Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang
source link: https://krebsonsecurity.com/2021/06/justice-dept-claws-back-2-3m-paid-by-colonial-pipeline-to-ransomware-gang/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
The definition of choice is deciding between two or more options. Asserting Colonial Pipeline’s management chose an ill-equipped infrastructure stretches credulity. They may indeed be negligent, but neither you nor I know the facts. Damian, do you hold yourself to comparable standards? If burglarized and your property recovered by police. Would you decline its return because you inadvertently left a door unlocked?
JamminJ June 7, 2021It’s gotta go back to them. Could you imagine the shiitestorm if the. DOJ kept the money?
Mahhn June 8, 2021frankly I expect the doj to keep it. That’s what the court system does – strip money from people. they will come up with some reason, a fine for paying the fine most likely.
mealy June 8, 2021They committed a crime by paying it unless the FBI specifically authorized and ordered them to do it.
If they did so they can have it back. If not forget it.
-
security vet June 8, 2021
…it’s not illegal to pay…
…highly recommended not to, but’s not against the law…
-
security vet June 8, 2021
…there’s no law against paying…
…only wishful thinking…
-
mealy June 8, 2021
Try googling it beforehand maybe.
https://cisomag.eccouncil.org/paying-ransom-is-now-illegal-u-s-dept-of-treasury-warns/
-
Fed June 8, 2021
Treasury makes laws now?
-
phat June 8, 2021
“civilly liable”
The article is badly worded. It’s not “illegal”, it’s against regulations for which there is a civil penalty.-
Hm June 8, 2021
Thanks for confirming it’s illegal as stated in the treasury.gov memo.
Not all laws or regulations attach criminal penalties that much is true.-
JamminJ June 8, 2021
It’s not illegal at all. Not even civil penalties.
It might be, if Darkside was specifically designated as a sanctioned entity. They are not, as of today, sanctioned by OFAC.
There is no broad sanction that covers all ransomware crime. The US Treasury OFAC advisory, is a reminder, a bit of advice, that paying a ransom, MAY result in legal risk if it turns out the money went to a designated sanctioned entity. Russia is NOT sanctioned as a whole (like North Korea and Iran)… so OFAC has not made it illegal.
The headline you are believing is incorrectly interpreting the advisory as a scare tactic.-
mealy June 8, 2021
Credibility matchup : US Treasury memo > Your opine
https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf
If you wilfully pay a criminal organization a ransom, you are committing a crime whether prosecuted in the end or not. I don’t really need to further paraphrase their words to an argumentative egotist who refuses to read and then refuses to believe the words themselves have meaning, deferring entirely to their own repeated opine instead.
-
mealy June 8, 2021
Nobody paid “Russia” obviously, stop obfuscating jeez.
Break down and admit you were wrong, Treasury is not.
Whether 100% are prosecuted is not the determinant. -
JamminJ June 8, 2021
Nice try. But the Treasury OFAC advisory is on my side of the argument.
The memo actually Refutes your claim.North Korea, Syria, and Iran are examples of comprehensive country or region embargoes. But Russian is unfortunately not.
Nobody paid North Korea either…. but paying a ransom to Lazarus Group would violate OFAC sanctions. That’s the difference, Lazarus is listed and Darkside is not.The US Treasury cannot prosecute Colonial for paying a ransom, nor can the DOJ.
Your claim, “If you willfully pay a criminal organization a ransom, you are committing a crime whether prosecuted in the end or not.” is utterly false and delusional. There is no law that says this, even if we would all like it to be true. The US Treasury OFAC advisory doesn’t even apply here. Some headlines want to grab attention, and claim it applies to all ransomware, but it doesn’t. The criminal activity is not the deciding factor that would make OFAC applicable. The recipient of the funds MUST be listed on the SDN.
-
Farley June 8, 2021
J loves to listen to themselves argue and finds semantic faults of no consequence to the discussion.
Just acknowledge the ego issue and move on, no point trying to convince them the sky is blue either.
