Slashdot Mirror
BBC Visits 'Hated and Hunted' Ransomware Expert (bbc.co.uk)
In "Hated and hunted," a BBC reporter describes visiting a ransomware expert "who has devoted himself, at huge personal cost, to helping victims of ransomware around the world."
They hate him so much that they leave him angry threats buried deep inside the code of their own viruses... "I was shocked but I also felt a real sense of pride," says Fabian. "Almost like, a little bit cocky. I'm not going to lie, yeah, it was nice...." He works remotely for a cyber security company, often sitting for hours at a time working with colleagues in different countries. When he's "in the zone", the outside world becomes even less important and his entire existence focuses on the code on his screen. He once woke up with keyboard imprints all over his face after falling asleep during a 35-hour session.
All of this to create anti-ransomware programs that he and his company usually give away free. Victims simply download the tools he makes for each virus, follow the instructions and get their files back... According to research from Emsisoft, the cyber security company Fabian works for, a computer is attacked every two seconds. Their network has managed to prevent 2,584,105 infections in the past 60 days -- and that's just one anti-virus firm of dozens around the world.... "It's pretty much an arms race," says Fabian. "They release a new ransomware virus, I find a flaw in its code and build the decryption tool to reverse it so people can get their files back. Then the criminals release a new version which they hope I can't break... It escalates with them getting more and more angry with me...."
Fabian accepts that moving around and restricting his life and circle of friends is just a part of the sacrifice for his hobby-turned-profession... He earns a very good salary but looking around his home and at his life it's hard to see how he spends it.
He estimates that he's "upset or angered" 100 different ransomware gangs (based on his analysis of the Bitcoin wallets where they collect their ransoms.) One group had collected about $250,000 (£191,000) in three months -- until Fabian created a countering anti-ransomware program -- which is one reason he carefully hids his identity.
"I know how much money they make and it would be literally nothing for them to drop 10 or 20,000 for like some Russian dude to turn up to my house and beat the living hell out of me."
All of this to create anti-ransomware programs that he and his company usually give away free. Victims simply download the tools he makes for each virus, follow the instructions and get their files back... According to research from Emsisoft, the cyber security company Fabian works for, a computer is attacked every two seconds. Their network has managed to prevent 2,584,105 infections in the past 60 days -- and that's just one anti-virus firm of dozens around the world.... "It's pretty much an arms race," says Fabian. "They release a new ransomware virus, I find a flaw in its code and build the decryption tool to reverse it so people can get their files back. Then the criminals release a new version which they hope I can't break... It escalates with them getting more and more angry with me...."
Fabian accepts that moving around and restricting his life and circle of friends is just a part of the sacrifice for his hobby-turned-profession... He earns a very good salary but looking around his home and at his life it's hard to see how he spends it.
He estimates that he's "upset or angered" 100 different ransomware gangs (based on his analysis of the Bitcoin wallets where they collect their ransoms.) One group had collected about $250,000 (£191,000) in three months -- until Fabian created a countering anti-ransomware program -- which is one reason he carefully hids his identity.
"I know how much money they make and it would be literally nothing for them to drop 10 or 20,000 for like some Russian dude to turn up to my house and beat the living hell out of me."
I remember when the Bulgarians were the best hackers. They would include the names of viruses they had written on their resumes when applying for a computer job. Many firsts. Are they still in the game I wonder?
Just create an etherium payable contract that pays when the ransom where evil doer is killed, as measure by whatever method the contract specified as satisfactory proof the right person received the right result.
Setting aside for now the fact that that's horrible, how would it be implemented? Say it's not about killing someone but about buying a puppy. What is the oracle which tells the system that the requirements have been met?
A cat can't teach a dog to bark.
“It’s pretty much an arms race,” says Fabian. "They release a new ransomware virus, I find a flaw in its code and build the decryption tool to reverse it so people can get their files back.”
How does this work? There's probably some government agencies with the ability to crack various encryption schemes, but a dev at some anti-virus company?
I'm sure he's pretty good at what he does, and there's probably a handful of instances where the ransomware folk did something dumb. But file encryption is pretty standard stuff, and I can't imagine it's too hard to generate a unique decrpytion key for each victim and to stop that key from persisting on the victims machine.
So is the story mostly hype and the guy just cracked a couple crappy tools? Are the ransomware folk really that incompetent? Or am I missing something?
I stole this Sig
Hello,
While Bulgaria was once a hot-bed of virus activity in the DOS era, the focus on malicious software has spread throughout Russia, Eastern Europe and the Baltic states, to the extent that it has crowded out Bulgaria as being a well-known source of malware. Of course, today malware is a global phenomenon, and you find clusters of development throughout the world, including regional specializations in both Asia and Latin America for targeting domestic banking, for example.
Vesselin Bontchev, one of the first people to document the Bulgarian virus scene via his seminal work, The Bulgarian and Soviet Virus Factories, remains active in the field and would probably be the best source for current information on Bulgaria's position in the threat economy. He can also be found on Twitter, where his tendency towards logorrhea is somewhat tempered by the 280-character limit.
Regards,
Aryeh Goretsky
Dexter is a good dog.
Years ago, Fabian was a teen heartthrob back during my mother’s youth... and now, here in his twilight years, he’s helping ransomware victims recover their data? That’s seriously impressive.
#DeleteChrome
You think he isnt aware who he is pissing off? Its not the italians.
The BBC is one of the worlds most respected media outlet. Normally when there is a polarizing debate, where I find both side to be exaggerated (which is easy to get on American News, and flipping sources to weed out the truth from hyperbole) I find that the BBC give a much more level headed explanation on the topic.
Now the BBC could be banking on its good Karma, and work with the ransomware makers, but you can burn good Karma much faster then you can build it up. Besides Ransomware really doesn't bring in that much money.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
The BBC is one of the worlds most respected media outlet.
They were, at one point, but certainly not since #PanoDrama.
Cain was a farmer and offered up fresh, moist fruits and vegetables while Able was a rancher/herder and offered up the carcasses of animals rich in fat.
Both were offering their best products, but the flames were bigger and brighter when consuming the fat bone and fur than they were when consuming the fresh, moist, vegetables, so it was assumed that God was more pleased by the one that burned better than the other.
Due to that assumption, Cain became jealous and killed his brother.
As far as I am aware, God was happy with both, at least until Cain committed murder.
I can see why someone may think that, but there was an aspect to the interview, that was cut out. I used to live in one of the big German Baltic Sea harbour cities. The local shipyard was/is essentially a money laundering operation for the Russian mob. So obviously, when I started to get threats from Russian groups, in particular, that makes you feel rather uneasy. Especially given that ransomware campaigns often have trouble turning the bitcoins back into "clean" money and the go-to people for money laundering in the former USSR regions is the Russian mafia.
People are also not aware of Germany's mandatory IDs and registrations. Essentially, if you want someone's address, you can go to the local municipality. As long as you provide enough information that allows them to uniquely identify a person in their records, you can obtain their address for a small fee (~$10). If you can make a valid claim (like they owe you money), you can get a lot more information than that. The amount of information you need to provide varies a bit. But usually, the full name is enough, provided there isn't another person with the same name in the same region. In that case, you may have to add in the birthday or an old address as well.
So yeah, not really xenophobia. Just the local organised crime in the area I used to live with given with the fact that the groups with the most credible threats were from former USSR countries.