Login
The use of unmanaged and IoT devices in enterprises is growing exponentially, and will account for 55.7 billion connected devices by the end of 2025. A critical concern is deploying IoT devices without requisite security controls.
While these numbers are numbing, their reality is undeniable. 90% of customers believe digitization has accelerated the importance placed upon security. The World Economic Forum now lists cybersecurity failure as a critical threat, and estimates a gap of more than 3 million security experts worldwide, hindering secure deployments at scale. Furthermore, 83% of IoT-based transactions happen over plaintext channels and not SSL, making them especially risky.
Securing an IoT device can be achieved either through securing the IoT device itself, or hardening the network it accesses. Securing devices can be cumbersome, requiring complex manufacturing partnerships and increasing unit prices, thereby reducing adoption. On the other hand, securing the network is always desirable as it helps secure access, encrypt traffic, and ease management.
Being a leader in both security and networking, Cisco continues to bring security closer to networking, providing the network with built-in security, and enabling the network to act both as sensor and as an enforcer. The convergence of security and networking leverages the network’s intelligence and visibility to enable more-informed decisions on policy and threats.
Cisco uniquely integrates security and networking, for instance we recently integrated Cisco Secure Firewall to operate on Cisco Catalyst 9000 Series switches. Additionally, Secure Firewall can be deployed in a containerized form, on-premises and in clouds. Cisco Secure Firewall classifies traffic and protects applications while stopping exploitation of vulnerable systems. Additionally, we offer Identity Services Engine with AI Endpoint Analytics to passively identify IoT devices and apply segmentation policies. Furthermore, Cisco offers management flexibility by integrating with Cisco Defense Orchestrator and DNA Center and with existing customer tools like SIEMs and XDRs.
Let’s look at three use cases where the addition of Secure Firewall capability on Catalyst 9000 Series switches solves real world problems:
Use case 1: Securing the Smart Building: This solution is ideal to secure smart buildings, converging various IoT systems into a single IT-managed network infrastructure. Smart buildings lower the operational and energy costs. Smarter building systems, however, pose serious security risks as these include so many unmanaged devices such as window shades, lighting, tailored HVAC, and more. One of the methods to secure smart buildings is to control access to avoid manipulation of sensors. Such control is attained with a networking switch with enhanced firewall capability. The firewall ensures granular segmentation, directing policies for traffic generated out of IoT devices, providing access to the right users. This integration also brings security closer to endpoints, making policy orchestration simpler.
Use Case 2: Centrally manage isolated IoT network clusters: IoT devices which communicate with each other in the same subnet typically cannot be routed, which is a challenge. By default, most IoT networks are configured in the same subnet, making it difficult to manage them centrally. Administrators are forced to physically connect to the IoT network to manage and collect telemetry. Furthermore, IoT vendors often charge hefty amounts to update IP addresses of devices. Cisco Secure Firewall, hosted on the Catalyst switch, solves this problem and not only inspects traffic from the IoT network but also translates duplicate IoT IP addresses to unique global IP addresses using NAT for centralized management of isolated IoT networks.
Use Case 3: Securely encrypt IoT traffic passing through a shared IT network: At airports, for example, multiple vendors manage unique systems such as baggage, air quality, biometric access control, etc, which share a common network. IoT traffic is usually in plain text, making it susceptible to packet sniffing, eavesdropping, man-in-the-middle attacks, and other such exploits. The IPSec capability on Cisco Secure Firewall encrypts IoT traffic, securing data transfer and reducing risk.
Cisco’s IoT initiatives join the once disconnected worlds of IT and IoT, unifying networking and security. For further details refer to the At-A Glance and see how and an Australian oil company, Ampol, fortified its retail IoT with Cisco Secure!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
I wish I'd read this blog post years ago.
I don't have any expertise whatsoever to be guiding others through this process so please don't look at this as a "how to". But what I do have is an audience, and I've found that each time I've opened up about the more personal aspects of my life and where I've struggled (such as my post a few years ago on dealing with stress), I've had a huge amount of feedback from people that have been helped by it.
