't have to pay a huge ransom,'" Wosar said.

    The DarkSide hackers mostly took the Christmas season off. Gillespie and Wosar expected that, when the attacks resumed in the new year, their discovery would help dozens of victims. But then Bitdefender published its post, under the headline “Darkside Ransomware Decryption Tool."

    In a messaging channel with the ransomware response community, someone asked why Bitdefender would tip off the hackers. “Publicity," White responded. “Looks good. I can guarantee they'll fix it much faster now though."

    She was right. The next day, DarkSide acknowledged the error that Wosar and Gillespie had found before Bitdefender. “Due to the problem with key generation, some companies have the same keys," the hackers wrote, adding that up to 40% of keys were affected.

    DarkSide mocked Bitdefender for releasing the decryptor at “the wrong time…., as the activity of us and our partners during the New Year holidays is the lowest."

    Adding to the team's frustrations, Wosar discovered that the Bitdefender tool had its own drawbacks. Using the company's decryptor, he tried to unlock samples infected by DarkSide and found that they were damaged in the process. “They actually implemented the decryption wrong," Wosar said. “That means if victims did use the Bitdefender tool, there's a good chance that they damaged the data."

    Asked about Wosar's criticism, Botezatu said that data recovery is difficult, and that Bitdefender has “taken all precautions to make sure that we're not compromising user data" including exhaustive testing and “code that evaluates whether the resulting decrypted file is valid."

    Even without Bitdefender, DarkSide might have soon realized its mistake anyway, Wosar and Gillespie said. For example, as they sifted through compromised networks, the hackers might have come across emails in which victims helped by the Hunting Team discussed the flaw.

    “They might figure it out that way — that is always a possibility," Wosar said. “But it's especially painful if a vulnerability is being burned through something stupid like this."

    The incident led the Hunting Team to coin a term for the premature exposure of a weakness in a ransomware strain. “Internally, we often joke, 'Yeah, they are probably going to pull a Bitdefender,'" Wosar said.

    https://www.rawstory.com/colonial-pipeline-2653099349/
     
    #72
  13. stumbler

    stumbler Porn Star

    Joined:
    Oct 10, 2006
    Messages:
    105,074
    Here's the reason gas prices are going up and it has nothing to do with President Biden and everything to do with what treasonous conservative/Republicans used to preach all the time. Free market supply and demand.

    prce of oilo.png
     
    #73
  14. shootersa

    shootersa Frisky Feline

    Joined:
    Dec 28, 2010
    Messages:
    82,013
    Stumbler forgets that during the Trump administration everything was Trump's falut. He reminded us of that daily.

    Is stumbler such a hypocrite that he wants nothing blamed on biden/harris now that trump is out and biden/harris is in charge?
     
    #74
  15. Truthful 1

    Truthful 1 coal fired windmills Banned!

    Joined:
    Apr 7, 2018
    Messages:
    39,816
    Progress report Russian pipeline is on time and doing fine thanks Joe Biden
     
    #75
  16. stumbler

    stumbler Porn Star

    Joined:
    Oct 10, 2006
    Messages:
    105,074
    #76
  17. deleted user 555 768

    deleted user 555 768 Porn Star Banned!

    Joined:
    May 9, 2014
    Messages:
    75,527
    I remember the gas crisis of the early 70's, lines, odd even days, even then I said people will pay what the market demands
     
    #77
  18. deleted user 555 768

    deleted user 555 768 Porn Star Banned!

    Joined:
    May 9, 2014
    Messages:
    75,527
    #78
  19. shootersa

    shootersa Frisky Feline

    Joined:
    Dec 28, 2010
    Messages:
    82,013
    And we knew this was coming, but damn, it came;
    White House Defends High Gas Prices As Americans Prepare To Travel For Memorial Day (yahoo.com)
    White House Defends High Gas Prices As Americans Prepare To Travel For Memorial Day

    The White House on Friday tried to assuage Americans’ concerns about rising gas prices ahead of Memorial Day weekend, saying gas prices have “stabilized” and are “well in line with what they’ve been in recent decades.”

    The average cost nationally for a gallon of unleaded gas is now $3.04, according to the American Automobile Association ― the highest it’s been in seven years.

    A variety of factors are driving the higher price, including increasing demand as more Americans take to the road as pandemic restrictions lift and a shortage of tank truck drivers to deliver fuel.

    So you see, the problem is;
    a) demand is up, cause, you know, covid over.
    b) We can't find enough people to drive the tanker trucks.

    Goddam, they think we're that stupid, don't they?
     
    #79
  20. latecomer91364

    latecomer91364 Easily Distracte

    Joined:
    Aug 3, 2017
    Messages:
    44,250
    [​IMG]
     
    • Like Like x 1
    #80