Categories: SecurityWorkspace

Burning Bridges: Paunch Is Erased From Forums After His Arrest

“Mr. Soze rarely works with the same people for very long, and they never know who they’re working for. One cannot be betrayed if one has no people.” So says Kobayashi in The Usual Suspects. It’s an ethos that many in the cyber crime world carry with them, and the Internet facilitates this, making it simple to distance oneself from compromised contacts.

Hence the highly cautious reaction to the arrest of the person accused of being Paunch, creator of the Blackhole exploit kit, and its even more expensive sister product Cool.

‘Turmoil’ amongst Russian cyber crooks

“There was some turmoil in the Russian underground community about his arrest, and his user [ID] was banned from several forums, which suggests that the admins are aware of his arrest and are protecting themselves, their forums, and their communities,” one source working the forums tells me.

Locking Paunch out of forums will be vital if crooks want to avoid law enforcement. Police have proven themselves adept at getting hold of ID and login details of those they arrest – and then using them to pose as crooks.

Carl Leonard, security research manager at Websense, says he has seen forum posts being edited or taken down to remove any potentially incriminating evidence of contact with Paunch. Some websites related to Blackhole, like the service used to encrypt the exploit kit, have been shut down too.

“They’re trying to get some layer of abstraction between them and those who might be involved in criminal affairs,” Leonard adds.

Blackhole usage has taken a hit too. F-Secure’s Sean Sullivan told me the security firm has seen fewer Blackhole and Cool exploits across its customer upstream telemetry data.

Could Blackhole make a comeback? It all depends on whether anyone takes the torch and carries the code forward, maintaining it as well as Paunch did and ensuring the latest exploits are incorporated into the software. If someone steps up, there’s no reason it won’t be “market leader” again, given many are used to the tool, its attractive interface and comprehensive functionality.

What the reaction to the Paunch arrest shows, though, is that cyber crooks react quickly to protect themselves when big news hits to protect themselves. Backed by anonymising tools like the Tor Browser, this makes life for law enforcement particularly tricky, even if they claim to have ways of unmasking anyone on the underground forums.

Yet there is a key difference between the real and virtual worlds that may benefit law enforcement. Thanks to heavy monitoring of dark web forums, across police forces and industry partners, records are kept of past messages, so it’s possible to see where changes have been made, where the reaction to an arrest is strongest. In a world where Internet sleuths are constantly following trails of breadcrumbs, this kind of visibility allows for greater focus on particular markets. And that’s bad news for Paunch’s old allies.

How well do you know Internet security? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Intel ‘Playing Politics’ Over Delayed Ohio Chip Factory, Alleges Governor

Ohio Governor Mike DeWine alleges Intel's Ohio factory delay is a negotiating tactic, despite Pat…

1 hour ago

Steve Jobs Posthumously Awarded US Medal Of Freedom

President Joe Biden has named Apple co-founder and former CEO Steve Job, as a posthumous…

3 hours ago

Twitter Seeks Judicial Review Of Indian Takedown Order

Clash continues, Twitter court challenge against Indian government order to remove certain content it deems…

3 hours ago

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

22 hours ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

23 hours ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

1 day ago