Just read this. Hugely helpful to me going through the never ending stress of divorce. It had given me hope and focus. Thank you 🙏
— Ruth Cornish (@RuthACornish) March 16, 2022
Perhaps my willingness to talk openly about it has led to others coming to terms with their own similar circumstances, and that's my hope in writing this. Not to guide you through divorce, but to help you understand it.
Here's what I've learned.
This title is deliberately blunt, and I chose to run with it because it's one of the most important things I've learned throughout this process. Let me explain:
Nobody goes into a marriage expecting it to fail. You're marrying for life and when the day comes that you realise it's not going to happen, you feel like a failure. You also feel stigmatised; "I've not been able to deliver on the promise of my marriage, what will people think of me? What will my family think? My kids?" Now, I'm not religious in any way whatsoever but I'm conscious of the social expectation of marriage. I found it extremely difficult early on to talk to people about it outside my closest circle of friends, partly because I had difficulty simply finding the words to explain it and partly because to be honest, I was worried about being judged for having a failed marriage.
It took time to realise that people don't care or more specifically, they don't care about stigmatisation or judgement or most of the other emotional baggage you get caught up with. Friends care about you, of course, but the fact you've decided to dissolve a marriage really isn't their concern. Your wellbeing is their concern. Your happiness. Your children's happiness. The person caring most about the mechanics of divorce and leading separate lives was me, and that's something I had complete control over.
The exception to "nobody cares", in my experience, is family and others in your inner circle who hold onto that same stigma that dogged me early on. There may be traditional reasons for this, cultural reasons, religious reasons or just the simple sadness for a relationship that is no more. Family in particular can be complex, especially when there may be existing resentment, jealousy or as we've all experienced at one time or another, individuals who just revel in drama. They can be your greatest supporters or, if they prefer, antagonists. But that's their own emotional struggle to deal with, not yours, and a truly supportive inner circle will prioritise your wellbeing.
Where it really started to normalise for me was over the course of time as I learned how many other people had, themselves, gone through divorce. Sometimes it was much simpler happening earlier in life and without kids, but often it was much, much more complex, especially where there was financial distress or older children. Once I came to terms with the fact that the concept of a marriage falling apart is not the thing I should be worried about and I should instead focus on the logistics of the various practical challenges that presents, I became a lot more comfortable with the situation and frankly, a lot happier.
Someone I spoke with recently was married to an abusive drunk. They knew the relationship was over when they found themselves thinking how easy it would be to push their inebriated spouse down the stairs.
A friend confided in me about how their partner had physically assaulted them since the birth of their child. The kid was about to enter adulthood.
Another friend explained recently how it wasn't until their wedding night they acknowledged they were gay.
Not all stories are as dramatic; one friend is happily married with two children of their own and two their partner had in a previous marriage. Another divorced young and now lives happily with their new partner, the child they had together, their partner's ex and the child they'd had previously.
I've deliberately used gender-neutral pronouns here; it surprised me how often personal stories didn't align to the stereotypical norms of male and female behaviours. Especially in cases where there has been mental illness, alcohol dependency or drug addiction, you realise just how unique everyone's own journey is and how even though your own may feel exceptional, it's probably not.
I mention this here because as my life started to settle down, that headline kept coming back up - "everyone has their own story". As time went by and I met new people and heard new stories, it would come up over and over again in my mind. It helped me normalise my own circumstances and overcome the stigma I'd felt so much in the early days.
It's tricky when there's mutual friends, common contacts in social circles, other parents at school and all sorts of scenarios where you're going to be spending time with the same people your ex is. Whose side do they take? Who are they sympathetic to? Angry towards?
There's a temptation to inject your own views into discussions with these people but frankly, the chances of doing that in a balanced fashion in the midst of the most emotional period of your life are zilch. I know when I think back to conversations with friends who've gone through similar trauma in their own lives, I'm acutely aware that as much as I want to be there to support them, I'm only hearing half the story. One friend in particular I've spent a lot of time with is convinced their ex is actively turning their kids against them and they may very well be right, but I only hear one side of the story. Another was concerned their child had been abused whilst in their ex's care and again, I've only heard one story. But to my earlier headline, I don't care because I'm not listening to their stories so that I can play judge, I'm listening to help them get it off their chest and deal with their emotions.
