În cea mai recentă postare de pe canalul de Telegram al website-ului vx-underground, @Smelly (creatorul platformei) anunță public faptul că a reușit să ia un interviu unei persoane care activează în zona de ransomware a criminalității cibernetice. Detalii legate de identitatea persoanei, alias-ul folosit în mediul online sau gruparea din care face parte nu au fost însă divulgate. Acesta este prezentat sub numele de RWO-09-26, adică ”Ransomware Operator september 26”.
Este interesant de observat modul în care persoana intervievată se raportează față de restul oamenilor, acesta insistând pe faptul că nu se consideră a fi un hacker. În debutul interviul acesta menționează că, el este un ransomware operator (operator de ransomware) și că nu consideră a fi ilegal ce înteprinde el, argumentând că este un ”drept universal de a efectua pentesting fără permisiune”.
În legătură cu topicul de cyber-threat intelligence, acesta pare să fi abordat o atitudine neutră, menționând chiar faptul că nu există vreo persoană din această ”industrie”, care să nu fie conștientă că este sub observație. Instituțiile sau agențiile de intelligence nu reprezintă cea mai mare amenințare pentru ei, dar a aminitit compania de threat intelligence MANDIANT ca fiind un adevărat adversar.
Un alt subiect important pe care l-a adus în discuție @Smelly a fost aspectul financiar și care sunt câștigurile rezultate în urma unei campanii ransomware de succes. RWO-09-26 a precizat că o campanie reușită de atacuri ransomware aduce câștiguri de ordinul milioanelor de dolari. Cel mai mare obstacol în încasarea efectivă a câștigurilor este reprezentată de realizarea operațiunii de cash out, adică încasarea veniturilor din criptomonedă în monedă clasică. Acesta amintește de metode simple de cash out precum comercializarea de produse și servicii digitale fictive pe care le achită din fondurile sustrase, sau o variantă ce presupune achitarea de servicii de videochat, urmând ca mai apoi fondurile să fie “plimbate către destinația potrivită”.
Având în vedere sumele exorbitante generate de această industrie, în grupările ransomware de renume, pentru astfel de operațiuni este asignată o persoană specializată în acest domeniu, purtând titulatura de shadow banker.
Pentru a înțelege mai mult despre cum funcționează industria ransomware în contextul actual, puteți parcurge interviul integral mai jos:
* In this interview this person will be identified as RWO-09-26 (Ransomware Operator, September 26th) * vx-underground has confirmed the work of RWO-09-26 - Current alias and previous aliases are omitted - Current and previous ransomware group associations are omitted смелли: When did it all begin? When did you start your career as a hacker? RWO-09-26: Idiot, I'm not a "hacker". But, I became a ransomware operator in 2018. смелли: What do you mean you don't "hack"? RWO-09-26: I'm a pentester, or a consultant. Hacking is illegal, and for nerds. Have you seen that video from Vice of that idiot "hacker" larping? [https://www.youtube.com/watch?v=cdfZsJd4D28]. This video is what I imagine you dirty American security researchers to look like. When I'm negotiating, the person on the otherside most certainly looks like this. Not everyone is blessed with good lucks like Vinny Troia) смелли: You do understand you're a criminal, ya? RWO-09-26: I'm not a criminal. Criminals are the criminal organizations who act in bad faith and fail to reach an agreement. It's a basic human right to perform pentests without authorization, even to hospitals. xD смелли: Do you understand that readers will scoff at this remark? You're a Russian ransomware operator. A criminal. What do you have to say about this? RWO-09-26: I'd tell them this: Where am I? And, where are you? You're sitting in your one room shack, making money off of people like me. If I didn't exist you would be scanning Walmart groceries for other dirty Americans like yourself and getting paid peanuts. смелли: OK, "where are you"? Are you hiding in Russia? Don't you fear for your safety? Aren't you afraid of extradition to the United States? RWO-09-26: I'd like to see American law enforcement try. I dare them to try to step foot in my country. You'll have a soldering iron jammed up your ass the second you step foot in my country. When you idiot Americans contacted Russian authorities about me. What happened? I was questioned and let go in a couple of hours. Hahahahaha. This is how serious we take you Americans. I still can't believe you Americans passed questions on to our law enforcement. смелли: Let's back up for a second... You said in 2018 you started your career as a "pentester". How did you become a "pentester?" Normally, for someone to become a Red Teamer, or pentester, or anything in offensive security, companies require (or would like) someone with atleast a Bachelors degree, or some sort of certificate as such as OSCP. RWO-09-26: I was as westerners say "a skid", or a leech. I stole proof-of-concepts from GitHub. You don't really need skill in this game. Your first couple of years you have to do a lot of dirty work. Once you establish a name for yourself and make some money you