- 5 biggest Linux and open-source stories of 2024: From AI arguments to security close calls
- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- Interpol Identifies Over 140 Human Traffickers in New Initiative
- 5 network automation startups to watch
- The State of Security in 2024: The Fortra Experts Take a Look
REvil gang member arrests strike fear among cybercriminals on the Dark Web
Dark Web forum posts uncovered by Trustwave show that the recent arrests in Russia have triggered major concerns among fellow criminals.
Many cybercriminals seem to operate with little fear of reprisal, likely feeling that the odds of them being detected, caught, arrested and imprisoned are relatively low. But in response to a string of devastating ransomware attacks, the U.S. government and other entities are waging a more aggressive battle to take down the perpetrators of cybercrime.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
One gang caught in the crosshairs of the war on cybercrime has been the REvil ransomware group. Last October, the group’s servers and online operations were shuttered by a multi-nation law enforcement effort. And just this month, 14 people associated with the gang were arrested through a joint effort between the Federal Security Service of the Russian Federation and Ministry of Internal Affairs of Russia based on a request from the U.S. government. And it’s these arrests that appear to be causing fear among other cybercriminals.
In a report published on Friday, cybersecurity firm Trustwave revealed chatter on the Dark Web among individuals reacting to the FSB arrests. Cybercriminals seem more worried about being arrested, while those in Russia are concerned that their home country is no longer a safe haven and that continued cooperation between the U.S. and Russia will put a dent in their illegal activities.
Even before the arrests, people were speculating in Dark Web forums about secret negotiations between Russia and the U.S. to crack down on cybercriminals. In November, one person even predicted that arrests would occur within two months, an accurate forecast in advance of the January FSB operation.
“I confidently declare—all smeared with ransom will be **** in the best traditions during the 2022 year, and the luckiest—in the next two months,” the commenter wrote. “But not everyone has realized this yet.”
Others have feared that some operators were secretly cooperating or working with law enforcement, perhaps revealing key details about certain criminal activities to avoid harsher sentences.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Referring to another criminal collaborating with law enforcement, one commenter said: “I will publish part of my personal correspondence, without his consent, since he disappeared without a trace, very likely thanks to a person under the nickname REDKAJIT, he is the administrator of the ramp forum, who works for law enforcement against ordinary hard workers.”
With Russia capturing the REvil gang members, some Dark Web commenters fear that the country is no longer a safe haven for their criminal activities. A few even discussed the pros and cons of moving their business to other regions, such as India, China, the Middle East or Israel.
Regarding Russia, one commenter said: “The first consequences of the arrival of the director of the CIA … In fact, one thing is clear, those who expect that the state would protect them will be greatly disappointed.”
Several people lashed out at REvil for attacking large and powerful corporations, especially in the U.S., thereby shining a spotlight on their activities and triggering action from government and law enforcement.
With a greater fear of arrest, many on the Dark Web have been exchanging tips on how to avoid detection and capture by Russian law enforcement. Beyond moving shop to a different country, some have suggested using Tor to stay anonymous, deleting old messages, using encryption and storing their stolen items on multiple computers.
“All in all, it’s a terrible precedent,” wrote one commenter. “It is now dangerous to write anything at all, anywhere. All posts need to be cleaned, those who are connected with cybercrime. Right now, they can still raise in IRL [in real life] those who have withdrawn loot from BTC to cash, if they haven’t raised it yet. And there are cameras everywhere in Moscow and St. Petersburg.”
Finally, questions have arisen as to why Russia cooperated with the U.S. in making these arrests and whether this was a one-time event more for show or the start of a longer-term partnership. Either way, prison life in Russia is severe and harsh, and these criminals have grown more fearful of being caught.
Though one person seemed to believe that prison sentences against this type of cybercrime wouldn’t be serious and would last only up to seven years, others warned of much longer stretches behind bars.
“Learn the Criminal Code,” one commenter said. “This is a serious crime. The creation of an organized crime group [can get you] from 12 to 20 years [in prison].”