info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
How the FBI proved a remote admin tool was actually malware [telecom]
2 views
Skip to first unread message
Monty Solomon
Mar 17, 2023, 8:28:31 AM3/17/23
to
By Lorenzo Franceschi-Bicchierai
On Thursday, the U.S. government announced that it had seized a
website used to sell malware designed to spy on computers and
cellphones.
The malware is called NetWire, and for years several cybersecurity
companies, and at least one government agency, have written reports
detailing how hackers were using the malware. While NetWire was also
reportedly advertised on hacking forums, the malware owners marketed
it on a website that made it look like it was a legitimate remote
administration tool.
https://techcrunch.com/2023/03/09/how-the-fbi-proved-a-remote-admin-tool-was-actually-malware/
On Thursday, the U.S. government announced that it had seized a
website used to sell malware designed to spy on computers and
cellphones.
The malware is called NetWire, and for years several cybersecurity
companies, and at least one government agency, have written reports
detailing how hackers were using the malware. While NetWire was also
reportedly advertised on hacking forums, the malware owners marketed
it on a website that made it look like it was a legitimate remote
administration tool.
https://techcrunch.com/2023/03/09/how-the-fbi-proved-a-remote-admin-tool-was-actually-malware/
Bill Horne
Mar 17, 2023, 8:28:50 AM3/17/23
to
the investigation leading to this seizure was started in 2020. I don't
know what the reasons are for the prolonged delay, but in an industry
where companies sometimes start, grow, and die over a span of weeks,
the two-plus-years wait is pitiable.
I don't know if the delay was due to the 2020 presidential election,
or the 2022 mid-term elections, or some other reason, but it's a sad
excuse for justice if it takes that long. So prolonged a delay means
that the criminals located at the other end of the malware's
connections, at the Croatia-based "Mother Ship," were able to obtain
not only the personal banking, medical, and social details of hundreds
or thousands of victims - but also the login credentials for lots of
small-to-medium firms where cloud-based accounting applications have
been routine for years. Not only were individuals robbed for some or
all of what they had, but many businesses undoubtedly found themselves
with phantom employees whose names and social-security data existed
only in the logs of Western Union wire transfers to far-away dens of
untouchable theives whom are now both rich and gone.
The press release mentions the seized website by name, and if you
choose to click the link, you'll see a banner notice that "This
Website Has Been Seized," just beneath the seals of both the
Department of Justice and the FBI. There is passing mention of other
agencies and governments which took part in the investigation, but
they're mentioned in an unorderd list, shown in much smaller
type. The emblems and/or seals of other angencies and governments are
placed at the bottom, in much smaller sizes than the DOJ/FBI plaques
at the top, so it very clear that the FBI wants all the credit for
this seizure.
Who, I wonder, will get the credit for turning the FBI into a
competent law-enforcement organization, instead of a PR firm for the
legacies of the hard-nosed G-men of the past? Purvis and his fellow
agents deserve a lot of praise for their achievements - but this is
the twenty-first century, not the twentieth, and it's long past time
for the FBI to stop resting on its laurels.
Bill Horne
--
(Please remove QRM for direct replies)
0 new messages