By Lorenzo Franceschi-Bicchierai

On Thursday, the U.S. government announced that it had seized a
website used to sell malware designed to spy on computers and
cellphones.

The malware is called NetWire, and for years several cybersecurity
companies, and at least one government agency, have written reports
detailing how hackers were using the malware. While NetWire was also
reportedly advertised on hacking forums, the malware owners marketed
it on a website that made it look like it was a legitimate remote
administration tool.

https://techcrunch.com/2023/03/09/how-the-fbi-proved-a-remote-admin-tool-was-actually-malware/

On Thu, Mar 09, 2023 at 07:24:31PM -0500, Monty Solomon wrote:
> By Lorenzo Franceschi-Bicchierai
>
> On Thursday, the U.S. government announced that it had seized a
> website used to sell malware designed to spy on computers and
> cellphones.
>
> The malware is called NetWire, and for years several cybersecurity
> companies, and at least one government agency, have written reports
> detailing how hackers were using the malware. While NetWire was also
> reportedly advertised on hacking forums, the malware owners marketed
> it on a website that made it look like it was a legitimate remote
> administration tool.
>
> https://techcrunch.com/2023/03/09/how-the-fbi-proved-a-remote-admin-tool-was-actually-malware/

The press release mentioned in the techcrunch article tells us that
the investigation leading to this seizure was started in 2020. I don't
know what the reasons are for the prolonged delay, but in an industry
where companies sometimes start, grow, and die over a span of weeks,
the two-plus-years wait is pitiable.

I don't know if the delay was due to the 2020 presidential election,
or the 2022 mid-term elections, or some other reason, but it's a sad
excuse for justice if it takes that long. So prolonged a delay means
that the criminals located at the other end of the malware's
connections, at the Croatia-based "Mother Ship," were able to obtain
not only the personal banking, medical, and social details of hundreds
or thousands of victims - but also the login credentials for lots of
small-to-medium firms where cloud-based accounting applications have
been routine for years. Not only were individuals robbed for some or
all of what they had, but many businesses undoubtedly found themselves
with phantom employees whose names and social-security data existed
only in the logs of Western Union wire transfers to far-away dens of
untouchable theives whom are now both rich and gone.

The press release mentions the seized website by name, and if you
choose to click the link, you'll see a banner notice that "This
Website Has Been Seized," just beneath the seals of both the
Department of Justice and the FBI. There is passing mention of other
agencies and governments which took part in the investigation, but
they're mentioned in an unorderd list, shown in much smaller
type. The emblems and/or seals of other angencies and governments are
placed at the bottom, in much smaller sizes than the DOJ/FBI plaques
at the top, so it very clear that the FBI wants all the credit for
this seizure.

Who, I wonder, will get the credit for turning the FBI into a
competent law-enforcement organization, instead of a PR firm for the
legacies of the hard-nosed G-men of the past? Purvis and his fellow
agents deserve a lot of praise for their achievements - but this is
the twenty-first century, not the twentieth, and it's long past time
for the FBI to stop resting on its laurels.

Bill Horne

--
(Please remove QRM for direct replies)