What I found over the course of years was that when it comes to mutual friends, it was preferable to simply not discuss the ex. It might come up organically (which parent will the kids be with when a friend wants a play date, for example), but that's a discussion that can be had in a pure mechanical fashion without emotion. It's harder when more pointed questions are asked - "How's it going with the divorce?" - and candid, honest responses aren't always compatible with the goal of remaining neutral. Interestingly, I found that people judged bitterness towards the other party quite harshly, especially where they viewed behaviour as derogatory. "Why can't they just get over it and move on", I'd keep hearing. It feels almost trite to put it this way, but people respond well to positivity and just getting on with life, but judge negativity and bitterness quite harshly.
Giving people time and space to observe without feeling like someone is trying to influence their views is invaluable and, in my experience, led to much more support.
During the good days of my marriage, I knew my wife wanted the best for me as I did for her. After all, that's the bedrock of a relationship: that you're there to support each other and wish for nothing other than their happiness. Divorce changes that and in many cases, inverts that bedrock yet somehow your brain is still wired to want the best for them and in turn, to expect that they want the best for you.
During the divorce process, there was constant strategising about how to move matters forward and drive the formal things to a conclusion and time and time again, I'd talk to my lawyer and say "she's telling me she'd like [blah]". In this context, [blah] was normally something that had the optics of good intentions, often motherhood statements such as "desirous of an amicable outcome" or words like "fair", "kind" and "considerate". Who wouldn't want these things?! These things are all great! At one stage I relayed this messaging to him after which he paused, and then asked a very simple question:
What do her actions tell you?
Uh... something different. Opposite.
It was the "be kind" of misdirection where someone says words you naturally support (of course we all should be kind!) yet demonstrate actions to the contrary. Do you judge them on the words? Or the actions? Of course it should be the latter, but that realisation only comes once you recognise that the two don't always align.
The problem is the aforementioned brain wiring where you're conditioned to expect the other party to want the best for you and to take them at their word. It's hard to let go of the fact that your wellbeing is no longer their first priority and frankly, the inverse is also true. But that doesn't change the intention being represented so we need to move beyond judging on words and start judging on behaviour. I later heard this same sentiment expressed in a more eloquent way:
Characterise people by their actions and you will never be fooled by their words
This was another epiphany for me, and it fundamentally changed the way I viewed the situation. If I'm honest, it gave me a lot more clarity of mind; it forced me to let go of many of the emotions surrounding the divorce and instead just focus on the facts. The motherhood statements and platitudes no longer mattered, all that mattered was actions.
I read a lot to try and help me understand what was going on, particularly in the earlier days of separation. One piece I read really resonated as it helped explain how two people who were once so close can now be on totally different wavelengths and have different versions of the same events. The piece I read was about the Rashomon Effect:
The effect is named after Akira Kurosawa's 1950 film Rashomon, in which a murder is described in four contradictory ways by four witnesses. The term addresses the motives, mechanism, and occurrences of the reporting on the circumstance and addresses contested interpretations of events, the existence of disagreements regarding the evidence of events, and subjectivity versus objectivity in human perception, memory, and reporting.
Same event, different perceptions of what happened. The Rashomon Effect doesn't help explain what actually happened, rather it describes how people in a highly emotional, life-changing time of their lives can have fundamentally different views of the same circumstances. This might sound kind of clinical and detached, but it helped explain behaviour that I simply couldn't rationalise before. Recognising that people can have different perceptions of the same events that led to the separation helped me deal with the grief. But probably about a year after separating, I had an epiphany that really helped me move forward: the root cause didn't matter anyway.
