FBI Asking for Ransomware Reports

In an FBI Public Service Announcement published today the Bureau is requesting that vicitims of ransomware report what hit them, the rootcause and even what they paid out in ransom.

NOTE: Please be advised that the FBI is not duty bound to protect your information and you should consider the effects to your company should the FBI choose to make that info public.

From the FBI PSA:

What to Report to Law Enforcement

The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center, at www.IC3.gov, with the following ransomware infection details (as applicable):

1. Date of Infection
2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
3. Victim Company Information (industry type, business size, etc.)
4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
5. Requested Ransom Amount
6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
7. Ransom Amount Paid (if any)
8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
9. Victim Impact Statement

This is a lot of data considering the massive amount of data already available from the Cyber Threat Alliance's study and subsequent analysis report of CryptoWall v3 less than a year ago and their live dashboard.

The FBI, Apple and privacy encryption: Why the FBI is putting pressure on Apple to hack a terrorist's iPhone

I've heard a lot of talk lately about why a federal agency would bother with a hardware and software vendor in the course of obtaining a known terrorists associates. Here's my analysis FWIW...

If you follow DOJ cases you'll notice a trend of late where in the course of establishing an air tight case judges are requesting very intimate details of how the FBI and others have come by their information. 

In one recent child porn ring case the FBI was asked to provide all Network Investigative Technique (NIT) methods including code for how they reverse engineered the dark web running on TOR to nail-down one site hosting over 80 percent of darkweb child porn called "PlayPen." But they didn't stop with taking down the site as in previous cases. Instead, they moved the site to their own data center and used it as click-bait to catch more bad guys.

Needless to say those methods and code will be entered into public record. The bad guys will patch the hole and the millions of dollars spent researching and developing said methods and code will be worthless.

Which brings us back to an iPhone and a shooter. My theory and that's really all it is at this point is this. The FBI doesn't really need Apple to crack the phone. Let's not fool ourselves into thinking the FBI and other federal agencies don't have the technical capability of cracking our personal devices. In fact the automatic update feature itself may be just that. Apple itself reports that the FBI has requested a "new version" of the OS that circumvents security features be installed on the phone. So rather  than take a gamble with revealing a high-value back door when the payoff is unknown the FBI is asking Apple to crack it for them. They don't want to show their cards yet.

Which brings us to how Apple will fight the Court order to hack the shooter's phone and Apple's 64-page response citing the unconstitutional nature of the order. Why is this case such a big deal? Why is seemingly everybody talking about it? In the grand scheme of things this case has the potential to have an incredibly profound impact on Constitutional law and will certainly shape the way we use technology and the privacy we (think) we enjoy in the years to come.

The case is slated to advance to a House Judiciary Committee for Encryption on March 1st.