from the all-your-hackers-are-belong-to-us dept.
The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, "You are Hacked. ALL Data Encrypted." Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.
On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist's inbox by guessing the answer to his secret question, which then allowed him to reset the attacker's email password. A screen shot of the user profile page for cryptom27@yandex.com shows that it was tied to a backup email address, cryptom2016@yandex.com, which also was protected by the same secret question and answer.
Live by the hack, die by the hack.
(Score: 1, Insightful) by Anonymous Coward on Sunday December 04 2016, @07:18AM
Live by the hack, die by the hack.
Seriously? Seriously? You're going to equate exploiting a Java vulnerability... with password guessing? One of these things is not like the other, one of these things is not a legit hack. ♫
(Score: -1, Troll) by Anonymous Coward on Sunday December 04 2016, @07:22AM
lolololololololol mess best die rest crash burn burp derpy derp mod me up cuz hackers is an old movie dude bro like whoa
(Score: -1, Flamebait) by Anonymous Coward on Sunday December 04 2016, @07:48AM
derp derp drop yer firewall sose i can hack ya lol
ping ::1
oh snap i is l3333t
(Score: 0) by Anonymous Coward on Sunday December 04 2016, @06:07PM
Where did TFS say the counterhack used similar methods to the original hack? And where was that made a requirement?
(Score: 0) by Anonymous Coward on Sunday December 04 2016, @07:22AM
The S.F. city government seems to be cognitively challenged when it comes to computers.
(Score: 0) by Anonymous Coward on Sunday December 04 2016, @07:41AM
IT guys get no respect, because they live in the really real world where barely functional infrastructure is made from unreliable immature technology, but they have to work in the delusional fantasy world of social bullshit where nothing should ever break down.
(Score: 1, Touché) by Anonymous Coward on Sunday December 04 2016, @07:48AM
Turns out social bullshit is how you get the yacht and get to spend all your time in Ibiza partying. Time to reroll this character.
(Score: -1, Troll) by Anonymous Coward on Sunday December 04 2016, @08:20AM
Yachting around with a bunch of vacuous superficial dullards is not my idea of a good time. It would be nice if there were a middle ground between dirt poor and filthy rich, and we could call it the middle class, you know what disappeared during your great recession, mister gatsby. Are we going to need to have another war to justify raising taxes on you rich leeches so the rest of us can live in peace. Because if not it's clear to me that the future for nerds is prison just like terrychilds, after society has no use left for technical people who for the past forty years have survived without needing social skills. The personal computing revolution was an anomaly it seems, but the anomalous period has ended, and the new social age is upon us. Terrychilds is the trailblazing pioneer for all uppity nerds who will end up in prison inevitably, and in prison we will find the promised basic income.
(Score: 0, Disagree) by Anonymous Coward on Sunday December 04 2016, @10:00AM
So some researcher compromised one of the yandex.com email accounts of the ransomware extortion recipient? I guess that means the other people who got hit by the ransomware he was involved in distributing were no longer able to contact him to get the bitcion wallet to send the ransom to? I guess that researcher really showed Mr cryptom27 ... at least until Mr cryptom27 was able to change the email address displayed after the malware "phoned home" to get the message to display on the victim's screens.
Number of infections prevented: 0
Number of payments prevented: probably a few
(Score: 0) by Anonymous Coward on Sunday December 04 2016, @10:07AM
Black hatter is an asshole. White hatter is an asshole. It's assholes all the way down.
(Score: 0) by Anonymous Coward on Sunday December 04 2016, @06:05PM
Can you restate that using a car analogy?
(Score: 1) by VitalMoss on Sunday December 04 2016, @02:39PM
He compromised both the first yandex account, and the second one as well. In doing so he managed to get a decent amount of information on the hacker, it seems.
It's a lot harder to pull off ransoms from inside supermax.
(Score: 0) by Anonymous Coward on Sunday December 04 2016, @06:02PM
He compromised both the first yandex account, and the second one as well.
If the info was real and not a fake name, a joe job or just some random half-true bullshit. Plus, these "bad actors" have many online (and real life) identities, email accounts, etc, etc.
The guy who compromised the email accounts is guilty of violating some of the same laws that the ransomware guy did. They both did it for different but self-serving reasons - one wanted to profit from it and the other wanted to extort money from ransom ware victims.
(Score: 2) by darkfeline on Sunday December 04 2016, @10:29PM
Yeah, information like that the hacker uses multiple email accounts and bitcoin wallets, rotating them regularly. Also, the hacker has made a lot of money and he uses a number of pseudonyms. Maybe he's from Russia or the middle east.
Fucking incredible, mark that as a victory for the good guys, am I right?
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Sunday December 04 2016, @09:31PM
“You keep using that word. I do not think it means what you think it means.”
Can we please stop misusing the term "hack"?!?
(Score: 0) by Anonymous Coward on Monday December 05 2016, @10:09PM
You prefer "San Francisco Rail System Hacker Gets Pwned"? A hack doesn't have to be malicious.