Ryan McFarlane
๐ค SpeakerAppearances Over Time
Podcast Appearances
what some of their campaigns looked like, how they were loading additional plugins.
So at this time, this group had a number of different lines of business.
They were treating all these infected systems, and it was about 400,000 of these systems at the time.
And every computer could do a bunch of different functions.
We saw them instructing these computers to join mining pools and mine cryptocurrency for them.
They could be used as proxies, and some of those proxies were sold on Alphabay to other cyber criminals out there.
they were doing some ad fraud they were mining those systems for credit card information which they they then sold on alpha bay as well so they were alpha bay vendors they were replacing
your internet browser with a custom version of their own internet browser.
And everything that was done over that internet browser was uploaded to a couple of servers in North Carolina.
And then we'd actually see them go and mine
So if they needed Bank of America accounts, they could jump in there and show me all the Bank of America accounts that I have login information to.
They could go to Chase and issue a command to say, show me all the Chase data I've taken.
we had the largest data intercept in the Bureau.
For this case, because it was all going through, all the command and control traffic was going through these servers.
And we had to keep re-upping because we were getting little snippets here and there.
Occasionally, we'd catch them emailing a new email account that we hadn't seen before, and that turned out to be one of their money mules.