Hackers have a reputation of being villains in the shadows, sitting behind their computer screens participating in cyber-crimes that can cost their victims millions, usually following the money is the best way to catch these hackers. So, of course with the invention of crypto-currency, you can bet that 99.9% of hackers want their ransoms in this form as it is untraceable! Or is it untraceable? We have quite a wild story for you…
The FBI and DarkSide hacker group
The FBI was able to retrieve a $2.3 million pay-out in Bitcoin that Colonial Pipeline had paid out to hackers. The cyber-criminal group responsible was known as ‘DarkSide’, a notorious group of computer wizards that unfortunately used their knowledge for crime.
After years of cyber-attacks, they were finally caught by the FBI when they targeted Colonial Pipeline. On 7th May 2021, Colonial Pipeline which is one of America’s largest fuel pipelines publicly announced they had been the victim of a ransomware attack. DarkSide had taken control of Colonial Pipeline’s computers and systems, made them inaccessible and demanded ransom for their access to be returned. Colonial responded in the only way they knew how to, they shut their pipeline down which meant that precious jet fuel and gas that is used by the Atlantic coast was then severely limited. Colonial then paid the ransom.
They paid 75 Bitcoin which at the time was just about the equivalent of $5 million and were able to get fuel and gas flowing again, but that is not the end of the story! Usually Bitcoin is used due to the untraceable aspect of transfers etc, however the FBI were able to track DarkSide’s Bitcoin and it led to their downfall. There was no official statement on the tactics used and likely because the FBI will want to use those tactics again… Here is the most likely way the FBI achieved this. DarkSide for all their hackers knowledge naively used a payment server to collect the funds, as in they used a centralised means of getting their bitcoin therefore all it took was the FBI to access the server where the hackers stored their private key information and boom, they could easily find where the bitcoin had gone.
They could even learn what other bitcoin had been received and in fact there had been a lot of bitcoin received since the server had been opened ($17.5 million)!