In this week’s Security Ledger Podcast (#88) we do a deep dive with researcher Vikram Thakur of the firm Symantec on “Dragonfly,” the Russian hacking group whose actions prompted the U.S. Department of Homeland Security and the FBI to issue a joint statement last week warning of intrusions into critical infrastructure in the US. Also: how do cyber criminals cash out all the loot they make from online scams? In our second segment we’ll talk to researcher Mike McGuire of the University of Surrey, who has been studying that question.
Moscow on the Hustings
The Department of Homeland Security joined the FBI last week in issuing a joint Technical Alert that highlighted the danger posed by Russian hackers to U.S. critical infrastructure. That announcement accompanied new sanctions by the US Treasury on prominent Russians with links to incidents like the NotPetya malware outbreak, intrusions at companies that operate US critical infrastructure and online meddling in the US Presidential election.
The group in question, which is known as “DragonFly” has been on the radar of security industry firms since at least 2014. Who are they? In this first segment of our Podcast, we invited Vikram Thakur of the firm Symantec back into the studio to tell us more about the Russia-linked hacking group, how they operate and what they’re up to and what it means for the future.
[You might also like to read “The Dutch were spying on Cozy Bear Hackers as they targeted Democrats”]
Thakur said that the group began with a focus on the manufacturing and industrial space. More recently, however, the group has shifted focus to the energy sector in the West in recent years. While the hackers have been effective at gaining access to sensitive networks at energy companies, there has been little evidence that DragonFly is interested in carrying out attacks – at least so far.
Leave the gun, take the World of Warcraft Token
Crypto currencies like BitCoin got an early boost from online criminals, who were among the first to recognize the value of anonymous, digital cash. Within months of BitCoin’s introduction it was the Coin of the Realm for underground black markets and hacker forums like Pirate Bay where patrons purchase drugs, guns, stolen identities and more. But BitCoin’s star has faded in recent years and, today, it is just one tool that cyber criminals can use to cash out. Why? Our next guest, Dr. Mike McGuire of the University of Surrey in the UK says that cyber criminals in 2018 have no shortage of tools for turning stolen goods into cold hard cash. Among them: trade in virtual goods on gaming platforms like World of Warcraft. In the second segment of this week’s Podcast, McGuire comes into the Security Ledger studios to tells me about research he did, with the help of the firm Bromium to examine online money laundering activity.