-
Totality of circumstances June 9, 2021
“MAY result in legal risk if it turns out the money went to a designated sanctioned entity” – you admit, yet don’t know who it went to nor the actual individuals (or sister orgs, backers) behind the operation. You know the word “Darkside” and that’s literally all you have at all to go on, yet assert it’s all you’d ever require to “prove” that paying a ransom is “not illegal” here when you don’t even actually know who was paid at all. It’s pretty entirely silly in distillate.
Nope. I wasn’t misinterpreting a headline. US DOT’s own words:
“Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations”*They don’t list ‘every possible’ legal risk, that would be absurd. Moving that kind of cash around in the situ of a corporate entity, state laws, tax law, there are actually a ton of ways that could trip up “legally” besides direct OFAC violation. That’s the example given because DOT directly control and are warning of it specifically in addition to other unspecified concerns beyond “merely” aiding and encouraging ransom attacks. That doesn’t mean there “are no other” legal concerns because they list OFAC as their go-to either. That’s your own unfounded, uncredentialed invention that it’s the sole and entire legal concern as a non-lawyer.
“This advisory describes these sanctions risks and provides information for contacting __relevant U.S. government agencies__,” (emphasis mine) “including OFAC, if there is a reason to believe the cyber actor demanding ransomware payment may be sanctioned or otherwise have a sanctions nexus.”
Like Iranian infrastructure or backers could add rather instantly,
or any other post facto trivial oversight/misconception you might make from a position of informational ignorance compared to the experts in those aforementioned agencies, admittedly or not.Not cooperating leaves risks intact and outside of their auspices. DOJ/FBI/UST is not going to sign off on illegal actions, can indemnify those they authorize and seal the whole thing off. It’s a no brainer, even for a pseudo-lawyer. Or at least it ought to be.
The group in question claims at the least to have operational ties in Iran, is a criminal group for obvious starters, so checking in depth required on that and other aspects (my suggestion was getting full cooperative signoff from as-mentioned __relevant US government agencies__ beyond merely as you claim typing “darkside” into your 1 search engine, then asserting “welp, that’s all that can be done there”)… it’s really a damn obvious suggestion before risking corporate millions and the eye of Treasury or even DOJ scrutiny in other aspects. Even for a pseudo-lawyer.
You claim “Darkside got away with their cut”, but you don’t really know that either. Another claim. We know the total recovered so far and publicly acknowledged in reporting is a large fraction of the total paid and the investigation is ongoing. If you wish to pick at my choice of “would” that might more correctly have been a “could” (while you are also simultaneously ignoring the conditional statement that was apparently met, they seem to have cooperated), that’s pseudo-pedantry on top. You weren’t trying to understand the point was far wider than your circumscribed legal assertion-sanbox.
You have not facilitated payments of multi-million dollar crypto ransoms to unknown individuals from a corporate entity outside of your direct personal control of assets, or you would understand it’s actually not legally trivial. You certainly don’t demonstrate that you understand any legal risks possible beyond the 1, and you seem to think that you can make them ALL go away here by typing “darkside” in an OFAC search and having nothing come up and thus assuming it’s “all legally good” on that single basis, in contravention with actually basic sound advice from DOT that you denote as “scaremongering.” What ridiculous puffery.
As if somehow yourself were a sole source of this contradictory legal “grand summary” (/s) despite (obviously!) not having any such credentials or real legal knowledge, credibility as a legal professional either juxtaposed with theirs or even by your own legally baseless assertions a la carte.
“This is proof that it’s not illegal to pay ransom, even in kidnapping situations.” – Purely wrong, & specifically as written. Legally.
law.cornell.edu/uscode/text/18/1202This is where pure-BS assertions get into trouble, playing lawyer. Real ones don’t tend to make that mistake, they’ll err on the other side, account for a range of unlikely possibilities. It’s their real (*actual, not purely for forum posterity) profession. So while you’ve got your single-item OFAC search “proof” (of very little if anything) and (prima facie false) assertions that “it’s not illegal to pay a ransom even in kidnapping” and such, is it any real wonder that you haven’t actually passed any state’s bar to give such “advice” from a proposed position of authority, (if anonymously online even,) lest of all yourself paid multi-million dollars of corporate assets to a criminal organization without a single identifiable legal concern you can acknowledge exists? Not really at all, from my perspective. Uninformed, lazy, unprofessional and egotistical lawyers (and also security pros) do obviously exist and thrive already so why shouldn’t self-confirming semantic nonsense ones like yourself pretend also?
