Researchers Quietly Cracked Zeppelin Ransomware KeysNovember 17, 2022

Condobloke

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
8,368
Reaction score
6,790
Credits
55,835

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand. Then came the unlikely call from an FBI agent. “Don’t pay,” the agent said. “We’ve found someone who can crack the encryption.”

READ ON
 


from the middle of the blurb...

“What motivated us the most during the leadup to our action was the targeting of homeless shelters, nonprofits and charity organizations,” the two wrote. “These senseless acts of targeting those who are unable to respond are the motivation for this research, analysis, tools, and blog post. A general Unit 221B rule of thumb around our offices is: Don’t [REDACTED] with the homeless or sick! It will simply trigger our ADHD and we will get into that hyper-focus mode that is good if you’re a good guy, but not so great if you are an ***hole.”

I like these guys.
 
Once upon a time, our 'bad behavior' was mostly just pranks and not financially motivated. It wasn't even meant to harm.

I'll give you an example...

You can probably still scan the public IPv4 space and find printers connected to the public web. If you send them a packet, they'll respond with a clue as to what type of printer they are.

Let's say they're HP...

Well, you could take HP's firmware and modify it, simply by using a hex editor.

So, when you found an open printer, you'd then check to see if they'd left the password the default password - and they often did just that. You'd then connect to them and upload your own version of the firmware.

At this point, you can do two things... You can tell the printer to print 200 copies explaining that it's bad to leave your printer exposed to the public web, and even dumber to leave the default password in place.

Or, you can upload that firmware so that the printer's LCD said "Add 25¢ To Continue" instead of the normal display asking how many copies to print or whatnot.

I should point out that either of those two activities are technically against current laws. Once upon a time, laws didn't exist for this - and that was not all that many years ago.

I'm pretty sure you could still do this today, though I kinda hope HP has since learned to only accept signed firmware. But, definitely do not do this. You will get yelled at by the FBI if you do this. They'll also ensure you go to a federal court and get a pretty damning fine. Courts just don't have a sense of humor.

My point was, it was mostly harmless fun. There wasn't any malice. It was more about learning than it was about harming. It was a computerized form of The Merry Pranksters.

And, finally, I admit to nothing and any questions should be directed at my lawyer.
 
Good one, David !!

It'd be sorta nice if the current 'pranksters' could confine themselves to that sort of lark !
 
I 'member when they blamed a couple of Aussies for "WANK" back in the olden days of DECnet. People have even tried to claim Assange had something to do with it, but that was many years later and just plain silly talk. Poor NASA didn't have any idea what to do. As far as worms go, it was rather rudimentary but it was effective for the day.

One of the first malicious ones I remember was Morris. Ah, that was a delightful example. It was kinda malicious, but mostly harmless. Well, kinda harmless... The feds rolled into MIT all gung ho but entirely clueless. It wasn't even anyone at MIT's fault, it was some dude at Cornell.

Anyhow, I am innocent of all charges.

Once upon a time, it was the Wild West. I have to say, it wasn't necessarily better back then, but it was definitely a time of learning. Even back then, the easiest hacks were social engineering hacks - and literally (figuratively) nobody knew a darned thing about security. You could call the switchboard and tell them you're Bob from accounting and can't login, and they'd happily tell you the password. Of course, there wasn't a world wide web, you'd be dialing into their mainframe directly, but there were all sorts of ways around paying long distance at the time - which was obscenely expensive and stealing long distance was justified.

Seriously, it was like $7 a minute to call across the country. That's absurd - and not adjusted for inflation. I ain't paying that. They can eff right off.
 
KGIII said:
You can probably still scan the public IPv4 space and find printers connected to the public web. If you send them a packet, they'll respond with a clue as to what type of printer they are.
Click to expand...
You don't have to go that far. Just scan the WiFi around you and you will find printers with open WiFi in your neighbors' homes. (It has been a temptation for many years to print a message on their printers. Something like, "This is Santa Claus sending you holiday greetings from the North Pole. Merry Christmas!")

There are two issues with doing that:
  • My sense of personal ethics and integrity would never let me seriously consider it.
  • Other than me, everyone in my neighborhood is technically clueless, and they know it. Most of them would make a good guess about where it came from.
 
My home is hardwired, neither wireless nor bluetooth. Still hacked but much less.
I use EasyOS, semi amnesic with "Do not save" button.:)


Screenshot.png
 
sphen said:
Just scan the WiFi around you and you will find printers with open WiFi in your neighbors' homes.
Click to expand...

You can do that.

I can not do that.

I can barely get a cell phone signal and don't have any neighbors close enough for that. My driveway is about a half mile long. It'd be shorter, but I wanted my lawn to not be divided and I wanted my driveway lined with trees until just before you get to the house.

But, even if it was shorter, I'd still not get any wireless internet signals from the neighbors. I'm pretty remote.
 
You must log in or register to reply here.

Members online

Total: 807 (members: 6, guests: 801)

Latest posts

Top