It is recommend to listen to episodes 53 “Shadow Brokers”, 71 “FDFF”, and 72 “Bangladesh Bank Heist” before listening to this one.
In May 2017 the world fell victim to a major ransomware attack known as WannaCry. One of the victims was UK’s national health service. Security researchers scrambled to try to figure out how to stop it and who was behind it.
Thank you to John Hultquist from FireEye and thank you to Matt Suiche founder of Comae.
Sponsors
Support for this episode comes from LastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. Visit LastPass.com/Darknet to start your 14 day free trial.
This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project.
Sources
- https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and
- https://www.reuters.com/article/us-sony-cybersecurity-northkorea/in-north-korea-hackers-are-a-handpicked-pampered-elite-idUSKCN0JJ08B20141205
- https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/
- https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html
- https://steemit.com/shadowbrokers/@theshadowbrokers/oh-lordy-comey-wanna-cry-edition
- https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
- https://www.comae.com/posts/2017-04-14_shadowbrokers-the-nsa-compromised-the-swift-network/
- https://www.cyberscoop.com/matthieu-suiche-shadow-brokers-comae-technologies/
- https://www.comae.com/posts/2017-05-12_wannacry-the-largest-ransom-ware-infection-in-history/
- https://msrc-blog.microsoft.com/2017/05/12/customer-guidance-for-wannacrypt-attacks/
- https://www.comae.com/posts/2017-05-14_wannacry-new-variants-detected/
- https://www.comae.com/posts/2017-05-19_wannacry-decrypting-files-with-wanakiwi-demos/
- https://www.comae.com/posts/2017-05-15_wannacry-links-to-lazarus-group/
- https://twitter.com/msuiche/status/864179805402607623
- https://www.thenewslens.com/article/124622
- https://www.wsj.com/articles/how-north-koreas-hackers-became-dangerously-good-1524150416
- https://www.zdnet.com/google-amp/article/aspi-wants-statutory-authority-to-prevent-foreign-interference-through-social-media/
- https://blog.lexfo.fr/ressources/Lexfo-WhitePaper-The_Lazarus_Constellation.pdf
- https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/
- Video: hacker:HUNTER - Wannacry: The Marcus Hutchins Story - All 3 Chapters
- RiskSense Eternal Blue Proof of Concept blog post
Attribution
Darknet Diaries is created by Jack Rhysider.
Sound design by Garrett Tiedemann.
Episode artwork by odibagas.
Audio cleanup by Proximity Sound.
Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.
Equipment
Recording equipment used this episode was the Shure SM7B, a cloudlifter, Motu M2, Sony MDR7506 headphones, and Hindenburg audio editor.
Transcript
[START OF RECORDING] JACK: Hey, it’s Jack, host of the show. Listen, you might not be ready for this episode. There’s a few prerequisites I recommend you do first. First, we’re gonna be talking about the Shadow Brokers in this episode and I already covered them in Episode 53, so I highly encourage you to check that episode out first – which is just called Shadow Brokers – before this one. Second, I made Episode 71, 72, and 73 to be listened to in that order, and since this is Episode 73, maybe check out the two episodes before this first. Of course, you don’t have to; this episode still stands on its own anyway, but that’s my recommendation. Okay, so with that out of the way, let’s jump right into it.