The Rockbit hackers also posted a sample document that appeared to have been stolen from the Fulton County court system before being removed last week, according to George Chidi, a Georgia-based reporter who wrote about the incident earlier this month. . Chidi reported seeing documents, including court files and sealed documents in specific cases, but none of them appeared to be related to the prosecution of Donald Trump.
Then, on Wednesday, hours before the deadline for Rockbit to pay the county's ransom was due, the breach countdown timer on Rockbit's website froze and added the line, “Timer has stopped.” By the promised time of 1:49 pm (UTC) on Thursday, the breach did not materialize. Instead, all references to Fulton County were removed from Rockbit's extortion threat site.
This mysterious disappearance leaves the pressing question of whether Fulton County paid Lockvit's ransom. Fulton County officials did not respond to multiple inquiries from WIRED about whether or how much they paid the hackers.
But it's equally possible that Lockbit is bluffing in some way, either because it doesn't have the goods to claim or because it's not ready to give up its extortion claims yet. be. Robert McArdle, a researcher who heads a research team specializing in cybercrime at the security firm Trend Micro and who also worked on law enforcement efforts against Rockbit, said the group's so-far-vacuous threat is more likely to be linked to organized crime than a bust-up. He says this is a sign that he was likely confused. I want to admit that.
“This appears to be further evidence of the difficulties Rockbit has faced since Operation Kronos occurred, and should be considered a sign that Rockbit is unable to reliably follow through on its statements,” McArdle said. To tell. All of the victims listed on the group's new dark website were compromised before Operation Kronos, and the group continues to blackmail them because “most evidence points to the exact opposite.'' “This is an attempt to pretend that everything is normal,” he said. ”
However, there are theories that Rockbit still has the court data and is looking to use it in other ways. “They usually don't lie about their victims because they care so much about their reputation,” Analyst1's DiMaggio said. He said the decision to drop the threat of a breach may have been a decision by “affiliate” hackers who partner with Rockbit to infiltrate victims like Fulton County, and may have different motives than Rockbit itself. He points out that he may have it.
If Fulton County documents end up in the hands of hackers, and if any of them are related to the Trump case, it could further complicate an already very confusing trial. The state's case has already been shaken by allegations that the prosecutor in the case, Fulton County District Attorney Fannie Willis, had an inappropriate relationship with another prosecutor involved in prosecuting Trump. , his defense argues that he needs to be removed from office. The leak of nonpublic documents in the case could further disrupt legal proceedings and the upcoming U.S. presidential election.
McArdle's Trend Micro said it is “watching with interest how the Fulton breach develops.” No doubt the same will be true of American politics, including one former president.
Additional reporting by Matt Burgess.
