Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Courts Bitcoin Government Security The Almighty Buck United States

Justice Department Indicts Two Iranians Over SamSam Ransomware Attacks (techcrunch.com) 47

Two Iranian officials have been indicted by U.S. federal prosecutors for creating and deploying the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. TechCrunch reports: Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, were indicted by a federal grand jury in New Jersey on Monday on several counts of computer hacking and fraud charges. The case was unsealed Wednesday, shortly before a press conference announcing the charges by U.S. deputy attorney general Rod Rosenstein. In total, SamSam has generated some $6 million in proceeds to date -- or 1,430 bitcoin at today's value. In a separate announcement, the Treasury said it had imposed sanctions against two bitcoin addresses associated with the ransomware. The department said the two addresses processed more than 7,000 transactions used to collect ransom demands from victims. "The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims," said Rosenstein. "According to the indictment, the hackers infiltrated computer systems in ten states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims."

One of the victims was the City of Atlanta, which was knocked offline earlier this year and spent a projected $2.6 million in recovery. "It was later discovered that the city's computers had long been vulnerable to leaked exploits developed by the National Security Agency -- later stolen and leaked online for anyone to use," reports TechCrunch.
This discussion has been archived. No new comments can be posted.

Justice Department Indicts Two Iranians Over SamSam Ransomware Attacks

Comments Filter:
  • small world (Score:3, Funny)

    by Anonymous Coward on Wednesday November 28, 2018 @08:52PM (#57718406)
    I actually went to college with Mehdi Mansouri. I can't say I remember much about him, he wasn't a friend of mine and we didn't hang out so he was rather forgettable (no offense!). Just another face in the crowd, really. Anyhow, one time I was at brazilian spa having my crotch, taint, and ass defoliated. I looked over the the table next to me and it was Mehdi. I believe in the bro code so we just nodded and that was the end of it.
  • Weird headline, WTF? I think name and shame is idiotic bait and capture is the only thing that makes any sense in countries without extradition. Of course the priority should be to establish good enough ties for extradition from countries but of course YOU CANT DO THAT IF YOU ARE COMMITTING CRIMES IN THE COUNTRY CAN YOU.

  • ...from the United States. Cuz is not like the United States wouldn't be at war with somebody by the end of the week if someone sabotaged Los Alamos.

  • by orzetto ( 545509 ) on Thursday November 29, 2018 @02:28AM (#57719250)

    It was later discovered that the city’s computers had long been vulnerable to leaked exploits developed by the National Security Agency — later stolen and leaked online for anyone to use.

    Any indictment coming soon for those in a taxpayer-funded federal agency who did not report security holes in critical US infrastructure, but instead developed tools to exploit them, which were later "lost" and ended up in the hands of anyone with an Internet connection? These guys probably reside on US territory and can actually be arrested.

    These Iranians are two small-time thugs. What about the Chinese government—do you think they did not duly download the tools and put them to good use?

  • Stolen from NSA (Score:4, Insightful)

    by gnasher719 ( 869701 ) on Thursday November 29, 2018 @05:17AM (#57719516)
    Let's just remember this the next time some politician screams that encryption keys should somehow be made available to the FBI: If the NSA cannot protect malware that it developed (for nefarious but presumably legal in the USA purposes) from being stolen and used for nefarious purposes that are illegal everywhere, then what chance does the FBI have to protect keys that would allow them to crack my phone from being stolen by some hacker?

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...