author photo
By Bruce Sussman
Thu | Jun 6, 2019 | 8:33 AM PDT

As Baltimore's ransomware cleanup bill rose into the millions, the hacker behind the attack publicly taunted the city's mayor on Twitter:

"Hey @mayorbcyoung listen to me...You just do NOTHING! You are the only person that is responsible for this s***!"

robbinhood-baltimore-twitter1

More than once, the attacker used Twitter to offer a proof of concept (POC) that would prove paying the ransom would result in decryption keys that unlocked Baltimore's computers:

robbinhood-baltimore-twitter2

Then, the hacker became increasingly angry at the city's refusal to accept these offers or pay a ransom. And the hacker shared this frustration by tagging leaders and press on Twitter:

robbinhood-baltimore-twitter3

We have to wonder: how would your organization handle getting breached and then having the hacker publicly call you out on social media?

Is that part of your incident response communications plan?

Hackers taunting their victims on web, social media 

As you might expect, hacker forums on the Dark Web are full of bragging about things stolen and hacked and the capabilities of tools used to make it all happen. 

This is what marketing and sales look like on the Dark Web.

[RELATED: Lawyers Advertising on the Dark Web]

However, we've come across a number of stories in the last few weeks where hackers are publicly ranting, tauntingm or bragging about power, money, and victims. Here are three fresh examples:

1. City of Baltimore—see above

2. SandboxEscaper, who released a number of Microsoft Windows Zero-Day hacks that would allow hackers to take over machines:

"I don't owe society a single thing. Just want to get rich and give you fuc****** in the west the middlefinger."

"I have most definitely given portions of my work to people who hate the US. That's what happens when the FBI subpoenas my google acc and intrudes my privacy.

Now those people are going to use those bugs to get back at US targets. An eye for an eye. Enjoy stupid fuc******."

3. A recent post from GandCrab ransomware operators openly bragged about helping hackers who used its service to bring in billions from victims. The post was reported by ZDNet:

"We successfully cashed this money and legalized it in various spheres of white business both in real life and on the Internet," the GandCrab crew bragged.

"We are leaving for a well-deserved retirement. We have proved that by doing evil deeds, retribution does not come."

Although sometimes it actually does.

Sometimes bragging can get you busted

Going onto social media, bragging about your exploits or taunting victims, has helped bust a lot of people over the years, regardless of occupation or status.

And sometimes, bragging hackers have also helped bust themselves.

Russian hacker Roman Valeryevich Seleznev is serving 14 years in prison for defrauding banks of $9 million through a hacking scheme.

This FBI photo shows part of the FBI evidence in the case. It is the hacker with his stacks of cash which he'd posted on social media:

fbi-photo-russian-hacker-busted

russian-hacker-busted

Back to that Baltimore hacker

Will the Twitter rants of the Baltimore hacker help get someone caught? Time will tell. 

And at least one security researcher has publicly said the tweets could be part of marketing the newly discovered Robbinhood ransomware which devastated Baltimore's network.

This could be true if its creators are trying to market Robbinhood under the crime-as-a-service model, where anyone can pay to use the hacking tools to launch ransomware attacks of their choosing.

However, all we know for now is that Twitter shut the account down for hacking related violations of its rules. 

Gee, you think?

[RELATED: Ransomware: Pay It or Fight It?

Comments