(DIR) Home
Ransoms, tattoos and million-dollar bounties: authorities 'doxx' an
alleged cybercrime kingpin
(HTM) Source
----------------------------------------------------------------------
In the right hands — or the wrong ones — it's the kind of sensitive
information that could be used to steal a person's identity and wreak
financial havoc in their name.
But the target of this "doxxing" is allegedly one of the world's most
prolific cyber criminals, the leader of a ransomware gang so brazen it
offered a million dollars to anyone who could turn up information on
the real-world identity of a leader known online as "LockBitSupp".
In the end it was authorities in the US, the country most heavily hit
by his alleged crimes, who outed Dmitry Yuryevich Khoroshev, a
31-year-old Russian with crew cut and now a US$10 million (AUD$15.2
million) US government bounty hanging over his head.
Khoroshev is allegedly a leader of LockBit, an online extortion outfit
blamed for nearly one in five ransomware attacks on businesses in
Australia and thousands more throughout the world.
He's made powerful enemies.
A wave of sanctions and travel bans now target him in the US,
Australia and notably the UK.
The latter would imperil any wealth the accused criminal entrepreneur
might choose to plunge into London property, along with the estimated
1.1 billion British pounds ($2 billion) in criminal proceeds being
laundered in the city also known as "Londongrad".
Even more provocative was the official unmasking of the alleged
mastermind hacker by the US Department of Treasury's Office of Foreign
Assets Control.
Its website published the numbers of Khoroshev's two Russian
passports, his tax identification number, digital currency address,
email addresses, date of birth and aliases.
"They are sensitive details that can be used to perpetrate identity
crimes... particularly passport numbers that you wouldn't expect to be
released publicly," Queensland University of Technology criminologist
Cassandra Cross says.
"There's a lot of irony in this space."
Authorities released Khoroshev's details knowing that LockBit had
distinguished itself by disparaging cybercrime rivals in online
forums.
It also pulled publicity stunts, like paying people to get LockBit
tattoos.
Ransomware outfit LockBit offered to pay people to get tattoos as a
publicity stunt.(Supplied: Twitter/X)
Almost two years into LockBit's global crime spree, the hackers became
the hacked.
In February, the UK's National Crime Agency, as part of the
international Operation Cronos, took over LockBit's own darkweb site
to expose the group and announce arrests and cryptocurrency seizures.
US Treasury says the "ultimate goal of sanctions is not to punish but
to bring about a positive change in behaviour".
But Clare O'Neil, Australia's Home Affairs and Cyber Security
Minister, is more upfront about the endgame.
"Cyber sanctions... are an important tool, inflicting real hurt and
punishment on cyber criminals who are trying to harm our citizens," Ms
O'Neil says.
But they're "not a magic bullet because there isn't one", she says.
Australia's Home Affairs and Cyber Security Minister, Clare O'Neil,
says sanctions are a way of "inflicting real hurt and punishment on
cyber criminals".(AAP image: Lukas Coch)
The cybercrime boss at the Australian Federal Police, Acting Assistant
Commissioner Chris Goldsmid, says it supports the "decision to
publicly name Khoroshev".
"By taking away his anonymity, it has severely undermined Khoroshev's
credibility with cyber criminals and also signals any dealings they
have with him could be subject to law enforcement action."
Local police often struggle to do more than victim support in the face
of Russian cybercrime gangs like LockBit and BlackCat, who reach in
from a jurisdiction where the prospect of extradition is as remote as
an Arctic penal colony.
## LockBit blamed for 18 per cent of Australian ransomware attacks
The AFP, in league with the military spooks at the Australian Signals
Directorate (ASD), says it's working with state and territory police
through 119 reported cases of Australian businesses and individuals
targeted by LockBit.
These made made up 18 per cent of ransomware complaints in Australia
last financial year, the AFP says.
Mr Goldsmid says it's also "used information collected to trace the
global LockBit network and build the global case against the
ransomware criminal group", sharing information with overseas partners
"for months".
The US Department of Justice says LockBit has targeted more than 2,500
victims worldwide, raking in more than $US500 million ($760 million)
in ransoms.
It says LockBit, which takes a cut of ransoms obtained through
licensing its software to criminal associates, is responsible for
attacks on organisations in critical sectors, from financial services
to education, emergency services and healthcare.
LockBit is known for "double extortion tactics", where cybercriminals
extract victims' data then encrypt their computer systems before
demanding payments.
The US State Department has offered a $US10 million ($15.2 million)
reward for information leading to Khoroshev's arrest or conviction.
He's been charged in absentia with violating US computer fraud and
abuse laws.
In an unsealed indictment, prosecutors in the US allege Khoroshev
"acted as the LockBit ransomware group's developer and administrator
from its inception in or around September 2019" until this month.
He allegedly reaped financial rewards from a variety of roles in the
group, including managing criminal affiliates, recruiting new
ransomware developers, and leading LockBit's efforts to keep going
after its hacking by law enforcement in February.
UK authorities blame LockBit for facilitating a 20-month spree of
7,000 online attacks up to February, with most victims in the US, UK,
France, Germany and China.
According to the ASD, part of LockBit's success came from making its
ransomware easier to use for "those with a lower degree of technical
skill".
It also offered a "stark contrast" to criminal rivals by taking its
cut after affiliates extracted their ransoms from victims, the ASD
says.
## Question over whether paying ransoms could breach sanctions
The Australian sanctions make it a crime to provide Khoroshev with
assets, or use or deal with his assets.
The ABC asked Ms O'Neil's office if that meant that companies or
individuals in Australia could be breaking the law by paying LockBit
ransoms.
Her office referred questions to the Department of Defence.
Defence referred questions to the Prime Minister's Office.
The ABC had not received a response at time of publication.
Later, a spokeswoman for the Department of Foreign Affairs and Trade
said "while the government strongly discourages the payment of
ransoms, the focus of the sanctions regime is to disrupt and frustrate
the perpetrators of ransomware attacks, not to punish victims of
crime".
Cybercrime experts agree it's a bad idea to pay ransoms, which are no
guarantee of ending an extortion ordeal.
Professor Cross says there's "no guarantee that you will get the data
back in the state that it was taken. And there's not necessarily a
guarantee that it still won't be used against you or that you won't be
targeted for further ransoms in the future".
But that hasn't stopped companies quietly taking damage control into
their own hands, in cases which remain closely guarded boardroom
secrets.
"There are organisations globally who likely have paid ransoms for a
variety of reasons," Professor Cross says.
"There may be circumstances for individual companies depending on what
type of data is lost, the impact it has on their business and their
ability to recover."
Queensland University of Technology criminologist Cassandra Cross says
companies sometimes choose to disregard government advice and pay
ransoms to cyber criminals. (Supplied)
Professor Cross says the decision to release "fairly sensitive"
details about Khoroshev raises a kind of conflict seen around data
breaches.
"This tension between, 'We want to protect certain citizens — but
happy to expose other citizens essentially to the same potential
outcomes,'" she says.
"From a victim perspective, I guess it doesn't matter who's
perpetrating the offences.
"At the end of the day, it's data that's being exposed that
potentially sets people up for identity theft and fraud."
Cyber Security Minister Ms O'Neil says that "almost all countries in
the world are facing the same problems".
"Not just generally, but specifically: the same technologies, the same
actors, the same kinds of targets," she says.
"To tackle ransomware, we have to use these deep international
partnerships."
______________________________________________________________________
Served by Flask-Gopher/2.2.1