HackerTrans
TopNewTrendsCommentsPastAskShowJobs

krebsonsecurity

no profile record

Submissions

Who runs the ransomware group 'The Gentlemen?'

krebsonsecurity.com
15 points·by krebsonsecurity·지난달·0 comments

comments

krebsonsecurity
·7개월 전·discuss
Sometimes just a little bit DNS research can yield a lot of useful results.

Looking at the passive DNS records for the domain chanceletikva.org shows it references the email address [email protected] email address is tied to multiple website registrations for a person by the name of David Margaliot, and also Shoshana Margaliot.

A search on this name in Domaintools finds the name David Margaliot tied to at least 25 domains, including ezri.org.il, which is a very odd site that features a huge image of a young child who is apparently in the hospital holding a gift wrapped box with a teddy bear. The site asks for donations but has a strange mission statement: Ezri Association promotes life-saving innovation through a surveillance drone project for emergency response teams, the establishment of an international medical knowledge database, along with other technological initiatives".

I'll probably continue the rest of this in a follow-up story.
krebsonsecurity
·2년 전·discuss
I interviewed some smart people about their research in story published today:

https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-...
krebsonsecurity
·2년 전·discuss
Thanks. I did update the story to reflect the apparent fix. I'm still trying to verify if this behavior remains in some form.
krebsonsecurity
·2년 전·discuss
This is the way. You don't have to protect what you don't collect. Mullvad is an excellent example of this. They don't even want you to pick a password, and they're fine if you just mail them cash as payment.
krebsonsecurity
·2년 전·discuss
Their earlier statement said they were aware of the CEO's history but were assured that part of his life was behind him. From that statement on March 15: “We were aware of the past affiliations with the entities named in the article and were assured they had ended prior to our work together,” the statement reads. “We’re now looking into this further. We will always put the privacy and security of our customers first and will provide updates as needed.”

https://krebsonsecurity.com/2024/03/ceo-of-data-privacy-comp...
krebsonsecurity
·2년 전·discuss
It's good to see others coming forward with what they know.

Previous discussion on this here: https://news.ycombinator.com/item?id=39709089

Original story: https://krebsonsecurity.com/2024/03/ceo-of-data-privacy-comp...
krebsonsecurity
·2년 전·discuss
Possibly useful info: A list of customer domains affected.

https://docs.google.com/spreadsheets/d/1wgKe1VrfNF8Afav1aJtM...

One caveat: This list should not be considered exhaustive or complete by any means. e.g. changing the URL slightly by incrementing or decrementing a number in the URL caused a slightly different set of customers to be listed. I didn’t have a chance to go through it all before they took it down (note to self: pillage BEFORE burning).
krebsonsecurity
·2년 전·discuss
The identity of the defendant has been doing this for many years and is one of the original members of the Com. The people in that scene sim-swapping artists for their music are those that have already made their stolen millions, and have long ago graduated from stealing usernames and gamertag handles.