can buy access or work with poor people for a percentage of money. You can comfortably rely on poor people to do the real technical work. It feels good to exploit people. Replying to your other question, what kind of question is that? Are you stupid? Of course I have a computer education. I attended a university. I have some CompTIA certificates and some CISCO certificates. I also learned from various internet forums. Everyone begins somewhere and these are a good way to build some experience. But, I think these certificates are just fads. And, before I became a ransomware operator, I worked as a system adminstrator for a small company in my city. I lost my mind. I worked long hours and was paid almost nothing. I discovered my cousin was committing credit card fraud, stealing credit cards from the Americans. He was doing questionable things but making good money. That is when I decided to stop being a system adminstrator and become an "internet thug". Working in IT is like being a monkey. You're a slave. These people are in a terrible state. You have obese smelly Americans, who don't shower, and earn a fraction of what I do. They will work until the day they die living with your cats, or dogs. смелли: "It feels good to exploit people"? Don't you think thats unethical? RWO-09-26: No. It is the same way fortune 500 company executives make millions of dollars but only pay their employees $100,000+ a year. These people underpay and exploit their employees for labor. Why can't I? смелли: Gotcha. Well, how is your cousin now? Is he involved in ransomware with you? And, does your family know you're in ransomware? Does it run in the family? RWO-09-26: I haven't spoken to my cousin in a long time. He's some broke bastard now. Everyone who was involved with credit card fraud went broke. I hopped off the boat as it was sinking. To answer your other question: my family knows I am a consultant for the Americans. I am happy I am able to buy my family gifts. смелли: Do they know you're a career criminal though? Do they know intimidate details? RWO-09-26 I'm not a criminal. And no, they don't know the details. смелли: Growing up did you imagine yourself being a career criminal? I think most children imagine being an astronaut or becoming a president. RWO-09-26: Once again, смелли, I am not a criminal. I am a consultant. But, growing up I had a computer at home, but I never imagined myself working in IT, or doing anything with computers really. The computer we had at home was some old piece of shit. I can't even remember the name of it anymore. My career now as a consultant is a result of mental illness, or the drugs that have fried my brain. смелли: Drugs? Do you smoke marijuana? Or do you do hard drugs like methamphetamine and heroin? RWO-09-26: I smoke marijuana and I like eating mushrooms. I don't plan on overdosing on opioids like you Americans. смелли: How often do you smoke weed? Do you have a favorite type? Have you ever tried 'pure thc extract'? Hahahahaha RWO-09-26: I smoke probably a few times a day. But no, I don't really have a favorite strand. I buy whatever my dealer recommends. Marijuana is illegal here, I can't walk walk into a dispensory like you loser Americans. And no, I've never tried pure THC extract. смелли: You seem to dislike Americans. Do you like American music or movies? RWO-09-26: don't really watch a whole lot of movies. But, I am watching this Jeffrey Dahmer show on Netflix. He reminds me of myself except I'm nota serial killer and I'm not gay. For music I really like Timati. смелли: Any song you're really into right now? RWO-09-26: Hips don't lie by Shakira. Hahaha смелли: On the subject of drugs, Americans can buy marijuana legally. What's your opinion on the online drug trade? Do you think it's safe? I've noticed a lot of Russians tend to be anti-drug RWO-09-26: I am against drugs too but I have no choice but to use them. Stay away from drugs, kids! Or else you'll end up an addict like me. But, I don't care about online drug trade. I just get whatever my dealer offers. Is it safe? Well, if he ends up lacing it and I die... I guess... I die. I guess that would be good for you Americans as it would mean less companies being ransomed. смелли: I see Threat Intelligence discussing ransomware a lot. Why aren't drug forums discussed as much? RWO-09-26: Because no one gives a shit about junkies. You can find them in the streets. Are you going to find a ransomware operator on the street? смелли: What is your opinion on Cyber Threat Intelligence? Prior to this interview you said some pretty nasty things about some Cyber Threat Intelligence people on Twitter. RWO-09-26: Threat "Intelligence" is just as unethical and dirty as the executives that exploit poor people labor. They scrape web forums, like XSS or Exploit, and sell snake oil. These people are clueless. Do you honestly believe we don't know we're being watched? You tell us on Twitter. It is all unvetted "intelligence" - it is called Mandiant Advantage. смелли: Prior to this interview, and now during this interview, you've named Mandiant a couple of times. What is your opinion on Mandiant? What is your