Black Hat USA 2024: Breaking Bad for outlaws as police put fear of God into them


Cyber gangs are out of control. Sadly, very few of these crooks are likely to end up in handcuffs since they’re so good at playing hide-and-seek with law enforcement. However, it’s not all bad news.

Police are breathing down cybercriminals' necks, and they’re making sure they know it. The disruption of the notorious LockBit ring back in February was an unprecedented display of showmanship. Not only was the cartel penetrated to its very core, but law enforcement's very public approach to the bust was designed to humiliate the gang and cause them to lose their reputation in the underground world.

Chester Wisniewski, Director and global Field CTO at Sophos, whom we met at Black Hat USA 2024, is a huge supporter of disrupting cybercriminals’ trust networks.

“I think we're making a turn to the point that it's unrealistic in most of these cases to put people in jail,” he noted.

Wisniewski echoed what we heard earlier this week from another cybersecurity pro, Intel 471 Chief Intelligence Officer Michael DeBolt, who said that we need to impose higher costs on cybercrime.

Given that the underground world is “not unlike Fortune 500 companies,” meaning they build their operations on partnerships, trust, reputation, and other traditional business elements, Wisniewski reckons we need to go after that infrastructure.

Yes, a mastermind behind a certain ransomware ring might not be caught and might simply retool to continue operating. However, after public humiliation, that crook will have to work hard to rebuild the trust of other outlaws.

“Who wants to do business with this guy? If all his computers were just compromised, are you going to flock back and be a ransomware affiliate for LockBit? Do you trust? Do you trust them to launder the money? Or is all that information going to be handed over? Or maybe, maybe he's secretly an FBI puppet now,” Wisniewski speculated.

Public law enforcement stings send a strong message to cybercriminals that the police are watching and wonder who's going to be next.

As a result, threat actors are no longer trying to build big operations. Instead, they are branching down because they no longer trust each other and don’t want to attract unnecessary attention.

Small fish in the underground world, the so-called script kiddies, might not even notice the shift. However, Wisniewski hopes that the kingpins are worried.

“They're all looking in the rearview mirror wondering, like, am I next, and how much interaction did I have? Oh, I didn't directly work with LockBit. But one of their affiliates was one of our affiliates before, and maybe, his computer was compromised. You want them, you want to plant that doubt in their head,” he added.

Naturally, the more those gangs branch out, the more worried they are, the harder it becomes to monitor since they stop communicating on channels accessible to law enforcement.

“And if we put this fear of God into them, then they'll stop communicating there,” he noted.