Categories: SecurityWorkspace

Burning Bridges: Paunch Is Erased From Forums After His Arrest

“Mr. Soze rarely works with the same people for very long, and they never know who they’re working for. One cannot be betrayed if one has no people.” So says Kobayashi in The Usual Suspects. It’s an ethos that many in the cyber crime world carry with them, and the Internet facilitates this, making it simple to distance oneself from compromised contacts.

Hence the highly cautious reaction to the arrest of the person accused of being Paunch, creator of the Blackhole exploit kit, and its even more expensive sister product Cool.

‘Turmoil’ amongst Russian cyber crooks

“There was some turmoil in the Russian underground community about his arrest, and his user [ID] was banned from several forums, which suggests that the admins are aware of his arrest and are protecting themselves, their forums, and their communities,” one source working the forums tells me.

Locking Paunch out of forums will be vital if crooks want to avoid law enforcement. Police have proven themselves adept at getting hold of ID and login details of those they arrest – and then using them to pose as crooks.

Carl Leonard, security research manager at Websense, says he has seen forum posts being edited or taken down to remove any potentially incriminating evidence of contact with Paunch. Some websites related to Blackhole, like the crypt.am service used to encrypt the exploit kit, have been shut down too.

“They’re trying to get some layer of abstraction between them and those who might be involved in criminal affairs,” Leonard adds.

Blackhole usage has taken a hit too. F-Secure’s Sean Sullivan told me the security firm has seen fewer Blackhole and Cool exploits across its customer upstream telemetry data.

Could Blackhole make a comeback? It all depends on whether anyone takes the torch and carries the code forward, maintaining it as well as Paunch did and ensuring the latest exploits are incorporated into the software. If someone steps up, there’s no reason it won’t be “market leader” again, given many are used to the tool, its attractive interface and comprehensive functionality.

What the reaction to the Paunch arrest shows, though, is that cyber crooks react quickly to protect themselves when big news hits to protect themselves. Backed by anonymising tools like the Tor Browser, this makes life for law enforcement particularly tricky, even if they claim to have ways of unmasking anyone on the underground forums.

Yet there is a key difference between the real and virtual worlds that may benefit law enforcement. Thanks to heavy monitoring of dark web forums, across police forces and industry partners, records are kept of past messages, so it’s possible to see where changes have been made, where the reaction to an arrest is strongest. In a world where Internet sleuths are constantly following trails of breadcrumbs, this kind of visibility allows for greater focus on particular markets. And that’s bad news for Paunch’s old allies.

How well do you know Internet security? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Mark Zuckerberg Overtakes Bezos To Become Second-Richest Man

Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…

19 hours ago

US, Microsoft Disrupts Russian FSB Hackers

Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…

22 hours ago

Mike Lynch Died From Drowning, Coroner Inquest Rules

UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…

1 day ago

Tesla Recalls 27,000 Cybertrucks Over Rear Camera Issue

Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…

2 days ago

Browser Firms Press EU To Reconsider Microsoft Edge As Gatekeeper

Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage

2 days ago

Microsoft Invests €4.3 Billion In Italy For AI, Cloud

Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…

2 days ago