What’s the worst that could happen with the tens of millions and corporate reputation trusted to someone so confidently unconcerned? You’ve searched the single keyword search, it’s all the “legal proof” you believe you require – and you’re the final arbiter, according to you. And what’s to stop you from assuming so? Nothing at all, certainly not an ACTUAL judge at any rate. Dept of Treasury is “scaremongers” the law is as far as you’re aware an entirely single-factor affair that you’re confident you can pretend to explain away sight-unseen, and you’ve left no stone unturned that you weren’t going to leave unturned anyway.
When you’ve convinced a Gregory or a Stuart anonymously online (despite their non-readership entirely) that you’ve exhausted all legal considerations without the burden of much if any formal training, what further accolades could you even seek to self-bestow? Skip straight to monarchy, no need to pretend to be a lawyer. You aren’t one.
-
JamminJ June 9, 2021
Dear single person with infinite user names…
TLDRIs this still your claim,
“If you wilfully pay a criminal organization a ransom, you are committing a crime”
??? -
Ah, soooo desu June 9, 2021
No doubt reading is hard (for legal professionals?) today.
Troll, snipe, claim, reduce to absurdium, TLDRun away.
#Lincoln-Douglas-Style-Trolling?(It took me ~4 minutes to write this as I sip coffee. Gee. No doubt your high-$ “lawyer’s” time is super valuable. /s)
But you couldn’t help yourself, you just had to revive it.
““If you wilfully pay a criminal organization a ransom, you are committing a crime” – Is going back to a 10x-since-amended initial statement I (still) can’t edit – after pretending to have not wasted your (entire) afternoon yesterday demanding pedantic explanations over and over (see below) that you weren’t actually looking to read or comprehend either, as you now pretend only yourself can add caveats or fill in details to your own slight over-statements after the fact, yet nobody else can.
“I will add a caveat.” – Oh, so you aren’t sticking to your claim that “If you hire a lawyer you get your $ back”? Gee.
I analyzed my statement as you demanded (20x) yesterday, today suddenly you can’t read. Cuteness, Esq.
That law school really paid off.I honestly don’t care if you do read it either – but an actual legal professional wouldn’t be deterred by ~30 seconds of text lol – yet it’s the absolute minimus of the job. They also don’t really need to waste time trolling nor intentionally misunderstand basic concepts semantically over and over for no other purpose than to use reductio ad absurdum (and obvious limbless strawmen “arguments”) to pretend not to be able to parse basic points – after demanding them all afternoon so derpetulantly.
Best of luck on the state Bar though, the world obviously needs more trolling half-a** pseudo-lawyers… Certainly uncredentialed legal advice is solid enough to wager millions and a huge company’s reputation on –
You’ve “never lost a case” no doubt lol. Good line, have it.
Put in in your pseudo-briefcase so you don’t forget it. -
[email protected] June 9, 2021
I do recall someone amending their own over-statement,
“But really, anyone who can afford an attorney, gets their money back.”Maybe we should ask if they intend to stick by that entirely too, especially after having seen them amend it already?
Or would that just be more pointless quasi-illiterate trolling. -
JamminJ June 9, 2021
Not at all, I was willing to caveat my statement “But really, anyone who can afford an attorney, gets their money back.”
with “most likely”. I wasn’t making a claim, just referencing that money does help in court.Are you willing to caveat your statement?
“If you wilfully pay a [foreign] criminal organization a ransom, you [may be] committing a crime [but no one has ever been charged yet]”. -
mealy June 9, 2021
“I wasn’t making a claim, just referencing that money does help in court.” – Claims were made in fact. It’s ok though, we’ve been over it already and I’m not trying to rehash.
Anyhow I don’t myself feel a need to reciprocally troll you ongoing for an overstatement after you’ve amended it already – much as I’ve already explained mine – so whether or not you’re asking seriously in earnest above (not) or just require the last word, let’s try to find a more constructive outlet for your ‘creative juices’ than playing pedant lawyer. It’s potentially a beautiful day to give half-a^^ed legal advice, but it’s also potentially a beautiful day to break that habit and grow a bit wiser instead of trolling. Seize it as you see most valuable.
-
JamminJ June 9, 2021
Fair enough. I am willing to meet you half way. I have previously amended what may have been perceived as a claim, with “most likely” which should clear up any perceptions that I was giving legal advice. (no comment in a blog, even from a lawyer, should be taken as legal advice).
Are you willing to meet me half way, and amend your claim?
Can you respond with,
> “If you wilfully pay a [foreign] criminal organization a ransom, you [may be] committing a crime [but no one has ever been charged yet]”? -
mealy June 9, 2021
No ‘one’ has been (publicly) fined or (publicly) sanctioned (yet?) under the ‘new’ (re)-directive by DoT, but such settlements could also be under seal and you’d have no way of knowing unless a direct party. This is plausible once you understand how many benign cases end up under court seal for various security and privacy concerns. UK’s Sec 17 of TA00 is a further example where if/whether it had been used noone publicly would even know outside of security clearances. Similarly US courts (and especially those sensitive agencies petitioning them) may have sealed away entire case types including settlements or triggered sanctions actions – We have no way of knowing that. Ockham’s razor perhaps, but also not.
This still doesn’t affect whether or not it’s ‘illegal’ under existing statutes/regs or if they could bring those publicly in the future. They could, they may yet be waiting for an particularly eggregious case to flesh out the policy in case law. They could also be doing that to ensure they don’t trip on ‘equal protection’ defenses given what’s already transpired without visible action, they’d have to open all of that up and look at it for comparison. You can probably see why all parties may want to avoid that.
Per the example of mine the issue was of cooperation vs. not cooperating w authorities, getting that sign-off to ensure that it would be legal, exculpatory. Not cooperating is a can of variables (in both directions) and risks additional reputational damage or possible further Federal financial scrutiny that companies wouldn’t want if avoidable. Many of those (newsmakers, anyhow) I’ve read about making ransom payments are cooperating to some degree but we don’t have statistics obviously, that’s not tabulated. The biggest ones certainly seem to have done that and I can’t find (any?) exceptions where they clearly avoided that, for pragmatic reasons or otherwise. Gov’t and certain public entities would be required under Federal law and those could easily be sealed by rote for years to decades because there’s no public 3rd party to object.
So yes it can be illegal, but you can all but avoid that entire realm of possibility by simply cooperating and in such a case as this perhaps even get a ransom back or aid law enforcement tracking them. From a defensive legal posture unless you have a good reason why cooperating is a bad idea or would open them up to a worse legal outcome, that seems like the easiest path. Perhaps a criminal organization masquerading as legitimate business, like say Tr**p organization, they might not want to but even that just invokes more scrutiny. So while this is WTL now and DR has already been invoked : It is potentially illegal, the issue is more complex than a single search box keyword is going to be necessarily illustrative or exculpatory of and those risking millions and millions of dollars (Billions, when it’s a pipeline) and their corporate/organizational reputations have (in my view at least) a straightforward decision to cooperate or incur an additional unknown risk they could easily avoid. Whether or not they’re ‘all’ or ‘none’ prosecuted privately or publicly is not the determinant of actual legality under Fed statute/regs. So we can scrape everything in plain view without a court seal, Federal agency seal, NDA or combination, but I’ve used up my 15 minute break +3 now and there’s not much more to do but wait and see how it plays out. Rehashed enough? It’s not black and white, it’s gray and maybe opaque, we’ll see – or perhaps ‘we’ won’t.
-
mealy June 9, 2021
I forgot to mention NSL possibilies also. Who knows what we don’t know yet.
-
JamminJ June 9, 2021
Are you seriously trying equivocate right now?
Is it really that hard to meet me half way? It’s starting to look like you are incapable of seeing the fault in anything you said.
–
Your claim is simple, and you have a chance to amend with a caveat. You accused me of having an ego, just because I have worked with this stuff before and probably know more.
But it seems like you are projecting your own ego and narcissism.
–
I have met you half way, and you can too. Make a statement that we can both agree on…
> “If you wilfully pay a [foreign] criminal organization a ransom, you [may be] committing a crime [but no one has ever been publicly charged yet]”?
–
Is there anything unreasonable or that you disagree with?
–
You said, “If you wilfully pay a criminal organization a ransom, you committing a crime”
But now you are saying we don’t know enough to say if this is true. But you said it was true.
–
You made a claim of fact, and now are saying we will never know the facts?
–
Do you still make this claim? -
Let's not, k? June 9, 2021
“You made a claim of fact” – As did you. You walked it back, I walked it all the way around the issue I still see to explain my rationale which was a more complex point, IMO. I’m pretty sure I met you half way at least explaining my rationale there for saying we don’t really know and that included the phraseology you wanted, AFAIK. Oh well.
You seem to need some kind of hard and fast conclusion culminating in a clear bright line, I think that’s probably unlikely as explained. Saying it’s “not illegal” seems to be what you want and nothing less. It’s less B&W than you seem to be willing to entertain even in thought, so… stay peeved if that appeals, I’m over it and not interested in re-re-explaining why US Treasury says it’s potentially illegal regardless of what you point to. I’ve explained my “would” should have been a “could” already. Take it, leave it, who cares? It changes nothing about the law ongoing.
Have a good one if you can, no seriously.
-
mealy June 9, 2021
Tell you what, let’s not rehash. It’s getting pretty pointless anyway now that BK is only allowing every 2nd or 3rd reply probably due to the length already used up debating known unknowns vs unknown unknowns. They say it’s illegal, we don’t know if they’ll enforce it or how, neither of us knows if they have and it’s been sealed to protect the entities or economy under NSL and there’s no way to find out but wait because it’s still a rather young policy directive. You want to catch me on a misstatement after I already amended it and forgave yours… it’s rather dull.
Have a great day if you can though.
-
JamminJ June 9, 2021
I seems like you take the act of amending previous statements that may be too broad or absolute, by adding a caveat like “most likely” … as a weakness.
That is why you attacked me as if you won some prize and caught me in a lie. My statement wasn’t a claim, it was a reply to Mahhn’s comment. You weren’t even on that thread, but injected yourself into the conversation, removed all context that would have shown that I wasn’t making a claim of fact… just so you can sound smart.
–
Since I am willing to clarify my comments for anyone reading without the context, to show I wasn’t making definitive statements claiming a fact, I amended with a caveat.
” That’s what the court system does strip money from people. they will come up with some reason, a fine for paying the fine most likely.”
“For poor people with a public defender, yeah there are many examples of such injustice. But really, anyone who can afford an attorney, gets their money back [most likely].”
–
Now, you have made an absolutists statement, a claim of fact, that you have failed to back up with evidence, but rather you doubled down, distracted, diverted, and tried to turn the burden of proof on me.
“If you wilfully pay a criminal organization a ransom, you are committing a crime”
And you still stubbornly want to avoid walking back or adding any caveats… why? For pride?
–
Narcissists like Trump are pathologically opposed to apologizing, admitting fault, or compromising. Narcissists think it makes them look weak. Further, they attack people when they do these common things.
What does a narcissist like you and Trump do when backed into a corner of lies? You double down, lean into the BS, and hope your confidence in your answer will prevail. -
Gregory June 9, 2021
DAAAAMMMMMNNNN!!
Dude not only did you lose this argument badly but jammin just danced around all of your diversions, ignored your million aliases, and obliterated you.
He reached into your soul and dove into your psychology and put it all on display for anyone watching.
Your tantrums were fun mealy, but this is better.
-
Gregory June 9, 2021
@JamminJ
Hats off to you sir, well played and very well done. You kept your cool while he went on an emotional rampage with fake accounts and bullying and projecting his own narcissism.
I’ve enjoyed this oh, probably a bit too much. Enjoy your win.
-
JamminJ June 9, 2021
It’s not about the win or lose, but I wanted to find common ground.
I don’t like bullies like mealy or Trump, and I really don’t like all the misinformation that spreads online. A lot of security professionals read KrebsOnSecurity. Not sure how many read the comments, but it was irresponsible to fearmonger and spread lies about the legality of corporate responses to ransomware.
We have to work together against this scourge of ransomware, and lies aren’t the path forward. -
mealy June 9, 2021
Suppose I wasn’t clearly enough disengaging? Hm, no..
If you can’t even admit US Treasury says it’s potentially illegal I can’t help you, but I didn’t make it up. Enjoy the rest of your… existence? I do tend to entirely doubt you’ll be paying many ransoms either way despite “claims” lol.
Ego and edgelording doesn’t help you win this “legally.”
I only wasted 1 minute this time, that’s my max for you now. Enjoy the respite, you’re still wrong, it’s still potentially illegal to pay an unknown entity a ransom says the Dept. of the Treasury as cited, and most folks would be real wise to consult the authorities beforehand. That’s all, you picked that nit all the way, nothing changed.
Get well soon. Try harder to have a good day, seriously.
Blowing it hard. -
Well beyond Grendel June 9, 2021
You’re all about verifiable info and certainly NOT pedantic trolling. Noted.
Let them (The US Treasury Dept. that put out the memo) know that it’s not illegal, who knows, see what they write back. Maybe they’ll rewrite their memo, who knows.
But I can’t, so do step off already. Have a great one.
-
JamminJ June 9, 2021
It seems like you take the act of amending previous statements that may be too broad or absolute, by adding a caveat like “most likely” … as a weakness.
That is why you attacked me as if you won some prize and caught me in a lie. My statement wasn’t a claim, it was a reply to Mahhn’s comment. You weren’t even on that thread, but injected yourself into the conversation, removed all context that would have shown that I wasn’t making a claim of fact… just so you can sound smart.
–
Since I am willing to clarify my comments for anyone reading without the context, to show I wasn’t making definitive statements claiming a fact, I amended with a caveat.
” That’s what the court system does strip money from people. they will come up with some reason, a fine for paying the fine most likely.”
“For poor people with a public defender, yeah there are many examples of such injustice. But really, anyone who can afford an attorney, gets their money back [most likely].”
–
Now, you have made an absolutists statement, a claim of fact, that you have failed to back up with evidence, but rather you doubled down, distracted, diverted, and tried to turn the burden of proof on me.
“If you wilfully pay a criminal organization a ransom, you are committing a crime”
And you still stubbornly want to avoid walking back or adding any caveats… why? For pride?
–
Narcissists like Trump are pathologically opposed to apologizing, admitting fault, or compromising. Narcissists think it makes them look weak. Further, they attack people when they do these common things.
What does a narcissist like you and Trump do when backed into a corner of lies? You double down, lean into the BS, and hope your confidence in your answer will prevail. -
Gregory June 9, 2021
@JamminJ
Hats off to you sir, well played and very well done. You kept your cool while he went on an emotional rampage with fake accounts and bullying and projecting his own narcissism.
I’ve enjoyed this oh, probably a bit too much. Enjoy your win.
-
mealy June 10, 2021
“Narcissists like Trump are pathologically opposed to apologizing, admitting fault, or compromising.”
Couldn’t have said it better, sorry for your loss, my fault no doubt. Anything I can do to help?
No? Ok. Get well soon.
-
mealy June 8, 2021
-
JamminJ June 8, 2021
-
Hm June 8, 2021
-
phat June 8, 2021
-
JamminJ June 8, 2021
Wow… that headline is completely false and misleading. CISOs beware.
For anyone who has worked in a financial institution… they know what OFAC is… and it’s been around for a while. This advisory is not law, it’s only a reminder.
The US Treasury can only enforce payments made to KNOWN entities that have been officially sanctioned by the US. So it would be illegal to send a ransomware payment if the ransom note said “pay to Hamas/Hezbollah/North Korean/etc”
There is no blanket sanction that would cover ALL cybercriminals. The sanctioned entity has to be listed by name. There is no “stretching” definitions that could possibly make ransomware payments illegal in a broad sense.
OFAC compliance is a big part of many US companies. But it simply cannot be done when the recipient of payment is anonymous. KYC cannot be done, and companies cannot be compelled to wait for an investigation and the payment recipient to be identified, before paying the ransom.
-
mealy June 8, 2021
Any criminal org in fact. So unless you were “ransomwared” by friendly prank…
https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf
Take it up with them if you want. That’s their own advisory, not a headline.
You aren’t convincing me that you can override policymakers with opine.
I am glad you at least googled it this time.-
JamminJ June 8, 2021
“They committed a crime by paying it unless the FBI specifically authorized and ordered them to do it.”
Your claim is completely unfounded. The OFAC advisory makes suggestions and recommendations. It’s a warning, but one without teeth.
Having done several OFAC compliance checks, it’s not hard to understand what this advisory does and does not do.You make an extraordinary claim, and you haven’t provided anything to back it up.
-
mealy June 8, 2021
I don’t much care what you believe or don’t personally.
Treasury says it’s illegal, you can dither as needed.-
JamminJ June 8, 2021
Treasury does not say it’s illegal.
It’s not a belief, it is English literacy. The ability to read a document. You didn’t read the document you posted, because it says the opposite of your claim.
-
reading June 8, 2021
The troll can go argue with Treasury instead.
Federal Gov 1, opinionated denialist 0. -
JamminJ June 8, 2021
For those of us who have to work with Treasury, there is no argument. OFAC is pretty clear, and easy to check.
The only one arguing against the US Treasury, is those who think they have created their own law which broadly makes all ransom payments illegal.
It is ignorant to post a link to a document that you don’t understand, to then claim it supports your wild claim. Although it is a bit funny, and sad.
-
mealy June 8, 2021
You’ve demonstrated zero knowledge or history of “working with the Treasury” so nice appeal to authority, but that’s not evidence of anything except your logical fallacy.
Read the memo or don’t, today is a work day for some.
Not you apparently. -
mealy June 8, 2021
The denialist can argue the point with Treasury’s memo author, apparently they need something to do.
-
Whatever lol derp June 8, 2021
Good luck arguing with the Treasury Dept on a work day.
The memo exists, some few can even read. *(YMMV.) -
JamminJ June 8, 2021
https://sanctionssearch.ofac.treas.gov/
Go look up Dark Side if your so sure
Your claim of, “They committed a crime” is without any evidence. The only thing you offer is proof AGAINST your claim.
Like the Trump cultists who say, “read the transcript”, but don’t read the actual transcript. You haven’t actually bolstered your argument… but rather think being first to hold up a paper is good enough.
-
concerned June 8, 2021
Mealy,
You should just quit bro cuz youre getting your ass handed to you. You made a wild statement and handed them the evidence to destroy your argument -
concerned June 8, 2021
Mealy,
You should just quit bro cuz youre getting your butt handed to you. You made a wild statement and handed them the evidence to destroy your argument -
Nope June 8, 2021
From Krebs previous article on subject :
“The DarkSide message includes passages apparently penned by a leader of the REvil ransomware-as-a-service platform. This is interesting because security experts have posited that many of DarkSide’s core members are closely tied to the REvil gang.”
Hence the question when you don’t know their ID.
And you don’t.
Basic stuff.
-
JamminJ June 8, 2021
-
mealy June 8, 2021
-
JamminJ June 8, 2021
The advisory does not say, “any criminal org”. Don’t make up statements.
OFAC has to Specifically Designate foreign Nationals by name. (SDN)
Hint: The “F” in OFAC stands for “foreign”. Not even all of Russia is sanctioned, like North Korea and Iran are designated.This means that it is impossible for a broad/blanket definition of “any criminal organization”.
When getting extorted by ransomware, it is always possible that the recipient isn’t foreign at all. So OFAC cannot even apply until AFTER the criminal has been identified.
That is why this OFAC advisory is not a law. It is advice.As of today, Darkside is NOT on the OFAC sanction list. So it’s not illegal to pay them a ransom.
-
JamminJ June 8, 2021
Lazarus Group, Evil Corp are both designated as sanctioned by OFAC.
