World Hacker King Drains Account Turns Out to Live a Simple Life

World Hacker King Drains Account Turns Out to Live a Simple Life

Photo: Infographics/Who is Bjorka, the hacker who made the Indonesian government nervous?/Aristya Rahadian

HOLIDAY NEWS - The hacker king behind the veteran ransomware gang LockBit turns out to be a simple figure. At least that's according to cyber security researcher Jon DiMaggio, who went undercover and developed a friendship with the master of cyber attacks. 

DiMaggio pretended to be a novice internet criminal interested in joining the gang. In the end, DiMaggio was able to find out LockBitSupp's true identity before it was revealed to the public by the authorities. 

Speaking at the Def Con hacking conference in Las Vegas last week, DiMaggio told the whole story of his 'friendship' with LockBitSupp. He detailed how he managed to gain the hacker king's trust by using a fake personality. He then maintained the relationship even after DiMaggio revealed his identity publicly. 

He openly infiltrated the LockBit gang and tricked LockBitSupp into giving him details of the operation, quoted from TechCrunch, Tuesday (13/8/2024). 

"Our relationship has had a lot of ups and downs," he told TechCrunch. Initially, DiMaggio explained that he created a series of sockpuppet accounts to get close to people who appeared to have direct ties to LockBitSupp. He also observed their interactions. The goal of this phase was to create a cybercriminal figure with a history and underground connections, who would make it easier to portray himself as a credible figure when contacting LockBit and its administrators directly. 

"I monitor conversations that seem irrelevant. This allows me to see the things they like and the things they don't like. That way, I can understand their political views," DiMaggio said. "If I had directly asked questions regarding their attacks and operations, it would have been very clear that I was a researcher," he added. 

DiMaggio said his initial attempts to join the gang were rebuffed. But he kept in touch with LockBitSupp and developed a friendship. He cracked jokes with LockBitSupp until he was finally able to casually ask questions about the details of the operation. For example, regarding the elements and types of attacks, how to choose targets, how to negotiate with victims, and related matters. 

In January 2023, DiMaggio wrote a long report about his findings while conducting secret research. At that time, DiMaggio thought this would end his relationship with LockBitSupp. On the contrary, the gang leader seemed to take it lightly. He even spoke on the forum about his hopes of being invited by DiMaggio to go on a cruise. He openly said that he wanted to enjoy life as a famous cyber criminal. That came as a surprise to DiMaggio. 

"The person I know, although motivated by money, is not a flashy person. He's not the kind of person who is obsessed with material things," DiMaggio said. 

"So there is a big difference in the attitude and personality that he displays in these forums compared to the people I talk to personally," he said. Then, DiMaggio says LockBitSupp started using his LinkedIn photo as an avatar on hacking forums to mock him. 

"This is a game of cat and mouse. LockBit has played this kind of game, just like me," he said. 

DiMaggio said the LockBit group could actually be 'shaken' psychologically. LockBitSupp was offline for 12 days, then came back and kept in touch with DiMaggio. 

LockBit claims responsibility for a massive cyberattack on a hospital that threatened children in Chicago. This was the second attack on a young children's facility, after the attack on SickKids hospital in Toronto. 

DiMaggio admitted that he was very angry with the attack. He even almost sent an angry message to LockBitSupp. However, he gave up his intention because he realized he couldn't act emotionally towards his target. 

FBI Reveals Identity of Hacker King

Later, law enforcement took down LockBit's site and temporarily disrupted the gang's operations. DiMaggio said he decided to focus all his efforts on identifying LockBitSupp. "At this point, LockBit knew they were being chased," DiMaggio said. The manhunt was facilitated by an anonymous tip someone sent DiMaggio. The tipper, DiMaggio said, gave him a Yandex email address allegedly owned by LockBitSupp. 

With that starting point, DiMaggio says he was able to unravel the mystery of LockBitSupp's identity, leading him to someone named Dmitry Khoroshev. But as tantalizing as the findings were, DiMaggio couldn't be completely sure. 

Then, something happened beyond his expectations. Authorities updated the seized LockBit website with the aim of revealing LockBitSupp's identity. 

DiMaggio then contacted the FBI. It said it had identified Khoroshev as LockBit's administrator. DiMaggio also plans to write a report that reveals this. DiMaggio asked the FBI whether it should wait to publish its report or not. 

"If they told me to wait, then there's a good chance I got the right person. If they told me to do whatever I wanted, I probably would have kept waiting because maybe I had the wrong person," said DiMaggio, who added that the FBI told him to wait. 

DiMaggio was on his way to the RSA cybersecurity conference in San Francisco. "I am writing everything I have about Khoroshev. And I will wait until the alarm goes off. And when they publish it, if we have the same person, I will publish my report," he explained. 

When the 24-hour countdown reached zero, as promised, the US Department of Justice accused Dmitry Khoroshev of being the mastermind and administrator of LockBit. At that point, DiMaggio was able to broadcast his own report on Khoroshev. "This is the first time I've ever doxed someone. And yes, they released his name, I released everything else about this guy. I have where he lives, I have his phone number, current and past," DiMaggio said. 

DiMaggio even wrote an open message to Khoroshev. He said goodbye while explaining that he had to reveal the identity of the hacker king before someone else did. "LockBitSupp, you're a smart guy. You said it's not about the money anymore, and you want to have millions of victims before you stop. Sometimes you need to know when to stop. It's time, my old friend," DiMaggio wrote. 

"You have always been transparent with me, and I want to be blunt with you. Take your money and enjoy your life before ending up in a situation where you can't. Just like REvil, you have gone too far. I don't hate you. "I hate what you did, and I didn't mean to make you angry because we've known each other for a long time," he continued. "It's time to move on," he concluded. 

Raja Hacker Dunia Kuras Rekening Ternyata Hidup Sederhana

Foto: Infografis/Siapakah Bjorka, Hacker yang Bikin Pemerintah RI Ketar Ketir?/Aristya Rahadian

HOLIDAY NEWS - Raja hacker di balik geng ransomware kawakan LockBit ternyata sosok yang sederhana. Setidaknya begitu menurut peneliti keamanan siber Jon DiMaggio yang sempat menyamar dan menjalin persahabatan dengan sang penguasa serangan siber.

DiMaggio berpura-pura menjadi penjahat internet pemula yang tertarik untuk bergabung dengan geng tersebut. Pada akhirnya DiMaggio mampu mengetahui identitas asli LockBitSupp sebelum diungkapkan ke publik oleh pihak berwajib.

Berbicara di konferensi peretasan Def Con di Las Vegas pada pekan lalu, DiMaggio menceritakan keseluruhan kisah 'pertemanannya' dengan LockBitSupp.

Ia memperinci bagaimana bisa mendapatkan kepercayaan sang raja hacker dengan menggunakan kepribadian yang dibuat-buat. Ia kemudian mempertahankan hubungan tersebut bahkan setelah DiMaggio mengungkap identitasnya di depan umum.

Ia buka-bukaan telah menyusup ke dalam geng LockBit dan menipu LockBitSupp agar memberikan perincian operasi kepadanya, dikutip dari TechCrunch, Selasa (13/8/2024).

"Hubungan kami memiliki banyak naik-turun," kata dia kepada TechCrunch.

Awalnya, DiMaggio menjelaskan bahwa dia membuat serangkaian akun sockpuppet untuk mendekati orang-orang yang tampaknya memiliki hubungan langsung dengan LockBitSupp. Ia juga mengamati interaksi mereka.

Tujuan dari fase ini adalah menciptakan sosok penjahat dunia maya yang memiliki sejarah dan koneksi di bawah tanah, yang akan mempermudah mencitrakan dirinya sebagai sosok kredibel ketika menghubungi LockBit dan administratornya secara langsung.

"Saya memantau percakapan yang tampaknya tidak relevan. Hal ini memungkinkan saya untuk melihat hal-hal yang mereka sukai dan hal-hal yang tidak mereka sukai. Dengan begitu, saya bisa memahami pandangan politik mereka," kata DiMaggio.

"Jika saya langsung mengajukan pertanyaan terkait serangan dan operasi mereka, akan sangat jelas bahwa saya adalah seorang peneliti," ia menambahkan.

DiMaggio mengatakan upaya awalnya untuk bergabung dengan geng tersebut ditolak. Namun dia terus berhubungan dengan LockBitSupp dan menjalin persahabatan.

Ia melontarkan lelucon dengan LockBitSupp sampai akhirnya bisa dengan santai mengajukan pertanyaan tentang detail operasinya. Misalnya soal elemen dan jenis serangan, bagaimana memilih target, bagaimana bernegosiasi dengan korban, dan hal-hal terkait.

Pada Januari 2023, DiMaggio menulis laporan panjang tentang temuannya selama melakukan penelitian rahasia. DiMaggio kala itu mengira hal itu sekaligus mengakhiri hubungannya dengan LockBitSupp.

Sebaliknya, pemimpin geng itu tampaknya menganggap enteng hal tersebut. Ia bahkan mengumbar di forum soal harapannya diajak DiMaggio untuk naik kapal pesiar.

Ia blak-blakan mengatakan ingin menikmati hidup sebagai penjahat siber yang terkenal. Hal itu mengejutkan bagi DiMaggio.

"Orang yang saya kenal, meskipun termotivasi oleh uang, bukan orang yang mencolok. Dia bukan tipe orang yang terobsesi dengan materi," kata DiMaggio.

"Jadi ada perbedaan besar dalam sikap dan kepribadiannya yang dia tunjukkan di forum-forum ini dibandingkan dengan orang yang saya ajak bicara secara personal," ia menuturkan.

