【Text/Observer Network Ju Feng】
The Colonial Pipeline was blackmailed last month. However, the US Department of Justice said yesterday (7th) that most of the bitcoin ransom paid by the company to the hacker group has been recovered.
Colonial is the "artery" of oil transmission in the East, supporting 45% of the fuel supply on the East Coast and supplying oil to the military. The company was forced to suspend operations across the board after being hacked, and 17 states and Washington, D.C., were briefly in a state of emergency.
Colonial Pipeline (red and blue as the main line) Picture from: Company homepage
The company's CEO revealed in an interview last month that within hours of the company learning of the hacker's extortion, he authorized the payment of a ransom of $4.4 million — transferring a total of 75 bitcoins to the hacking group DarkSide at the then-bitcoin-dollar price.
At a June 7 briefing by the U.S. Department of Justice, Deputy Attorney General Lisa Monaco said investigators recovered "most" of the bitcoins paid by The Colonial Pipeline Transport Company, or 63.7 bitcoins, or about 85 percent of the total amount paid.
However, the value of these recovered bitcoins has fallen to about $2.3 million (about 14.71 million yuan). Recently, the bitcoin price has fallen from $63,000 in April to about $33,000.
U.S. Department of Justice holds a press conference Video screenshot
"Today we turned the tide," Monaco said at the launch, "we will continue to use all the tools, all the resources, increase the cost of ransomware and cyberattacks, and continue to investigate the entire ecosystem that supports extortion and digital extortion attacks, including crimes using digital currencies." ”
According to Monaco, the successful recourse mission was carried out by the Working Group on Extortion and Digital Extortion (RDETF), the first action of the newly formed group. This is a task force set up by the U.S. Department of Justice to combat ransomware. The Associated Press said this reflects the U.S. government's rare victory in dealing with the threat of cyber-blackmail.
On the 7th, Colonier thanked in a statement, "The Federal Bureau of Investigation (FBI) is the strongest law enforcement agency in the world, and we thank the FBI for its swift and professional work in this attack." The company said it would hold hackers accountable and take cyber threats seriously, investing in enhanced defenses.
Paul Abbate, the F.B.I.'s deputy director, said law enforcement has been investigating ransomware used by the "dark side" since last year.
On the 7th, a written testimony from the FBI showed that law enforcement officers used a real-time monitoring tool for blockchain ledgers to track several bitcoin transactions and finally confirm the address that received the ransom. In addition, they get the private key. A private key can be simply understood as a "password". However, no official documents and trial records explain how the FBI obtained the private key.
Early last month, after the Dark Side hacked into the Network of the Colonial Pipeline Transport Company, it obtained about 100GB of information documents and demanded a ransom payment that would otherwise be made public on the Internet. After a week of "maneuvering", at about 5 p.m. local time on May 13, Colonial announced the resumption of operations. The Associated Press reported that this was the worst cyberattack on critical infrastructure in the United States to date. The New York Times commented that the attack exposed the fragility of U.S. infrastructure as a "disturbing signal."
The Dark Side issued a statement on May 10 saying that their purpose was to ask for money, had nothing to do with politics, and was not meant to cause trouble for society. They also stressed that "starting today, we will adjust the program and check the background of each target company before the partner launches an attack to avoid negative future impacts on society." ”
The hacking group The Dark Side, founded last year, has been described as "young and professional." Biden reiterated on May 13 that the U.S. side believes that the people who carried out the cyber attack live in Russia, but does not believe that the Russian government is related to the extortion incident.
Finally, let's talk about Bitcoin, which is the world's first cryptocurrency. On November 1, 2008, the network name Nakamoto Satoshi (whose real identity is still unknown) published a white paper on Bitcoin online, elaborating on a decentralized, modern cryptographic-based trading system and its algorithm design. In 2009, the Bitcoin Creation Block was born.
Every once in a while, all transactions in the Bitcoin network are packaged and recorded in a block, and all blocks form a blockchain. In fact, all transactions of Bitcoin since its birth are recorded on the chain, are public, traceable( and can be viewed by anyone. It is not what many people think of as "not traceable".
But in Satoshi Nakamoto's design, the private key is generated by an elliptic curve encryption algorithm to generate a public key, and the public key is given an address by a hashing algorithm; both processes are theoretically irreversible. Therefore, Bitcoin has a high degree of anonymity; combined with its borderless and decentralized nature, it will be widely used in illegal activities such as money laundering. In this case of ransom recovery, how the FBI obtained the private key is worth thinking about.
This article is an exclusive manuscript of the Observer Network and may not be reproduced without authorization.