CI-SOC Recovers Bitcoin Ransom

The Critical Infrastructure Security Operations Center (CI-SOC) announced today that it had successfully conducted operations today against a North Korean ransomware gang that was operating out of Soul, South Korea. The bitcoin ransom paid by three separate, unidentified companies in the United States was recovered, the small server farm used by the gang was seized and four North Korean agents were arrested. General Buck Turgidson, Director of CI-SOC, told reporters that his group, working with the South Korean government and elements of US Special Operations Command, tracked the gang by following the bitcoin trail to a compound on the outskirts of Soul. “A special team of Army Special Forces that included cyber-operators worked with a team from the South Korean Army to enter the compound and seize computer equipment before any information could be destroyed,” Turgidson told reporters. Special Operations Command confirmed that special operations forces were involved but refused to comment on the identity of the team. They explained the participation of the military by noting that the underlying cyberattacks had been performed by agents of a foreign government. There have been rumors circulating in Washington of the formation of a Cyber A-team being formed to work on this type of operation, but there has been no confirmation from Special Operations Command or the Pentagon. The four North Koreans captured in the raid are being held in Soul pending extradition to the United States. There are rumors that the Justice Department has concerns about trying them for their alleged cyber crimes because of search and seizure implications. A national security warrant had been issued for tracking the bitcoins, but the rules of evidence for supporting that type of warrant are different from those that would be used in a criminal court case in the United States. The tools used to track the bitcoin trail were developed by the National Security Agency and that agency would not be prepared to share the technology upon which that trace was based with the defense team. It is suspected that any criminal defense attorney would move to have the identification of his clients by such undisclosed technology suppressed. There are rumors circulating that the Justice Department is considering certifying the ransomware attacks as terrorist attacks and allowing the foreign nationals to be tried by a military tribunal. CAUTIONARY NOTE: This is a future news story –Future ICS Security NewsRead More