Monthly Archives: August 2017

Home / 2017 / August

Wannacry Ransom Moved from Online Wallets


More than £100,000 worth of bitcoins that were paid by the victims of the WannaCry attack has been removed from online wallets. The UK’s National Health Service, and many other organizations throughout the world fell foul of the attack, which stopped hospitals and power companies in their tracks.

RKN Global’s founder, Ronald K. Noble, observes that many victims were asked to pay between $300 and $600 to get their computer systems back up and running, and it appears that some obliged.

In May of 2017, many law enforcement officials and cyber-security experts warned against paying the ransom, as doing so would presumably encourage other criminals to act in the same way. However, many victims went ahead and paid the ransom so that they could once again have access to their computers. The hackers are believed to have made as much as $140,000 from their unlawful activities, which resulted in some British hospitals turning patients away and in shutting down a Russian cellphone company.

A journalist highlighted the removal of bitcoins after he had set up a bot that monitored the accounts linked to the ransomware. Some funds had already been removed from the bitcoin wallets in late July 2017, but the recent withdrawal is thought to be the attackers’ most daring move. The move is considered to be daring because it potentially enables cyber-security specialists to trace the funds to specific individuals, though this may be harder than they realize.

While every single bitcoin transaction is visible, account holders are often strive for anonymity. Chances are that the criminals have used what is known as a ‘bitcoin mixer’ which works to hide its trail by spreading the cryptocurrency between accounts so that it is impossible to trace.

A spokesperson for a cyber-security firm has said that there is no indication as to how the money will be spent. If the money is converted to GBP, USD, or any other currency, it is likely to give the game away. The person or people behind the attacks have used sophisticated means to get away with them thus far, but only time will tell how much longer they can hide behind a computer screen.

NHS cyber-defender arrested in the US

The cyber expert credited with having stopped the WannaCry attack on Britain’s National Health Service has been arrested by the FBI.

Marcus Hutchins, who had wanted to remain anonymous after preventing the spread of the attack, was found and arrested in Las Vegas, where he had been attending a conference for security experts, hackers and researchers.

Ronald Noble, founder of RKN Global, observes that the charges made against Hutchins allege his involvement in creating and distributing a banking trojan known as ‘Kronos’.

The arrest came as a surprise to the convention’s attendees, who had previously hailed Hutchins as something of a hero after the Wannacry attack which spread throughout the UK in May 2017. A grand jury in Wisconsin returned an indictment against him for his role in the creation and distribution of Kronos which could have resulted in many innocent people losing money.

Kronos is a type of malware specifically designed to steal financial data and bank login details from the computers it has infected. The charges against Hutchins allege that he sold the malware via the dark web, more specifically on AlphaBay, a site that has recently been shut down by authorities.

Many computer experts are unsure why Hutchins was arrested, believing that creating the malware and selling it is not enough to convict him. However, it appears that the authorities in the US believe they have found grounds for a criminal prosecution.

Kronos appears to get to work when it is downloaded via an attachment in an email. Once the malware has rendered the victim’s computer vulnerable, stolen credit card and banking details can be used to siphon money from the victims’ bank accounts. It is not yet clear exactly how Kronos works, or how much money could be siphoned from bank accounts, but Hutchin’s arrest appears to be a clear message to anyone else involved in the creation, distribution, and the usage of the malware.

Hutchins is due to be charged in August; the amount of time he could face if convicted therefore remains to be seen.

ID Theft: Corrupt Insider Access

The damage that can be caused by identity theft is wide ranging. With someone else’s identity in hand, thieves can steal money, open lines of credit, incur debt, receive medical care, and even go to jail without their own names being tarnished. The result is profoundly damaging to victims: Lost savings, destroyed credit rating, crippling debt, dangerously corrupted medical records that can lead to fatal medical error, and an undeserved criminal record.

Ronald K. Noble, RKN Global’s founder, observes that there are myriad ways for criminals to steal identity. These range from the tried-and-true method of searching peoples’ garbage for credit card statements, bank records and other documents, to sophisticated phishing and malware attacks. Sometimes, the method is even more direct: corruption of officials entrusted with information about the public.

Frantz Felisma, a Sherrif’s deputy in West Palm Beach, Florida, was sentenced this past week to five years in prison for just such an operation. With seven years on the force and a highly burnished reputation which was capped by his recent honoring as regional deputy of the year, Felisma was well-positioned within the police department to access a database that contained personal data about members of the public.1

He then sold this data to a co-conspirator, who mined the data and used it in order to get credit cards through identity fraud, leading to $175,000 in damages to those whose identities were stolen.

RKN Global founder, Ronald K. Noble, avers that the harm of cases like this one is magnified when the perpetrator is a police officer or other public officer sworn and dedicated to serving the community, and who has won the public’s trust. In addition to the financial damages, corruption by public servants erodes the faith that the community places in those who are charged to serve and protect it.

A police-public partnership that is based on trust is essential to the successful carrying out of the police mission to serve the public. The actions of one corrupt officer, therefore, impugns the credibility of the countless hard-working, honest and loyal police officers who have dedicated their lives to the public good.

“Florida Deputy Gets 5 Years’ Prison in Identity Theft Case,” Associated Press, 1 Au