The Breach Report: February 27, 2024

LockBit vows vengeance against FBI; Reddit is monetizing your data

Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.

LockBit Returns Despite International Takedown Effort

LockBit Returns Despite International Takedown Effort

LockBit is back. Don’t tell me you’re surprised.

The reports of LockBit’s death are greatly exaggerated. The cybercriminal ransomware group has re-emerged on the dark web with a new domain after restoring backups untouched by international law enforcement agencies. And now, they’re vowing vengeance against the FBI.

A remaining LockBit administrator blamed the group’s negligence and lack of opsec for being compromised.

The reborn LockBit is now targeting the government sector and agencies that attempted to bring it down in Operation Cronos.

The U.K.’s National Crime Agency was confident that LockBit had been dismantled with Operation Cronos. "Their systems have now been destroyed by the NCA, and it is our assessment that LockBit remains completely compromised,” the NCA said.

Authorities claim that the group’s lead administrator, LockBitSupp, is cooperating with law enforcement. The hope from law enforcement is that it sows distrust within the remaining ransomware gang, leading to more confusion and fracturing.

But, it isn’t going as well as the NCA or FBI probably hoped.

LockBit members speaking to The Hacker News stated that “they did not believe law enforcement know his/her/their identities” of the real LockBitSupp. LockBit itself has been through several iterations since the group’s founding in September 2019.

LockBit’s new onion address, accessible on Tor, was shared by vx-underground, a malware research website.

The rebirth of LockBit is not dissimilar from ALPHV, a ransomware group whose infrastructure was seized by the FBI last year. But it, too, recovered, operating from a new website and claims new victims daily.

Other ransomware groups such as Hive and Conti frequently rebrand and reform under new names and operating domains.

Reddit Is Monetizing Your Data in AI Data Licensing Agreements

Reddit Is Monetizing Your Data in AI Data Licensing Agreements

Just another example of “if the product is free, you are the product.”

Popular internet discourse forum and “frontpage of the internet” Reddit has agreed to license its user data for AI training purposes worth $60M a year, according to Bloomberg. The news comes as the company is preparing to issue an initial public offering (IPO) and seeks to capture as many diversified sources of revenue streams as possible.

Google is among one of the top tech companies that has agreed to use Reddit’s user content license specifically to train AI models.

Reddit, which was valued at $10 billion in a funding round in 2021, is seeking to sell about 10% of its shares in the offering, Reuters reported.

For years, tools and even data brokers have scraped the open internet for what is referred to as “open source intelligence” (OSINT), a legally questionable practice. Data scraping has also been used for creating massive datasets that can then be used to train AI models. Reddit is a treasure trove of data capturing popular public sentiment on topics such as politics, technology, investing, and popular culture.

But, scraping this data using Reddit APIs was extremely cost-prohibitive for the company, and they subsequently changed their terms of service and started charging for API use.

Now, Reddit is willing to agree to license user data it collects on its platform and sell it for training purposes to companies such as Google.

It’s unknown how the continued licensing of its user data will affect the public’s perception of the platform and willingness to remain active users. The company has even gone so far as to list its “r/WallStreetBets” subreddit as a liability in its IPO filing.

Cybersecurity Headlines

New from our favorite blogs and journalists:

Are you surprised LockBit returned to normal operations within days?

Login or Subscribe to participate in polls.

Until next time…

Rob Waters
Founder, The Breach Report + Cybersecurity Careers Blog

Join the conversation

or to participate.