The IT Nerd

The DOJ made an announcement detailing an international effort that seized the Cracked and Nulled Marketplaces. Prosecutors said this affected at least 17 million Americans.

The two forums were called Cracked and Nulled. According to the DOJ, since 2018, Cracked promised access to “billions of leaked websites” by letting users search for stolen login credentials and had over 4 million users who traded in cybercriminal tools and stolen information producing around $4 million in revenue.

The DOJ press release said that the accused “active administrator” of Nulled faces criminal charges with a maximum penalty of five years in prison for conspiracy to traffic in passwords, 10 years in prison for access device fraud, and 15 years in prison for identity fraud, the DOJ said.

Evan Dornbush, former NSA cybersecurity expert had this to say:

  “Historically attackers can more easily obtain information and tools than defenders, giving them a perpetual advantage. Actions like this make it more expensive for cyber criminals to operate and ultimately this is a good thing.

  “Lesser players who rely on purchasing tools and network access from these two marketplaces won’t be able to get started, raising the barrier to entry for their criminal enterprise aspirations.”

It’s great to see sites like these taken down by the forces of good. This is something that we need to see more of. A lot more of.

The DOJ has disclosed that a multi-month law enforcement operation allowed the FBI to delete PRC-associated PlugX malware from over 4,250 infected computers:

The Justice Department and FBI today announced a multi-month law enforcement operation that, alongside international partners, deleted “PlugX” malware from thousands of infected computers worldwide. As described in court documents unsealed in the Eastern District of Pennsylvania, a group of hackers sponsored by the People’s Republic of China (PRC), known to the private sector as “Mustang Panda” and “Twill Typhoon,” used a version of PlugX malware to infect, control, and steal information from victim computers.

According to court documents, the PRC government paid the Mustang Panda group to, among other computer intrusion services, develop this specific version of PlugX. Since at least 2014, Mustang Panda hackers then infiltrated thousands of computer systems in campaigns targeting U.S. victims, as well as European and Asian governments and businesses, and Chinese dissident groups. Despite previous cybersecurity reports, owners of computers still infected with PlugX are typically unaware of the infection. The court-authorized operation announced today remediated U.S.-based computers infected with Mustang Panda’s version of PlugX.    

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 had the following comment on this news:

“It’s always a good day when the good guys get a win! As simple as it seems for anyone to go in and proactively remove malware, it really isn’t easy to do. First, you’ve got to make sure you can do it legally. That often takes lawyers and legal review, and in most cases, lawyers with experience in global cybercriminals and laws. It takes someone in law enforcement who cares enough to push it. They’ve got to make a case and get it approved by senior management. Then, the removal process has to be tested.” 

“In this case, the FBI relied upon the bot’s own removal instructions, but it isn’t always this easy. Historically, there have been instances of less mature and capable but well-meaning defenders who have less elegantly removed malware and caused more problems than the malware did. The solution has to be tested and retested. Then, it has to be globally coordinated to happen as quickly as it can before the attackers know something is up and implement defenses.” 

“The overall process is more difficult than it first sounds. There’s a reason why proactive removal isn’t that common. With that said, it does seem like we are seeing just a bit more of these proactive removal projects than we used to see. Of course, expect to see the hackers respond by making it harder for unauthorized removal schemes to take place. It’s a business, and the bad guys see the good guys as adversaries and will respond accordingly. The bad guys won’t sit back and stay defeated. They will respond. They will make it harder for future efforts to be as successful. But for today, let’s celebrate the win!”

Wins seem to be hard to come by these days. Thus I will take this one. But realistically what needs to happen is prevention and detection means need to be better so that actions like these are the exception.