opinion on their competitors like CrowdStrike or Recorded Future? RWO-09-26: Mandiant is the enemy. But, you must admit they're very smart. I don't fear the FBI, I fear Mandiant. They are the scariest Threat Intelligence company, especially now that they are owned by Google. CrowdStrike and Recorded Future though, they're not in the same league as Mandiant. How often do you even hear the name CrowdStrike? смелли: You seem aware of what these Threat Intelligence people say or do. What is your opinion on Threat Intelligence people online (such as Twitter)? RWO-09-26: I'd really like to use this interview to issue threats to ***, ***. and ***. смелли: You've wanted to use this interview to share some negative opinions on threat intelligence analysts. Is there anyone in threat intel you like or respect? RWO-09-26: I respect Dima, Azim, Catalin, Soufine, Ido, pancak3, and even that filthy pig Chuong Dong. Their work is accurate and factual unlike sham researchers like *** and the criminals like such as *** who sell databases on Breached while also posing as a researcher. My favorite is Charles Carmakal. I don't like that rat ***. смелли: Some threat intel people say ransomware operators make millions, or billions. Are all ransomware groups and operators this wealthy? Or a select few? RWO-09-26: Billions? No. Millions? Yes. смелли: Just the big groups, right? RWO-09-26: No, even small groups can become millionaires. Babuk made millions. смелли: Do you think its hard for non-Russians to cash out such large quantities of money? RWO-09-26: It's not hard to cash out that much money. *** cashed out millions and he hasn't been caught. It really isn't that hard. You just make an LLC for the purpose of laundering. Its fairly common, truthfully. You can easily launder millions by "selling" virtual items. You can also launder money from OnlyFans. You can offer most small time sex workers a percentage of the money washed through it. They will happily accept this. смелли: How common is it to launder money through sex workers on OnlyFans? RWO-09-26: Right now it accounts for less than 10 percent of our revenue. смелли: Do you think its easier to launder money yourself or hire a shadow banker? RWO-09-26: If you're an American, just launder it yourself. Otherwise its best to let a shadow banker handle it. смелли: Do you have a shadow banker as a team member? Can you tell me how this process works? Other ransomware operators I've spoken with don't like to disclose details. Lockbit [Lockbit Administrator] only briefly told me. RWO-09-26: You will likely never know the full details. But, the team member responsible for the money has a network of money mules. Our banker is responsible for managing this network of money mules and transportation. These days we are forced to be more aggressive with money laundering due to the volatility of cryptocurrency. смелли: Off-topic: with all the money these ransomware people are making, have ever personally seen someone lose all their money? RWO-09-26: Yes, from gambling. I know an affiliate who made $8,000,000 from a ransom. He got pwned and then couldn't figure out how to cash out. When he finally got his month in October Bitcoin had dropped probably 60% in value. He ended up losing all the money to gambling like an American. смелли: You've answered a lot of questions. I have a few more and we will wrap up this interview. The business youre in can be cold blooded and ruthless. are there any moments in time you thought something went too far? RWO-09-26: Yes, in the past I have witnessed the usage of a CEOs 10-year-old daughter TikTok. Or, witnessing sending victims photos of their children. Personally I don't like involving children. It gets the job done, it is good pressure tactic. Nothing is more effective than sending an email claiming you will hurt their children. смелли: Lets be honest. Do you feel stressed from your line of work? Running vx-underground can be exhausting sometimes. Are there days when it feels like it's too much? RWO-09-26: Yes because you never when someone is about to stall, or deliberately waste time. You might think its a huge payday, and the negotiator might word their responses to make you think they are scared and going to pay. But it's all just tricks by the dirty americans. It gets exhausting negotiating with idiots, all day, waiting for a half-assed response. It is irritating when the negotiator uses you to do THEIR JOB. Sometimes they ask us details to random questions about the breach. Close the ticket, DFIR. This is why we no longer provide a file tree. смелли: What's next for you? Where do you see your future going? RWO-09-26: I think I'm going to take a break soon. Maybe I'll get a normal job. смелли: You live a very strange life. Do you ever plan on writing a book? RWO-09-26: No. No free Intel for you смелли: Is there something you wish you could change about your life? RWO-09-26: Yes, I would be born in America instead, I wouldn't have to be a criminal thug. Maybe if I was born in America from the beginning things would be different. Maybe I would think differently. I could be working in Big Tech like Google.