Friend
Professional
- Messages
- 2,667
- Reaction score
- 876
- Points
- 113
John DiMaggio, a researcher at the information security firm Analyst1, participated in identifying the administrator of the LockBit ransomware program, known under the nicknames LockBitSupp and putinkrab. As part of the DEF CON conference, he shared the story of infiltration into the gang and told about a tip that helped identify the hacker — 31-year-old native of Voronezh Dmitry Khoroshev. A condensed version of the story was published by Techcrunch: https://techcrunch.com/2024/08/09/h...-doxed-the-leader-of-lockbit-ransomware-gang/
To get acquainted with LockBitSupp, DiMaggio pretended to be a novice cybercriminal who wanted to join the gang. Using fake accounts, he communicated with the hacker's inner circle, creating a persona with a background and connections on the Darknet.
For months, he gained Khoroshev's trust and became his friend, learning the details of ongoing cyber attacks along the way. They discussed how to negotiate with victims and how to set the right ransom amount.
To find out the real name of LockBitSupp, an anonymous tip — off helped DiMaggio get his Yandex-mail address.
"This was my first experience of doxing. [After the FBI announced] his name, I published everything else: his place of residence, current and previous phone numbers," the specialist said.
As a farewell, DiMaggio wrote Khoroshev a message explaining that he must reveal his identity before others do:
"LockBitSupp, you're a smart guy. You said that money is no longer the main thing, and you want to have a million victims before you stop, but sometimes you need to know when to leave. This is the time, my old friend."
After that, Khoroshev never wrote to him again.
A detailed story with all the documentation is available on DiMaggio's blog: https://analyst1.com/ransomware-diaries-volume-1/
To get acquainted with LockBitSupp, DiMaggio pretended to be a novice cybercriminal who wanted to join the gang. Using fake accounts, he communicated with the hacker's inner circle, creating a persona with a background and connections on the Darknet.
For months, he gained Khoroshev's trust and became his friend, learning the details of ongoing cyber attacks along the way. They discussed how to negotiate with victims and how to set the right ransom amount.
To find out the real name of LockBitSupp, an anonymous tip — off helped DiMaggio get his Yandex-mail address.
"This was my first experience of doxing. [After the FBI announced] his name, I published everything else: his place of residence, current and previous phone numbers," the specialist said.
As a farewell, DiMaggio wrote Khoroshev a message explaining that he must reveal his identity before others do:
"LockBitSupp, you're a smart guy. You said that money is no longer the main thing, and you want to have a million victims before you stop, but sometimes you need to know when to leave. This is the time, my old friend."
After that, Khoroshev never wrote to him again.
A detailed story with all the documentation is available on DiMaggio's blog: https://analyst1.com/ransomware-diaries-volume-1/
