The FBI recovered a huge chunk of the Colonial Pipeline ransom by secretly gaining access to Darkside’s bitcoin wallet password

The bitcoin logo is seen on a smartphone screen device in front of a computer screen that says "cancelled. "
The FBI managed to gain access to the “private key” of a bitcoin wallet that the hacking group Darkside used to collect its ransom payments.

The Department of Justice announced Monday that it had recovered a majority of the ransom paid by Colonial Pipeline to hackers who shut down its operations last month and caused massive fuel shortages and price hikes.

The DOJ said that it had recovered $2.3 million worth of bitcoin out of the $4.4 million ransom that Colonial had paid to Darkside, the group behind the hack.

How did the government pull it off?

The FBI had what was effectively the password to a bitcoin wallet that Darkside had sent the ransom money to, allowing the FBI to simply seize the funds, according to the DOJ.

‘Following the money’

Despite cybercriminals’ increasingly sophisticated use of technology to commit crimes, the DOJ said it used a time-tested approach to recover Colonial’s ransom payment.

“Following the money remains one of the most basic, yet powerful tools we have,” Deputy Attorney General Lisa Monaco said in the DOJ’s press release.

Colonial was hacked by Darkside on May 7, and alerted the FBI that same day, according to the DOJ.

On May 8, with its operations knocked offline and amid an emerging gas crisis, Colonial opted to pay the ransom (much to the chagrin of government crimefighters who were simultaneously trying to shut down the hack).

Colonial told the FBI that Darkside had instructed it to send 75 bitcoin, worth about $4.3 million at the time, according to an affadavit from an FBI special agent involved in the investigation.

The FBI agent then used a blockchain explorer – software that lets users search a blockchain, like bitcoin, to determine the amount and destination of transactions – to figure out that Darkside had tried to launder the money through various bitcoin addresses (similar to bank accounts), according to the affadavit.

Eventually, through the blockchain explorer, the FBI agent was able to track 63.7 bitcoin to a single address that had received an influx of payments on May 27.

Fortunately for the FBI, according to the agent’s affadavit, the agency had the private key (effectively the password) for that very address.

Bitcoin addresses rely on a two-key encryption system to keep transactions secure: one public and one private. The public key is shared openly so anybody can send money to that address. But once the sender has encrypted their payment with the recipient’s public key, only the recipient’s private key can decrypt and gain access to that money.

That’s why private keys are meant to be closely held secrets, stored in a secure place. As of January, $140 billion in bitcoin – around 20% of existing bitcoin – were held in wallets where people had forgotten or lost their private keys.

In Darkside’s case, the FBI managed to gain access to its public key, and after getting a seizure warrant from a federal court, the agency used the key to access Darkside’s address and swipe 63.7 bitcoin, or around $2.3 million.

The FBI didn’t say how it had managed to obtain the key, but said it sent a warning to other potential ransomware hackers.

“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” Monaco said in the release.

Read the original article on Business Insider

FBI pinpoints a single suspect in the death of US Capitol Police Officer Brian Sicknick

brian sicknick capitol police
A U.S. Capitol Police officer stands at the door of the Capitol Rotunda near where the late U.S. Capitol Police officer Brian Sicknick will lie in honor Tuesday, Feb. 2, 2021, in Washington.

  • Federal investigators have a suspect in the killing of Capitol Police Officer Brian Sicknick.
  • The probe was narrowed after video footage showed the suspect attacking officers with bear spray.
  • The assailant has not yet been publicly named by federal investigators.
  • Visit the Business section of Insider for more stories.

The FBI has narrowed in on a suspect in the death of Capitol Police Officer Brian Sicknick, The New York Times reported Friday.

Sicknick was among the Capitol Police officers who defended the US Capitol against a pro-Trump mob on January 6. He succumbed to injuries sustained during the riot a day later, on January 7.

Officials initially said Sicknick was struck by a fire extinguisher, but later said there was no evidence to suggest that he died from blunt force trauma. Federal investigators then launched a probe to look into whether bear spray – a ┬áchemical irritant used by rioters during the insurrection – could instead have played a role in Sicknick’s death.

After questioning dozens of people, investigators zeroed in on a single suspect after a video showed the individual using bear spray on other officers, law enforcement officials told The Times. Another video also showed the suspect discussing plans to assault officers with bear spray, according to one of the officials.

The assailant has not yet been publicly named by federal investigators.

Christina Laury, an officer with the Metropolitan Police Department in Washington, DC, had previously mentioned that rioters sprayed chemical irritants at officers who were preventing them from entering the Capitol.

“By the time I got there, officers were already getting, you know, sprayed with whatever these individuals had, which I believe they had bear mace, which is literally used for bears,” Laury told WJLA.

Sen. Mitt Romney of Utah told reporters earlier this month that Capitol Police Officer Eugene Goodman told him that he “had to breathe a lot of bear spray and tear gas and that he was nauseated” during the insurrection.

Goodman recently received a Congressional Gold Medal for his role in diverting a mob of rioters away from the Senate chamber where lawmakers were taking refuge. He also led Romney away from the crowd that breached the Capitol as he passed him in the hall.

Sicknick was one of three officers who died following the Capitol riots – two other officers died by suicide.

Read the original article on Business Insider