Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:02
Let. Me Stop you for it's a heck
0:04
of. A. Bunny Sq
0:06
couple questions and should we are can a
0:09
bar. Yeah, no matter how ahmed
0:11
soccer I'm sorry if a. And
0:14
so we love We Love Talkers! From
0:19
recorded future news, I'm Dina. Temple
0:21
Rest and this is click. Here
0:23
is might drop and extended cut
0:26
of an interview we did that
0:28
we think you might wanna hear
0:30
a little more. Today we're talking
0:32
to Analyst ones John Dimaggio about
0:34
something we found pretty crazy. A
0:37
dark web court for hackers.
0:39
Someone didn't pay you some agreement.
0:42
Go right. Tone take belong your
0:44
own aims You taken to court. Will
0:48
be right back. If
0:56
you're looking for a daily guide to
0:59
cyber security news and policy, sign up
1:01
for the Cyber Daily. From recorded future
1:03
news, it serves up the day's most
1:06
interesting and important cyber stories from our
1:08
sister publication, The Record, and then aggregates
1:10
all the big cyber stories you might
1:12
have missed from news outlets around the
1:15
world. Just go to The Record.media and
1:17
click on Cyber Daily to get all
1:19
you need to know about the world
1:21
of Cyber Security right in your inbox.
1:25
What? If someone you love asked you to
1:27
help them die, what would you say? This
1:30
is the powerful question at the heart of
1:32
the ultimate choice. The series follows the journey
1:34
of Michael and his wife and as they
1:37
grapple with his request to choose the way
1:39
he wants to die. I'm Rob Crib and
1:41
through their story I learned a lot about
1:43
my own family. I hope the shows a
1:46
way to start conversations many of us want
1:48
to have. But rarely do. The
1:51
ultimate choice is out now. i'm
1:58
dina temple mosque And this is
2:01
just here's me. So
2:05
let me just start with the easy one. Could you
2:07
introduce yourself to us, please? Sure.
2:09
I'm John DiMaggio. I'm the chief
2:11
security strategist at analyst one. It's
2:14
a threat intelligence company in Virginia. And
2:17
John is known for a lot
2:19
of things, but recently probably best
2:21
known for something called the ransomware
2:23
diaries. It's
2:26
a kind of multi-volume set of reports
2:29
about the time he spent lurking in
2:31
hacker chat rooms and inside Lockbit, which
2:34
is one of the world's most notorious
2:36
ransomware gangs. I've talked to Lockbit for
2:38
a long time, the
2:40
leader of Lockbit. Lockbit's up. It's
2:42
short for Lockbit Support. And
2:45
he was one of the administrators of the group for
2:47
years, although now he's thought to be in charge
2:49
of the gang, which isn't
2:51
much of a gang anymore, at
2:53
least hasn't been since February. Today,
2:56
we can announce that the National Crime
2:58
Agency has successfully infiltrated
3:00
and fundamentally disrupted Lockbit.
3:03
We talked to Lockbit about all that in
3:05
our last episode. We have hacked the
3:08
heaters. The
3:11
operation had John punch in the air. It's
3:14
been years of work where we haven't
3:16
had a lot of wins. So it
3:18
felt amazing. It felt really good. I
3:20
went out to dinner that night. I
3:24
had a glass of really expensive bourbon. I
3:26
mean, it was a nice night. But
3:28
then John noticed something he hadn't
3:30
expected. It wasn't only
3:32
law enforcement that was punching the air.
3:35
People in the dark web were too.
3:37
When he went down, a lot
3:39
of criminals took joy in that.
3:41
And there was a lot of
3:43
trash talking and what
3:45
almost seemed to be a bit of a celebration. It
3:48
turns out, just a few
3:50
weeks before Operation Chronos seized
3:52
Lockbit's infrastructure, Lockbit's sub was
3:54
an arbitration. In the inner
3:56
recesses of the dark web. What
3:59
you are witnessing... Some
4:01
experts said compared to club
4:03
the bones court for half.