There are also several individual cyber criminals sanctioned.
Also, those covered by comprehensive country or region embargoes (e.g., Cuba, the Crimea region of Ukraine, Iran, North Korea, and Syria).Darkside is currently NOT designated as sanctioned. This may change in the future, but it was legal for Colonial to pay a ransom last month.
Look it up for yourself… it’s easy.
https://sanctionssearch.ofac.treas.gov/-
Today is a work day. June 8, 2021
“Darkside” as so named is not an “entity” either way derp, just a recent public media monicker for a “dissolved” group of which you know nothing further. You have no idea which individuals or agencies on that list are related to that effort or malware campaign beyond what the media put out publicly nor do you know if Treasury/FBI/etc authorized the ransom as part of their snare, which they can surely do if they see fit. Somehow they didn’t ask you for permission and I doubt they’ll go to you for broad vague legal advice either lol.
-
QED June 8, 2021
So do you know anyone in the dissolved “Darkside” group then to search for their name or additional associations?
Nope.-
JamminJ June 8, 2021
You can search for Dark Side or Darkside. They are NOT sanctioned.
Just like the OFAC advisory says, you can just put in the group name such as Lazarus Group, Evil Corp, Bluenoroff and Andariel.All are group names, you don’t need individuals to sanction. But Darkside is not a sanctioned group. Maybe in the future they will be… but Colonial didn’t break any laws by paying a ransom since they aren’t currently sanctioned at the time of payment. Perhaps if it turns out that a listed international terrorist was a member of Darkside at the time of the payment, but that is a big maybe. It still would not make your claim of “any criminal org” being illegal to pay, true.
-
JamminJ June 8, 2021
-
mealy June 8, 2021
Name one person in the group that received payment, go on.
Oh, so you can’t. Ah well.-
JamminJ June 8, 2021
OFAC SDN can be a group/entity name, like Lazarus Group or Evil Corp.
It doesn’t need an individual name.If it isn’t on the list… then it’s not illegal to pay the ransom.
-
Dear Psuedo-Lawyer June 8, 2021
It’s not limited to a group/entity name.
You don’t know the names or any other associations of those paid in this case, you’re posting a search link as if a negative were somehow provable thus. Good thinking, lol. /s
-
Assistant Consul June 8, 2021
As a legal advisor to a financial institution, I have reviewed payment processing many times. I can confirm that it is not illegal unless the money makes its way to specific individuals or entities so designated by the US Treasury department.
OFAC was set up specifically to combat the sponsoring of terrorism. So most criminal activity is not even grounds to get put on such a list. -
Basics June 8, 2021
“specific individuals”
How many specific individuals can you name in said organization, for the point to be standalone?
More than zero? That’s a quick search isn’t it.
-
JamminJ June 8, 2021
-
From the Krebs himself June 8, 2021
“The DarkSide message includes passages apparently penned by a leader of the REvil ransomware-as-a-service platform. This is interesting because security experts have posited that many of DarkSide’s core members are closely tied to the REvil gang.”
Any reconsiderations, double down on clueless again?
You don’t know who they are, AND
you don’t know who they are not.It’s that simple, yet still more complex than your single-search suggestion criteria as if that were at all realistic for the purpose of vetting a multi-Billion dollar corporate move to pay criminals.
-
JamminJ June 9, 2021
Neither Darkside and REvil are sanctioned.
https://sanctionssearch.ofac.treas.gov/
–
In contrast, Lazurus Group and Evil Corp are both sanctioned, primarily because they are North Korean sponsored. -
Seriously now June 9, 2021
If you don’t know who you’re paying it can be anyone.
If you cooperate with authorities and they sign off,
you’re off the hook. It’s that simple.Potential not really known future risk vs ~0.
If you don’t cooperate you don’t get the ransom back.Problem? Simple solution! Or… don’t solve it? Whatever.
Get a job, this can’t be it.
-
JamminJ June 9, 2021
-
Today is a work day. June 8, 2021
-
JamminJ June 8, 2021
-
mealy June 8, 2021
-
Fed June 8, 2021
-
mealy June 8, 2021
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK