Ukraine: Cyberwar’s Hottest Front – By Margaret Coker and  Paul Sonne Nov. 9, 2015 9:14 p.m. ET

Ukraine gives glimpse of future conflicts where attackers combine computer and traditional assaults

A woman votes in Kiev in May 2014. A cyberattack ahead of Ukraine’s 2014 presidential election threatened to derail the vote.

A woman votes in Kiev in May 2014. A cyberattack ahead of Ukraine’s 2014 presidential election threatened to derail the vote. Photo: Dan Kitwood/Getty Images

KIEV, Ukraine—Three days before Ukraine’s presidential vote last year, employees at the national election commission arrived at work to find their dowdy Soviet-era headquarters transformed into the front line of one of the world’s hottest ongoing cyberwars.

The night before, while the agency’s employees slept, a shadowy pro-Moscow hacking collective called CyberBerkut attacked the premises. Its stated goal: To cripple the online system for distributing results and voter turnout throughout election day. Software was destroyed. Hard drives were fried. Router settings were undone. Even the main backup was ruined.

The carnage stunned computer specialists the next morning. “It was like taking a cold shower,” said Victor Zhora, director of the Ukrainian IT firm Infosafe, which helped set up the network for the elections. “It really was the first strike in the cyberwar.”

In just 72 hours, Ukraine would head to the polls in an election crucial to cementing the legitimacy of a new pro-Western government, desperate for a mandate as war exploded in the country’s east. If the commission didn’t offer its usual real-time online results, doubts about the vote’s legitimacy would further fracture an already divided nation.

The attack ultimately failed to derail the vote. Ukrainian computer specialists mobilized to restore operations in time for the elections. But the intrusion heralded a new era in Ukraine that showed how geopolitical confrontation with Russia could give rise to a nebulous new cabal of cyberfoes, bent on undermining and embarrassing authorities trying to break with the Kremlin.

In the last two years, cyberattacks have hit Ukraine’s Ministry of Foreign Affairs, Ministry of Defense and the presidential administration. Military communications lines and secure databases at times were compromised, according to Ukrainian presidential and security officials. A steady flow of hacked government documents have appeared on the CyberBerkut website.

Ukraine offers a glimpse into the type of hybrid warfare that Western military officials are urgently preparing for: battles in which traditional land forces dovetail with cyberattackers to degrade and defeat an enemy. It also illustrates the difficulties that nations face in identifying and defending against a more powerful cyberfoe.

Article continues:

Digital Counterinsurgency – By Jared Cohen November/December 2015 Issue

The Islamic State, or ISIS, is the first terrorist group to hold both physical and digital territory: in addition to the swaths of land it controls in Iraq and Syria, it dominates pockets of the Internet with relative impunity. But it will hardly be the last. Although there are still some fringe terrorist groups in the western Sahel or other rural areas that do not supplement their violence digitally, it is only a matter of time before they also go online. In fact, the next prominent terrorist organization will be more likely to have extensive digital operations than control physical ground.Screen Shot 2015-10-31 at Oct 31, 2015 5.37

Although the military battle against ISIS is undeniably a top priority, the importance of the digital front should not be underestimated. The group has relied extensively on the Internet to market its poisonous ideology and recruit would-be terrorists. According to the International Centre for the Study of Radicalisation and Political Violence, the territory controlled by ISIS now ranks as the place with the highest number of foreign fighters since Afghanistan in the 1980s, with recent estimates putting the total number of foreign recruits at around 20,000, nearly 4,000 of whom hail from Western countries. Many of these recruits made initial contact with ISIS and its ideology via the Internet. Other followers, meanwhile, are inspired by the group’s online propaganda to carry out terrorist attacks without traveling to the Middle East.

ISIS also relies on the digital sphere to wage psychological warfare, which directly contributes to its physical success. For example,

Security This Week: Apparently China Is Still Hacking US Companies – YAEL GRAUER. 10.24.15. 7:00 AM

This week, a group of teenagers hacked CIA director John Brennan’s private AOL account, and WikiLeaks started publishing his leaked emails. Some ingenious French criminals exploited the supposedly secure chip and pin credit cards that are even more secure than what the US just adopted. (Let’s just say we told you so.) Facebook will now warn users about nation-state attacks, but it will also allow users to find public posts using search, so you may want to consider hiding yours. And WIRED set the record straight on the importance of reporting on car hacking.

But that’s not all. Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And stay safe out there!

China Said It Would Stop Hacking US Companies, But It Didn’t

The US and China reached a historic agreement last month to stop hacking into each other’s systems to steal economic secrets. But according to the American security company Crowdstrike, this hasn’t stopped hackers with ties to the Chinese government from continuing to target US companies. In fact, one attack took place the very next day after the agreement was reached. However, there’s a possibility that the hackers were acting on their own rather than following government orders.

Article continues:

Government Is the Biggest Cybersecurity Threat – By Tom Risen Oct. 2, 2015 | 3:54 p.m. EDT

Government workers see their own agencies as a bigger cybersecurity threat than hackers from China or Russia, according to a new survey.Federal IT workers are more concerned about employees who don't properly protect government networks than they are of foreign hackers, a new study revealed.

Federal IT workers are more concerned about employees who don’t properly protect government networks than they are of foreign hackers, a new study revealed.

The Obama administration has worked to boost the networks of the federal government, which have endured a string of data breaches in recent years, including the massive theft of information on an estimated 21.5 million federal employees or job applicants from the databases of the Office of Personnel Management. The hack is thought to have originated in China, but the biggest threat is in Washington, D.C., according to a new survey of federal IT workers sponsored by Hewlett-Packard and conducted by the Ponemon Institute.

The biggest threat to federal cybersecurity is “the negligent insider” at an agency who fails to take enough precautions while using or protecting government networks, according to 44 percent of federal workers responding to the survey. Only 30 percent of respondents stated that nation-state hackers were the primary threat, according to the survey. Hacks known as “zero-day attacks,” so-called because they have never been used publicly, and mistakes by third-party government contractors each tallied 36 percent as the primary threat among respondents.

Article continues:

Cyber Sleuths Track Hacker to China’s Military – By JOSH CHIN Sept. 23, 2015 5:00 p.m. ET

The story of a Chinese military staffer’s alleged involvement in hacking provides a detailed look into Beijing’s sprawling state-controlled cyberespionage machinery

Security researchers have linked a Chinese military staffer to a hacker collective called Naikon. Shown, Chinese soldiers on parade in Beijing earlier this month.

Security researchers have linked a Chinese military staffer to a hacker collective called Naikon. Shown, Chinese soldiers on parade in Beijing earlier this month. PHOTO: YAO DAWEI/XINHUA/ZUMA PRESS


Security researchers have linked a Chinese military staffer to a hacker collective called Naikon. Shown, Chinese soldiers on parade in Beijing earlier this month. Photo: Yao Dawei/Xinhua/Zuma Press


Josh Chin

Sept. 23, 2015 5:00 p.m. ET

KUNMING, China—The email attachment would tempt anyone following the diplomatic standoff between China and other countries in the South China Sea. The Microsoft Word document contained text and photos depicting Thai naval personnel capturing Vietnamese fishermen and forcing them to kneel at gunpoint.

But the attachment was a decoy: Anyone who opened it inadvertently downloaded software that searched their computers for sensitive information and sent it to an obscure corner of the Internet. Manning that corner, according to a new report from U.S. security researchers, was Ge Xing, a member of a Chinese military reconnaissance unit.

The growing reach of China’s army of cyberwarriors has become a flash point in relations between Beijing and Washington that President Barack Obamasays will be a focus during Chinese President Xi Jinping ’s state visit to the U.S. this week.

Cyberspace is the newest domain in warfare, and China’s relentless testing of its boundaries has flustered the U.S. The story of the Chinese military staffer’s alleged involvement in hacking provides a detailed look into Beijing’s sprawling state-controlled cyberespionage machinery.

Mr. Ge doesn’t appear to fit the hacker stereotype. His published academic papers identify him as an expert in a nontechnical subject: Thai politics. Frequent posts on Chinese social media that researchers have linked to him show him to be a new father and avid bicyclist who drives a white Volkswagen Golf sedan and occasionally criticizes the government.

But his activity elsewhere on the Internet links him to a Chinese hacker collective that attacks targets in an area of strategic interest to the U.S., according to the report by cybersecurity concern ThreatConnect and security consulting firm Defense Group Inc.

The U.S. has been caught flat-footed in recent months by a string of cyberintrusions in which Chinese state-sponsored hackers are the leading suspects. They include the theft of sensitive personal data on millions of government employees from computers at the U.S. Office of Personnel Management, and similar network breaches at health insurers and other companies.

Under pressure to respond, the White House has begun preparing a list of sanctions against Chinese companies that U.S. officials believe have benefited from cybertheft of U.S. corporate secrets, Mr. Obama said last week. Those sanctions, if implemented, wouldn’t address state-to-state hacking.

Beijing has bristled at U.S. finger-pointing on cybersecurity and portrayed itself as a victim of hacking, pointing to disclosures by former U.S. security contractor Edward Snowden of U.S. government cyberspying on China. “Cybertheft of commercial secrets and hacking attacks against government networks are both illegal,” Mr. Xi told the Journal in a written interview prior to embarking on his U.S. visit. “Such acts are criminal offenses and should be punished according to law and relevant international conventions.”

The ThreatConnect-DGI report helps throw new light on a still little-understood aspect of China’s cyber operations: the relationship between the country’s military and an aggressive corps of Chinese-speaking hackers that appear to be pressing the country’s interests abroad.

Through accounts allegedly tied to Mr. Ge, the report draws a direct link between his unit, People’s Liberation Army Unit 78020, a military intelligence arm based in China’s southwest, and a hacker collective known as Naikon that security researchers say has successfully penetrated key computer networks in countries competing with China for control over the South China Sea.

“What we see from Chinese intrusions is that they have a very grass roots, bottom-up kind of model,” said James Mulvenon, director of DGI’s Center for Intelligence Research and Analysis. “They have a lot of groups that are encouraged with relatively vague guidance to go out and develop hundreds of accesses and bring back lots of data.”

Two academic papers on Thailand’s political situation Mr. Ge published in 2008 identify him as working for Unit 78020, a technical reconnaissance bureau based in the southwestern Chinese city of Kunming. It is one of more than two dozen such bureaus within the PLA tasked with intelligence gathering, analysis and computer network defense and exploitation, according to Mark Stokes, executive director at Virginia think tank Project 2049 Institute and an authority on the role of China’s military in signals intelligence like cyberspying.

Unit 78020 is controlled by the PLA’s Chengdu Military Region, which is responsible for securing Tibet as well as China’s borders with Vietnam, Myanmar and India. Another reconnaissance bureau under the Chengdu Military Region was responsible for the hacking of computer networks connected to exiled Tibetan spiritual leader the Dalai Lama, Mr. Stokes said. Given the region’s focus on the border, “it also makes sense that they would do collections related to the South China Sea,” he said.

Staff with Unit 78020’s propaganda office declined requests for an interview. A spokesman for Chengdu Military Region referred questions to the defense ministry, which didn’t respond to requests for comment. The foreign ministry also didn’t respond to requests for comment.


The ThreatConnect-DGI report makes the connection between the unit and the hacking group by matching Mr. Ge’s alleged activity on social media, where he uses the name greensky27, with activity on a part of Naikon’s network that also uses the greensky27 name. The Wall Street Journal reviewed the report before its publication, verifying its observations of Mr. Ge’s social-media activity and other evidence linking him to Unit 78020 and Naikon.

Researchers at PassiveTotal, a U.S. cybersecurity threat analysis company that provided some of the data for the report, said the report offered fair insight into how data about the use of hackers’ infrastructure can be used to track and identify potential threats.

In a brief phone conversation with the Journal in August, Mr. Ge confirmed he uses the greensky27 name on social media but declined to speak further when told he was the subject of a report. “If you publish, I’ll call the police,” he said and hung up before hearing the substance of the report. He didn’t answer subsequent phone calls or questions later sent by text message.

The greensky27 Naikon domain went dormant within an hour of the Journal’s phone conversation with Mr. Ge, according to ThreatConnect. Recent visits to the domain show it is still offline.

Named by experts after a piece of code found in malware it once used, Naikon sends well-crafted emails to trick recipients into opening attachments infected with malicious software, according to researchers. Infected attachments they have used include a calendar of Laotian beauty contestants, news stories and memos on strategic topics in English and local languages, and memos that appear to be based on classified information, according to a May report by Russian antivirus maker Kaspersky Lab.

Relying on this technique—known as spearphishing—Naikon has penetrated the networks of governments, military, media and energy companies in Vietnam, the Philippines and other countries throughout Southeast Asia, Kaspersky said. “Their success rate has been high,” said Kurt Baumgartner,principal security researcher at Kaspersky. “When they want to get in, they get in.”

China’s claims to sovereignty over vast swaths of the South China Sea—one of the world’s busiest shipping routes—have sparked conflict with many of its neighbors, including U.S. ally the Philippines. Beijing has rejected U.S. criticisms of its claims, saying territorial disputes should be settled bilaterally between those directly affected. It has also pressed ahead with island-building in disputed areas, raising tensions the U.S. fears could destabilize the region.

The malicious software Naikon uses to spy on its targets is “stone age” compared with what Russian hackers use, said Richard Barger, chief intelligence officer at ThreatConnect, but it doesn’t necessarily need to be advanced. “The targets they’re most likely going up against, this would be sophisticated for them,” he said.

ThreatConnect said it found Mr. Ge through a break in Naikon’s usual pattern. To siphon off stolen information without being detected, Naikon uses hundreds of special Internet domains—akin to Web addresses—that are able to connect at various places around the Internet. The names of most of those domains appear to refer to targets or are designed to mimic legitimate websites in target countries, but the greensky27 domain didn’t fit either of those criteria, ThreatConnect said.

Kunming connection

Looking at the greensky27 domain’s activity over a five-year period, researchers found it making an unusually large number of long-lasting connections to Internet addresses in the southwestern Chinese city of Kunming, according to the report. Chinese-language analysts at DGI followed that lead and discovered multiple Internet accounts making references to Kunming that used the same greensky27 name.

Comparing the domain with the social-media accounts, the researchers found a pattern. In February 2012, for example, the domain made a series of connections to Internet servers in Beijing on the same dates a user posting under greensky27 on Tencent Holdings Ltd. ’s microblogging platform indicated that he was visiting the city. The domain went dormant for more than a week in November that same year, starting the day a user named greensky27 posted a message announcing the birth of a boy surnamed Ge on a discussion board maintained by Chinese search giant Baidu Inc., the report said.

DGI said it found a clue to Mr. Ge’s identity in photos posted on the greensky27 Tencent account in 2013 that showed a visit to what it called the Ge family ancestral temple in Yuxi county, about 50 miles south of Kunming. Digging around further online, DGI said it found Mr. Ge’s full name and phone number, as well as the academic papers listing Mr. Ge as working for Unit 78020. Mr. Ge’s rank in the military and specific role within the unit are unclear, the researchers said.

A series of skyline snapshots Mr. Ge allegedly posted online during work hours between 2011 and 2013 confirm an affiliation with the military. Taken from the same vantage point, they show a view of a tall apartment tower that could have been captured only from inside a military complex located in downtown Kunming.

Another series of photos showed snow-covered cars in a parking lot with a water tower in the background that also indicated they were shot from inside the military compound, the report said. “Little Golf and his buddies,” he wrote, in apparent reference to his car and to those parked around it.

On a recent visit to the complex by a Journal reporter, security personnel confirmed the compound belongs to Unit 78020 of the People’s Liberation Army. Staff with the unit’s propaganda office wouldn’t say whether Mr. Ge worked there.

The user was coy about discussing his military background on social media. The Tencent account listed him as having attended PLA International Studies University in 1998. In 2014, he posted photos of a visit to the university’s campus in the city of Nanjing with a short message: “Just posting photos, not explaining, look for yourself.” A couple of weeks later he posted photos of a PLA firefighter demonstration and from an event celebrating the PLA’s 87th anniversary. “Not explaining,” he wrote again.

Quiet at holidays

Some of his early posts contained cryptic political and social commentary. “Faith = Whatever the party tells me to do, I do,” he wrote in a post in July 2012. In another post the previous fall, he repeated a common joke about China’s state TV broadcaster’s tendency to emphasize the positive in its nightly news show: “I have a dream—to always live inside Xinwen Lianbo.”

After the birth of his son in late 2012, his posts focused on family life, the weather and travel. One post early the following year featured a picture of a cluster of villas. “Ten year goal,” he wrote. The Tencent account was deleted within a day of the Journal’s call to Mr. Ge.

Activity on the greensky27 domain indicates a relatively regular work schedule. The domain connected to the Naikon network around 9 a.m., went quiet around lunch and typically signed off around 6 p.m., according to the report.

The domain also tended to go dormant around China’s annual Spring Festival holiday, the report said, but there were exceptions. In early 2012, according to ThreatConnect, the domain went silent for Spring Festival only to suddenly come to life the weekend of Jan. 27, a day after news broke that a delegation from the Philippines had launched talks in Washington over military cooperation with the U.S.

Data collected by ThreatConnect show frequent connections between the hacker domain and Internet addresses in Thailand beginning in 2012. Those connections began to tail off in May 2014, after the U.S. indictments of five PLA officers on charges of commercial cybertheft. China has denied the allegations.

The social-media feeds attributed to Mr. Ge indicate he spends much of his time either playing with his son or riding, repairing and talking about his mountain bike. Xiong Junwu, a bike shop owner and founder of Kunming’s Fattire Fun Bike Club, recognized a photo of Mr. Ge and said he occasionally joined the club’s weekly rides in the Kunming area.

Like many Chinese outdoors enthusiasts, Mr. Ge sometimes turned wistful when contemplating polluted skies. “Today’s air is only average,” he wrote next to a photo of a gray sky taken from inside the Unit 78020 compound. “Wishing peace to everyone and tranquility to the world.”

Write to Josh Chin at

Spy Agency Contractor Puts Out a $1M Bounty for an iPhone Hack – `ANDY GREENBERG.09.21.15. 10:49 AM

As long as hackers have sold their secret hacking techniques known as zero-day exploits to government spies, they’ve generally kept that trade in the shadows. Today it’s come into the spotlight with the biggest bounty ever publicly offered for a single such exploit: $1 million for a technique that can break into an iPhone or iPad running Apple’s freshly released iOS 9.

On Monday, a new security industry firm known as Zerodium announced that it will pay that seven-figure sum to anyone who gives the company a hacking technique that can take over an iOS device remotely, via a web page the victim visits, a vulnerable app on the victim’s device, or by text message. The company says it’s willing to pay the bounty multiple times, though it may cap the payouts at $3 million.

“Due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, Apple’s iOS is currently the most secure mobile OS,” reads the statement on Zerodium’s website announcing the bounty. “But don’t be fooled, secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here’s where the Million Dollar iOS 9 Bug Bounty comes into play.”

Zerodium founder Chaouki Bekrar has long been one of the few public faces of the zero-day industry; In addition to his new startup Zerodium, which launched in July, he’s also the founder of the more established French hacking firm Vupen, which has been unusually open about the fact that it develops intrusion techniques for popular software and sells them to government agencies around the world. With the new company and his flashy iOS bounty, Bekrar is expanding from merely creating zero-days to brokering them, too, as a kind of hacker middleman.

“Zerodium’s main goal is to capture the most advanced zero-day exploits and the highest risk vulnerabilities which are discovered, held, or sometimes stockpiled by talented researchers around the globe,” he wrote to WIRED in an email.


Article continues:

Security News This Week: US Homeland Security Is Vulnerable to Hacks, Too – YAEL GRAUER. 19.15. 09.0 AM

Adobe-Flash-Featured2Getty Images

It’s been quite an eventful week for hacks.  A lockscreen bypass attack for Android phones was detected, meaning it’s time to switch to a PIN or pattern unlock. And just because you’re on an iPhone doesn’t mean you’re exempt from phone hacking; you’ll want to turn off the Bluetooth-enabled Airdrop file sharing feature—unless you like malicious apps, that is. In a victory for privacy advocates, a small New Hampshire library did not succumb to bullying from Homeland Security and instead reinstated its Tor node after a board meeting. Oh, and a new crypto tool to anonymize surveys has come out. And, of course, a maker kid was arrested for bringing a homemade clock to school when his teacher thought it was a bomb. He’s now Silicon Valley’s newest hero.

But that’s not all. Each Saturday we round up the news stories that we didn’t cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted, and stay safe out there!

Facebook Will Start Targeting Ads Based on Your Shares and Likes Next Month

If you’re like most people, you’ve probably assumed that Facebook’s ad targeting algorithms are already using your “Like” and “Share” data to serve you targeted ads. Actually, that’s starting next month. Up ‘til now, the social media conglomerate has simply been logging the data and won’t begin using it to fine-tune ads until October. While there is a privacy setting allowing users to opt out of seeing targeted ads based on their online activity, the information is still being logged, so you can’t exactly opt out of having your web browsing tracked across multiple sites and browsing habits funneled into Facebook’s ad targeting system.

Obama Administration Faces Growing Support of Widespread Encryption

White House officials have apparently given up on legislation to address the rise of encryption, and may go so far as to publicly reject a law forcing companies to unlock customer communication devices under a court order, according to documents obtained by the Washington Post as well as comments from anonymous senior officials. The hope is that supporting encryption would repair trust in the government as well as U.S. tech companies. However, the intelligence community’s top lawyer, Robert S. Litt, thinks public opinion could turn in the event of a terrorist attack or a crime where strong encryption hinders law enforcement, and the government could always try to opportunistically backdoor encryption when that time comes.

The Department of Homeland Security Is Vulnerable to Hacking, Audit Finds

The Department of Homeland Security may be in charge of protecting government security, but its own information systems are vulnerable to hacking, according to an audit. Vulnerabilities on internal systems used by Immigration and Customs Enforcement and the Secret Service to report investigation statistics, case tracking, and information sharing were found. The report by the Office of the Inspector General for the Department stated that the vulnerabilities found “may allow unauthorized individuals to gain access to sensitive data.” Although it found some progress with coordination between agencies, the audit recommended department-wide training and strategic planning in response to a cyber attack.

ISIS Hackers Reported to Have Accessed Top Secret British Government Emails

A GCHQ investigation revealed that ISIS hackers intercepted top secret emails from the British government, according to Mirror</em>. Little information was revealed, except that ISIS apparently targeted information held by several of David Cameron’s most senior ministers, including Home Secretary Theresa May, possibly discovering events where government figures or British Royal Family members were expected to be in attendance.<em>Mirror</em> further reported that a ringleader of the alleged plot was killed by a drone strike.

Federal Court Lifts National Security Letter Gag Order 11 Years Later

Article continues:


Hacker Lexicon: A Guide to Ransomware, the Scary Hack That’s on the Rise – KIM ZETTER 09.17.15. . 4:08 PM


Ransomware is malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom, usually demanded in Bitcoin. The digital extortion racket is not new—it’s been around since about 2005, but attackers have greatly improved on the scheme with the development of ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.

TL;DR: Ransomware is malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom—usually demanded in Bitcoin. A popular and more insidious variation of this is ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.

And these days ransomware doesn’t just affect desktop machines or laptops; it also targets mobile phones. Last week news broke of a piece of ransomware in the wild masquerading as a porn app. The so-called Porn Droid app targets Android users and allows attackers to lock the phone and change its PIN number while demanding a $500 ransom from victims to regain access.

Earlier this year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims. The malware can infect you via a malicious email or website, or attackers can deliver it straight to your computer if they’ve already infected it with a backdoor through which they can enter.

The Ransom Business Is Booming

Just how lucrative is ransomware? Very. In 2012, Symantec gained access to a command-and-control server used by the CryptoDefense malware and got a glimpse of the hackers’ haul based on transactions for two Bitcoin addresses the attackers used to receive ransoms. Out of 5,700 computers infected with the malware in a single day, about three percent of victims appeared to shell out for the ransom. At an average of $200 per victim, Symantec estimated that the attackers hauled in at least $34,000 that day (.pdf). Extrapolating from this, they would have earned more than $394,000 in a month. And this was based on data from just one command server and two Bitcoin addresses; the attackers were likely using multiple servers and Bitcoin addresses for their operation.


Article continues: