Why The FBI Held Back a Ransomware Decryption Key for 19 Days (msn.com) 53
America's Federal Bureau of Investigation "refrained for almost three weeks from helping to unlock the computers of hundreds of businesses and institutions hobbled by a major ransomware attack this summer," reports the Washington Post, "even though the bureau had secretly obtained the digital key needed to do so, according to several current and former U.S. officials."
The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs. But the FBI held on to the key, with the agreement of other agencies, in part because it was planning to carry out an operation to disrupt the hackers, a group known as REvil, and the bureau did not want to tip them off. Also, a government assessment found the harm was not as severe as initially feared.
The planned takedown never occurred because in mid-July REvil's platform went offline — without U.S. government intervention — and the hackers disappeared before the FBI had a chance to execute its plan, according to the current and former officials... The FBI finally shared the key with Kaseya, the IT company whose software was infected with malware, on July 21 — 19 days after it was hit. Kaseya asked New Zealand-based security firm Emsisoft to create a fresh decryption tool, which Kaseya released the following day. By then, it was too late for some victims...
On Tuesday, FBI Director Christopher A. Wray, testifying before Congress, indicated the delay stemmed in part from working jointly with allies and other agencies. "We make the decisions as a group, not unilaterally," he said, noting that he had to constrain his remarks because the investigation was ongoing... He also suggested that "testing and validating" the decryption key contributed to the delay. "There's a lot of engineering that's required to develop a tool" that can be used by victims, he said at a Senate Homeland Security Committee hearing.
Emsisoft, however, was able to act quickly. It extracted the key from what the FBI provided Kaseya, created a new decryptor and tested it — all within 10 minutes, according to Fabian Wosar, Emsisoft chief technology officer. The process was speedy because the firm was familiar with REvil's ransomware. "If we had to go from scratch," Wosar said, "it would have taken about four hours."
The planned takedown never occurred because in mid-July REvil's platform went offline — without U.S. government intervention — and the hackers disappeared before the FBI had a chance to execute its plan, according to the current and former officials... The FBI finally shared the key with Kaseya, the IT company whose software was infected with malware, on July 21 — 19 days after it was hit. Kaseya asked New Zealand-based security firm Emsisoft to create a fresh decryption tool, which Kaseya released the following day. By then, it was too late for some victims...
On Tuesday, FBI Director Christopher A. Wray, testifying before Congress, indicated the delay stemmed in part from working jointly with allies and other agencies. "We make the decisions as a group, not unilaterally," he said, noting that he had to constrain his remarks because the investigation was ongoing... He also suggested that "testing and validating" the decryption key contributed to the delay. "There's a lot of engineering that's required to develop a tool" that can be used by victims, he said at a Senate Homeland Security Committee hearing.
Emsisoft, however, was able to act quickly. It extracted the key from what the FBI provided Kaseya, created a new decryptor and tested it — all within 10 minutes, according to Fabian Wosar, Emsisoft chief technology officer. The process was speedy because the firm was familiar with REvil's ransomware. "If we had to go from scratch," Wosar said, "it would have taken about four hours."
So, the FBI Director lied to Congress? (Score:3, Funny)
I'm shocked. And I await his indictment for perjury.
Re:Question for lawyers (Score:5, Insightful)
The relevant perjury statute [govinfo.gov] applies against those who "willfully and contrary to such oath states or subscribes any material matter which he does not believe to be true." This is pretty different from requiring that everything said be "exactly correct from all points of view and with all combinations of the meanings of the words used."
I'll note that all the RW hate for Wray is strange. He was a Bush guy, then a Chris Christie guy, then a Trump guy who carried more water than he should have. But if you fail to enable a single coup, you get called a perjurious democrat and lumped in with Hillary Clinton. TANJ, but sometimes I'll settle for schadenfreude
Re:Question for lawyers (Score:5, Informative)
Steve Bannon is widely viewed as a fascist and a traitor. And Congress can't prosecute for perjury, they can refer to the matter to the Department of Justice who can then determine if charges are appropriate.
At least that's how we do it here in the United States.
And, of course, here comes the weak, cowardly, "whataboutism" defense. "Well, someone else was a dirty fucking traitor and didn't get prosecuted, so I'm allowed to be a dirty fucking traitor."
Re:Question for lawyers (Score:4, Insightful)
Trump negotiated our leaving a shithole nation we had no legal right to be in and no reason to stay in. Biden had the responsibility to either overturn that order and keep us there or, if not, plan for an orderly exit which he failed to do. It doesn't matter which side you fall on, Biden fucked it up while having full discretion over how to proceed. The funny part here is that no matter how bad they claim Trump to be, Biden has been significantly worse.
Re: (Score:3)
You want to toss a NewsMax link in there for good measure?
Re: (Score:1)
Try this for 1
https://www.nationalreview.com... [nationalreview.com]
Re: (Score:2)
When you say the MSM, are you talking about Fox? They're the number one cable news channel. https://www.forbes.com/sites/m... [forbes.com]
Re: (Score:1)
Just remember it's not a lie (Score:2)
if you believe it. [youtube.com]
Because they're the ones who did it, obviously. (Score:1)
Apparently they had to wait 18 days for full payment first. Gotta protect that R.O.I., you know. Fuck these guys. Seriously.
Re: (Score:1)
Incidentally, REvil is a FBI plant.
Re: (Score:2)
In their defense, the Russians are sneaky. Look at how they narrowly escaped that Russian collusion thing and then managed to not only convince or trick the Biden administration to remove the sanctions on their pipeline, but shut down pipelines in the US in the process.
Christopher Wray is getting better though. It only took him 18 days or so to realize he was dumped again by the Russians.
Re: (Score:2)
> the Russians are sneaky. Look at how they narrowly escaped that Russian collusion thing and then managed to not only convince or trick the Biden administration to remove the sanctions on their pipeline, but shut down pipelines in the US in the process.
This won't fit on a t-shirt. I need to get this message out to people with short attention spa.... oh look a squirrel.
Deja vu (Score:1)
Re: (Score:1)
They do this all the time. They've been counting on you forgetting about past incidents, though. They'd never have left the dots close enough together to form a line on purpose.
Re: (Score:1)
Wasn't this already posted on Slashdot previously? I swear I read this before.
You don't what "this" means.
That's your problem. Your thoughts are too small. Your words are smaller yet. You can't effectively describe your little thoughts, so you can't even figure out what you're complaining about.
There was a story about what happened. Now there is a story about why it happened. It isn't complicated. But you shortened everything that happened down to, "this" which is small enough to fit between your ears, but then every "this" looks the same to you.
Re: (Score:1)
Re: (Score:2)
In my experience, people who respond so aggressively with insults are highly insecure
I agree, that's why you wrote this reply to me, and you only included insults! Insults are 100% of your content, and that is because you're deeply insecure .
I don't care if you improve yourself. What difference is it to me? You talk about things you know would improve yourself; it isn't doing you any good.
Re: (Score:2)
He was probably thinking of this [slashdot.org], which also gave the reason the FBI delayed releasing the key -- including many of the same sentences as TFA this time.
You don't what "this" means.
You seem to have ___ a verb there, dumbass. I guess it didn't fit in that tiny space between your ears.
Re: (Score:1)
You seem to have entirely missed the point, too.
You found a missing word, wow, impressive. However, you missed the entire fucking point. So the missing word wouldn't help you even a little bit.
Ponder the difference between what, and why. Because it might help you to figure out what "this" is!
Re: (Score:2)
You couldn't figure out what "this" is. That was the entire crux of your earlier comment. You padded it out by insulting someone who didn't make the kind of dumb mistake you did, and who assumed that readers would be better at understanding context than you.
You are in a hole. Now would be a good time to stop digging.
Sooooo... (Score:2)
In an attempt to take them down (by doing nothin?), They ended up making sure the operation was profitable for the bad actors?
I'd think the plan would be to try and make it less profitable to commit the crime as step one.
Re: (Score:1)
In an attempt to take them down (by doing nothin?), They ended up making sure the operation was profitable for the bad actors?
I'd think the plan would be to try and make it less profitable to commit the crime as step one.
The success metric of the US Justice System isn't "number of people protected" or "number of dollars saved". It's "number of cases indicted/pled/convicted".
The behavior of the various law enforcement agencies and department, and the criminal court system, exhibits a very clear set of tropisms toward that metric.
