Share this page!

Jeremy Kirk (@jkirk@infosec.exchange) Profile picture
Twitter logo
Feb 9 4 tweets 2 min read
Short 🧵on Trickbot. Vitaly Kovalev's (aka "Bentley") indictment was originally filed 13 years go. It shows: 1) He was ID'd IRL long ago 2) Name and shame is now favored and 3) Maybe more old sealed indictments will be released? #infosec
US alleges Trickbot actors "are associated with Russian Intelligence Services." Conti leaks and other tidbits and data over the years pointed to potential ties between the state and cybercriminals. home.treasury.gov/news/press-rel… #infosec
It's also interesting that the indictment against Kovalev is for alleged banking and fraud crimes from the era before ransomware really took off. I wonder why they didn't release a fresh indictment related to Conti? #infosec #trickbot
A correction: Kovalev's indictment was filed 11 years ago, not 13. The author, who lives in 2025, regrets the error.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jeremy Kirk (@jkirk@infosec.exchange)

Jeremy Kirk (@jkirk@infosec.exchange) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Jeremy_Kirk

Jeremy Kirk (@jkirk@infosec.exchange) Profile picture
Feb 10
Before an F-22 destroyed China's balloon, a U-2 spy plane took photos of it. The U-2, now 70-year-old high-altitude surveillance plane, is still proving its utility. I did a story on it in 1999 whilst in South Korea. This is me with one after it came back from a mission. Image
This is pre-mission. Pressurised space suit, pre-flight plans. ImageImageImageImage
The U-2 is tricky to fly and land. The wide wingspan allows it to fly to where the air is very thin (70K feet, 21K meters - China's balloon was around 18K meters) It's a single-seater, so I waited while it was on a mission.
Read 6 tweets
Jeremy Kirk (@jkirk@infosec.exchange) Profile picture
Jan 21
My younger brother was found dead in his apartment. He was 46 years old. His story is a family tragedy. It illustrates the importance of recognising mental health issues early. My parents and I are devastated. In the pic, he's in the middle. #mentalhealth #mentalillness
My brother was a handsome, blonde haired-kid. He was two-and-a-half years younger. Our relationship was typical. Sparring siblings but friends in the same household. We were never close, but united in an upbringing from loving, caring parents. But we were different.
Teachers noticed. I abided by rules, did well in school. He started to have behavioural issues. When he was in second or third grade, teachers began asking an odd question to my parents: Is he from your family? To them, the difference between us was stark.
Read 14 tweets
Jeremy Kirk (@jkirk@infosec.exchange) Profile picture
Jan 19
The multinational arrests in December aimed at DDoS for-hire services was quite a strike, and law enforcement revealed some interesting trends around DDoS services and those purchasing them. An analysis by @Intel471Inc here: intel471.com/blog/will-rece… #infosec
The FBI made some key points in an affidavit. LE seized a half-dozen DDoS customer databases, which should unnerve past customers. Also, payment for DDoS has shifted from PayPal, Google Wallet, etc. to crypto after LE pressure.
Bitcoin of course is highly traceable, so it's another avenue for investigation, particularly if DDoS crypto purchasers use exchanges practicing KYC.
Read 5 tweets
Jeremy Kirk (@jkirk@infosec.exchange) Profile picture
Nov 18, 2022
Just after @FTX_Official collapsed, I received a small post card from Japan. The sender was Mt. Gox. Here's how I bought a bitcoin for $12, got stung in the first big crypto exchange collapse plus some thoughts about cryptocurrency and its future. #infosec #ftx #cryptocurrency ImageImage
A decade ago, I bought a bitcoin for $12. I was intrigued to investigate how it worked. The blockchain and bitcoin's shadowy architect, Satoshi Nakamoto, was fascinating. It felt mysterious, somewhat rebellious and was a technological marvel. #cryptocurrency
I bought more bitcoins. I was interested in how trading worked. Mt. Gox, the exchange in Tokyo, was king. It felt wild and exciting: Buying private keys for cash wired to Japan, which are then sent by open-source software. I had 300 bitcoins at one time.
Read 12 tweets
Jeremy Kirk (@jkirk@infosec.exchange) Profile picture
Nov 10, 2022
How we got here with @medibank. It initially said compromised login credentials were used (that may have involved VPN access). The attackers claim they accessed Redshift - an Amazon data warehousing product - via jump servers. #auspol #infosec (1/4)
The @medibank attackers said they spent a month digging around @medibank's systems and then eventually dumped the tables with personally identifiable information, eventually putting them in .csv files that were supplied to Medibank as proof. #infosec #auspol (2/4)
The attackers also claim access to @medibank's Confluence server (Atlassian's collaboration software) and grabbed source code from Stash, a source code management tool. #infosec #auspol (3/4)
Read 4 tweets
Jeremy Kirk (@jkirk@infosec.exchange) Profile picture
Nov 7, 2022
The @medibank attackers have written a short post saying the "data will be publish in 24 hours" and "P.S. I recommend to sell medibank stocks." They've also linked to the YouTube video of @markhumphries recent satirical Medibank piece. #auspol #infosec HT @AlvieriD + @ecrime_ch Image
I just fielded a good question from a reporter: How can we trust that this group/site is @medibank's real extortionist? And how can we verify that? There's a bit of complicated history behind it, but @BleepinComputer has it here: bleepingcomputer.com/news/security/…
@medibank @BleepinComputer Essentially, this new blog/data leak site is from a group researchers just call "BlogXX" for lack of self-defined name by the group itself. It has linkages to the infamous REvil ransomware gang, which attacked @KaseyaCorp, JBS Foods, the state of Texas.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(