4:09
Sounds. A little off brand tie
4:11
know, but if you think about
4:13
it, even hackers in the dark web
4:15
running criminal enterprises need to abide by
4:17
some basic rules. Like. If
4:20
you do work for someone then they
4:22
promised to pay you. They should do
4:24
so. A. Kind of honor among
4:26
thieves thing. Someone says
4:28
over the years hackers have adopted a process
4:31
to make sure that the basic. Rules.
4:33
Of the criminal world get follow. They
4:35
have a court system one party will
4:37
go in in in post the claim
4:39
of what how they were wronged and
4:41
the other party will then be contacted
4:43
in have the ability to show their
4:45
side. And according to a
4:47
report published by Analyst One, literally
4:50
dozens of complaints go through arbitration
4:52
process every day. The
4:55
proceedings are held in sort of virtual. Apartments
4:57
Convened. Inside some of the most
4:59
established Russian speaking. Discussion. And
5:02
southern. Some have been around for over. Twenty years
5:04
so they are there sir A coveted
5:06
as is the place to go and
5:08
you grow and rank and refutation ah
5:11
has as you spend time there and
5:13
talk in in in in the house
5:15
criminal activities where where people buy into
5:17
what you're doing. So these forums
5:19
with names like X, Ss, and
5:21
exploit actually serve to functions. People
5:23
buy and sell services that someone
5:25
might be selling access to a
5:27
network someone else might have a
5:29
hack into. But if one of
5:31
these deals between them the south,
5:33
there's a way to make things
5:36
right. Hackers can
5:38
file grievances and present evidence.
5:40
Like a beach communication logs. There could
5:42
be database logs that could be victim
5:44
of a seesaw river. it might be.
5:46
They can post all that and they
5:49
share and. Other people on the farm
5:51
can also a. Know
5:53
they're more like peanut gallery and
5:55
jerk. And
5:58
then it all goes to a kind of. hacker version
6:00
of a judge. There's like a
6:02
judge who is an administrator, a senior
6:05
administrator of a forum, who's supposed to
6:07
have this unbiased assessment of it and
6:09
then award a winner of the case.
6:15
And just like a real court, after
6:17
a verdict, there are damages assessed, usually
6:19
in the range of a hundred to
6:21
a few thousand dollars. Once that award
6:23
is determined, whatever they determine needs to
6:25
be paid out, must be paid. And
6:27
if you don't. If you do
6:29
not pay, you are banned from the forum.
6:32
What's even more crazy about all of this
6:34
is the other Russian
6:36
forums follow suit. And just
6:38
to make sure, everyone knows who refused
6:40
to respect the court's judgment and didn't
6:42
pay their fine. They're marked
6:44
as. A ripper, but it basically means
6:46
scammer, which is sort of like a disgrace in
6:49
that community. This
6:55
is what happened to lockbits up in January. Only
6:58
it wasn't a matter of just a couple
7:00
of thousand bucks. Allegedly, there was
7:02
a $10 million payout. Lockbits
7:06
up was planning a ransomware attack, but first
7:08
he needed to get into the victim's network.
7:11
So he partnered with someone who had
7:13
access to that network. And
7:15
they started to discuss payment. The
7:18
broker, John says, wanted to be
7:20
paid upfront before Lockbit executed the
7:22
attack. The only problem was- Lockbit
7:25
doesn't work that way, so he told
7:27
him, no, you'll get paid once we
7:29
have results and victims begin to pay.
7:32
So the access broker essentially
7:34
said, okay, gave him access,
7:37
provided that access essentially for free, believing
7:39
that he would get paid after the
7:41
fact. But allegedly, when the
7:44
$10 million ransom payment eventually came
7:46
through, the access broker asked
7:48
for nearly half the money. $4
7:52
million. That's what he felt
7:54
his cut was of that $10 million. And
7:57
of course Lockbit felt that was a ridiculous amount.