Tripwires (Score:2)
It's pretty clear that REvil detected the FBI intrusion and shut down because of it.
Good job, FBI.
Back to framing Boomercons.
Re: (Score:2)
More likely, someone in the FBI or one of the involved agencies tipped REvil off directly. Moles are really hard to get rid of,
Re: (Score:2)
That's certainly a plausible scenario.
Equally:
The FBI infiltrates REvil's ransomware servers.
But REvil (or other sympathetic hackers) have already infiltrated the FBI's servers.
Neither 'side' detects the intrusion, per se, but one side becomes aware of the intrusion through reading the case summaries.
Or not.
Like someone else posited, it could simply be a case of a (now much richer) mole.
Gotta get results (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
They're lucky (Score:2)
Those companies are lucky the FBI didn't actually delete their files in the attempt to un-encrypt it. That would have been more normal procedure for them.
Re: (Score:3)
Re: (Score:2)
No obligation (Score:5, Insightful)
Sounds like someone wants to blame the FBI for not distributing the ransomware decryption key. What about the organizations that failed to properly protect themselves by building a secure network? And by not keeping their systems patched? By not ensuring their employees only have the level of access they need, and no more? By not ensuring their employees are trained to recognize intrusion attempts, and to not allow them in but to report them? By not ensuring their critical files were backed up off site, restorable should ransomware ever invade their network? All these tactics are widely known now, any organization that was threatened should have had the tools to avoid or at least recover from ransomware. Someone dropped the ball. And the FBI should not be obliged to pick it up. Should they help organizations when they have the means to do so? Absolutely. But the FBI is in the business of busting the crooks and that should be their priority first.
Re: (Score:3)
Sounds like someone wants to blame the FBI for not rescuing the kidnap victim. What about the parents that failed to properly protect themselves by building a secure house? And by not keeping their doors deadlocked? All these tactics are widely known now, any family that felt threatened should have had the tools to avoid or at least recover from kidnapping. Someone dropped the ball. And the FBI should not be obliged to pick it up.
Re: (Score:2)
It is a good thing that Ransomware hurts (Score:2)
If the FBI can easily bail them out then there is no need for the CEO to spend money on decent security.
That what pain is about. To stop animals from doing certain things.
This ransomware is nothing compared to what will happen if there is ever serious trouble with China. They will shut us down.
Re: (Score:3)
Sounds like someone wants to blame the FBI for not distributing the ransomware decryption key. What about the organizations that failed to properly protect themselves by building a secure network?
This is like if a gunshot victim was brought into an ER and allowed to bleedout, completely ignored by staff despite crying for help, and then during the malpractice trial you said "Well, what about the person who shot him? Why try to blame the medical staff for holding the gun?"
The responsibility to tend to the patient and the responsibility to not shoot someone are entirely distinct even if there are linked causes. The patient could have just as well shot himself, been taking a bullet to save an orphan,
Re: (Score:2)
The FBI (like other US law enforcement) has no duty to protect you [wikipedia.org].
Re: No obligation (Score:2)
I don't think he was talking about a legal obligation.
It's the implied deal that comes with the establishment of any governmental institution - to aid its people. There are times when that help is difficult to see explicitly, perhaps with some institutions more than with others (e.g. IRS?). But when you're actively damaging your society in the pursuit of your mission, that's when state is not "by the people, for the people" anymore. See for example various secret services in the Soviet region in their time
Re: No obligation (Score:2)
What about the organizations that failed to properly protect themselves by building a secure network?
Guilt is not a zero-sum game. Putting full blame on the FBI still leaves 100% of it to go around for other actors, e.g. the (admittedly, borderline criminally incompetent) victims.
Re: (Score:2)
Or perhaps like how Enigma was cracked, but the Allies still let people die from German attacks, even though they knew perfectly well the attack was going to happen.
Sometimes you don't want to let the attackers know you're on to them, or that you can read every message of theirs. Tipping them off can lead to even worse casualties in the future as one the attackers figure out the other side has the details, they may change things up and render the countermeasures useless.
Sometimes the need to not tip the oth
So (Score:3)
They tipped their hat to the bad guys, kicked the door in, shot the dog, and came up empty.
*golf clap*