Lalu, DiMaggio mengatakan LockBitSupp mulai menggunakan foto LinkedIn-nya sebagai avatar di forum peretasan untuk meledek dirinya.

"Ini adalah permainan seperti kucing dan tikus. LockBit sudah bermain game semacam ini, sama seperti saya," kata dia.

DiMaggio mengatakan kelompok LockBit sebenarnya bisa 'diguncang' secara psikologis. LockBitSupp sempat offline selama 12 hari, lalu kembali dan tetap berkomunikasi dengan DiMaggio.

LockBit mengklaim bertanggung jawab atas serangan siber besar-besaran di rumah sakit yang mengancam anak-anak di Chicago. Ini adalah penyerangan kedua ke fasilitas anak kecil, setelah menyerang rumah sakit SickKids di Toronto.

DiMaggio mengaku sangat geram dengan aksi penyerangan itu. Dia bahkan hampir mengirimkan pesan amarah ke LockBitSupp. Namun ia mengurungkan niatnya karena sadar tak bisa bertindak emosional ke targetnya.

FBI Ungkap Identitas Raja Hacker

 

Kemudian, penegak hukum menghapus situs LockBit dan mengganggu operasi geng tersebut untuk sementara. DiMaggio mengatakan dia memutuskan untuk memfokuskan semua upayanya untuk mengidentifikasi LockBitSupp.

"Pada poin ini, LockBit tahu mereka sedang dikejar," kata DiMaggio.

Perburuan itu difasilitasi oleh tip anonim yang dikirimkan seseorang kepada DiMaggio. Pemberi informasi, kata DiMaggio, memberinya alamat email Yandex yang diduga dimiliki oleh LockBitSupp.

Dengan titik awal itu, DiMaggio mengatakan dia mampu mengungkap misteri identitas LockBitSupp, membawanya ke seseorang bernama Dmitry Khoroshev. Namun meskipun temuan itu menggiurkan, DiMaggio tidak bisa sepenuhnya yakin.

Kemudian, sesuatu terjadi di luar dugaannya. Pihak berwenang memperbarui situs LockBit yang disita dengan tujuan mengungkapkan identitas LockBitSupp.

DiMaggio lantas menghubungi FBI. Ia mengatakan telah mengidentifikasi Khoroshev sebagai administrator LockBit. DiMaggio juga berencana menulis laporan yang mengungkapkan hal itu.

DiMaggio menanyakan kepada FBI apakah ia harus menunggu untuk mempublikasikan laporannya atau tidak.

"Jika mereka menyuruh saya menunggu, maka ada kemungkinan besar saya mendapatkan orang yang tepat. Jika mereka menyuruh saya melakukan apa pun yang saya inginkan, saya mungkin akan tetap menunggu karena mungkin saya salah orang," kata DiMaggio, yang menambahkan bahwa FBI menyuruhnya menunggu.

DiMaggio kala itu sedang dalam perjalanan ke konferensi keamanan siber RSA di San Francisco.

"Saya sedang menulis semua yang saya miliki tentang Khoroshev. Dan saya akan menunggu sampai alarm berbunyi. Dan ketika mereka menerbitkannya, jika kita memiliki orang yang sama, saya akan menerbitkan laporan saya," ia menjelaskan.

Ketika hitungan mundur 24 jam mencapai angka nol, seperti yang dijanjikan, Departemen Kehakiman AS menuduh Dmitry Khoroshev sebagai dalang dan administrator LockBit. Pada saat itu, DiMaggio dapat menyiarkan laporannya sendiri tentang Khoroshev.

"Ini adalah pertama kalinya saya melakukan doxing pada seseorang. Dan ya, mereka merilis namanya, saya merilis semua hal lainnya tentang pria ini. Saya punya tempat tinggalnya, saya punya nomor teleponnya, saat ini dan sebelumnya," kata DiMaggio.

DiMaggio bahkan menuliskan pesan terbuka kepada Khoroshev. Ia mengucapkan salam perpisahan sembari menjelaskan ia harus mengungkap identitas sang raja hacker sebelum orang lain melakukannya.

"LockBitSupp, kamu orang yang pintar. Kamu bilang ini bukan soal uang lagi, dan kamu ingin memiliki jutaan korban sebelum berhenti. Terkadang kamu perlu tahu kapan harus berhenti. Ini saatnya, teman lamaku," tulis DiMaggio.

"Kamu selalu transparan kepadaku, dan aku ingin blak-blakan kepadamu. Ambil uangmu dan nikmati hidupmu sebelum berakhir dalam situasi di mana kamu tidak bisa melakukannya. Sama seperti REvil, kamu telah bertindak terlalu jauh. Aku tidak membencimu. Aku benci apa yang kamu lakukan, dan aku tidak berniat membuatmu marah karena kita sudah saling kenal sejak lama," ia melanjutkan.

"Saatnya untuk move on," ia memungkasi.