8:00
to that up front, I told you I'd
8:02
pay you but it won't be anywhere near close to that. So
8:04
the access broker took Lockbit's up to Hacker
8:07
Court and won and I guess
8:09
the judge decided that four million was the
8:11
right amount that this access broker
8:13
should have? They did. And then
8:16
Lockbit's up did the one thing that you're
8:18
really not supposed to do. He
8:20
ignored the court's decision. Lockbit now said
8:22
he refused to pay them anything because
8:25
by initiating that case they made their
8:27
whole dispute public or at least public
8:29
to these anyone who has access to
8:31
these forums and reporters ended
8:33
up hearing about it and it was, you
8:35
know, widespread news. That's sort of a sin
8:38
amongst criminals is to put your information out
8:40
there publicly. So if that hadn't happened he
8:42
claimed that he would have paid him something
8:44
but because he did that that sort of
8:47
made him like a rat. It was
8:49
the principle of the thing? It was the principle.
8:51
100% the principle. Yes,
8:54
that's correct. It
8:56
was the principle. Lockbit's
8:59
up was banned from two of
9:01
the major Russian-speaking forums and he
9:04
was marked with this kind of hacker's scarlet letter.
9:06
It is now ordered that you shall
9:08
wear upon your bosom for the rest
9:11
of your natural life the
9:13
scarlet letter A. But
9:18
the sort of surprising thing is that
9:20
for once John says Lockbit's up may
9:22
have been in the right. I mean these
9:25
guys are all unethical. You're all criminals. No
9:27
one's gonna feel bad for you but if
9:29
you just look at it from a business
9:31
and an illegal aspect you can't expect someone
9:33
to come in after the fact and ask
9:35
for a ton of money for something that
9:37
they gave you for free and just had
9:39
crazy expectations. John
9:44
thinks that if Lockbit's up case had gone
9:46
to real court instead of the hacker court
9:48
things might have turned out a little differently.
9:50
You know I've heard both sides.
9:52
I've looked at the evidence. It's
9:55
rare that I agree with Lockbit but you know
9:57
I try to be unbiased in my work. I
9:59
followed the evidence, I do analysis, I don't put my
10:01
own judgment in it. And everything I
10:03
could see was I was thinking about how we would handle
10:06
things here in the US. And
10:08
if you had two parties and you never agreed
10:10
on a price, and then you gave the person
10:12
whatever they were selling, whatever you're
10:14
selling for free, and then expected a specific
10:16
amount after the thing was used or whatever,
10:18
well, of course, there's going to be arguments
10:21
and disagreements on how much that was, especially
10:23
when you're asking for a large amount. They
10:25
should have signed a contract. Absolutely.
10:28
They should have. No,
10:30
but seriously, if they put this in writing and
10:32
you went to this arbitration thing, it would have
10:34
made this a lot cleaner. And
10:36
I don't think at that point Lockbit would have
10:39
had as much of a problem arguing back. But
10:42
that's the thing is there was no agreement. There
10:44
was only arguments. We
10:47
talked to Lockbits up by encrypted message a
10:49
few weeks ago, and he told us a
10:52
version of events that was pretty close to
10:54
John's. He said he
10:56
took that same case to other forums and
10:58
they sided with him. So
11:00
it was kind of a split decision. From
11:06
recorded future news, this has been Mike Drop.
11:09
It was produced by Sean Powers and Kat
11:11
Shooknett. I'm Dina Templerassen. We'll
11:14
be back on Tuesday with an all new episode
11:16
of Click Here. Have a great
11:18
weekend. Looking
11:25
for more of the cybersecurity and intelligence coverage
11:27
you get on Click Here? Then
11:29
check out our sister publication, The
11:31
Record, from recorded future news. You'll
11:34
get breaking cyber news from reporters in
11:36
New York, Washington, London, and Kiev, among
11:39
others. And you'll see
11:41
for yourself why it attracts hundreds of
11:43
thousands of page views every month. Just
11:46
go to therecord.media.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More