It's only natural to seek out answers and, indeed, to apportion blame. I've done it, others in similar situations I've spoken to have done it and should you ever find yourself in the same place as me, you'll do it too. It's not always just blame with the other party either and I suspect there's rarely a divorce where all the fault lies purely on one side.
I found all the reasons in the world to explain why this had happened. Recent incidents, things related to money, to work, to kids and even signs that I should have picked up on right from day one of the relationship. I'm sure she did the same. But ultimately, it's inconsequential and my pinning the blame on particular things was making no difference whatsoever.
Legally, it doesn't matter either. In Australia (and in many other parts of the world), we've had the concept of No Fault Divorce since 1975. The court doesn't care who did this or who didn't do that, all they care about is that there's an irretrievable breakdown of the relationship and that either one or both of you wants the marriage annulled. That is all.
In playing back all the events over all the years, I was just reliving bad memories. It was making me angry, regretful, emotional. I wasn't longing for reconciliation and as I moved forward in my own life, I wasn't even wishing things were back where they were years ago. I was seeking answers where I wasn't going to find them, and they wouldn't change a thing today even if I did.
Stop dwelling on it and move on. I can't say I always do that, but the more I've just put my head down, looked to the future and powered forward, the better things got.
Telling the kids was the worst. In the hours beforehand, I was a mess. Inconsolable. I felt that stigma I mentioned earlier coming over me in waves as we prepared to tell our children we were breaking up the family.
Their mother was the one who told them as we all sat down together. It was pretty short and to the point, effectively boiling down to us having mutually decided to lead separate lives. The bomb was dropped, then she finished by prompting the kids for any questions they'd like to ask us. They paused, then our 9-year old son spoke up:
Can we have pizza for dinner tonight?
I smile thinking about that even now 🙂 It was a relief valve at an enormously stressful time not just because it was kinda funny given the gravitas of the news they'd just heard, but because it demonstrated that just as with the observations above about friends not caring, the kids didn't care either. They cared about being loved, supported, having their parents' attention and really, just fundamental Maslow's hierarchy of needs sort of stuff. They didn't understand the social concept of marriage, they weren't aware of the stigma I felt and frankly, if it didn't have any actual impact on their lives in any meaningful sort of way, they didn't care.
In later reading I'd learn that as far as divorces and kids go, this is the ideal time to do it. Were they to be much older (our daughter was 6 at the time), things would be harder as they became more independently minded and more aware of the social issues surrounding a marriage breakdown. But at this age and in an environment that was still civil at the time, both the news on that day and everything else I've observed in the years since has been entirely unnoteworthy.
But I also don't want to trivialise the situation with kids as I've seen things work very differently for other people, especially when teenagers are involved. I can only relay my own experiences here and acknowledge that I've been extraordinarily fortunate. Part of that good fortune has been luck due to the timing of our separation, their age and their personalities, and part of it has been good management on our behalf as parents.
What I've found most difficult to navigate is loyalty binds:
A loyalty bind in divorce is where the child does not feel allowed to love both parents. He has to side with one or the other about any number of issues, big and small. His anger, sadness, and anxiety increases as he feels pushed to choose and either choice results in the loss, or fear of loss, of the other parent. He can’t win.
When you've got two people who've decided to wind up a relationship, there's going to be flashpoints. Disagreements. Possibly legal battles. You're both angry, both convinced you're right and sometimes, certain that the other party is the devil. Now, imagine amidst the heights of that frustration a parent gives the kids some pretty unfiltered opinions about the other party - how do the kids react? Angry towards the parent being spoken harshly of due to the things they've allegedly done? Or defensive of that parent as they watch the other one unleashing on them? He can't win!
I've found this to be an extremely delicate area to navigate for two reasons:
Firstly, I've had to make sure that no matter how I've felt about the situation, I avoid negativity towards the ex in front of the kids to the fullest extent possible. Sometimes that's easy insofar as there are many discussions that simply don't need to be had with the kids (it's much better to vent to close friends and family), but other times it can be extremely difficult if it's a topic that directly impacts them (e.g., their movements over school holidays). But that burden is on us - the adults - and it's one the kids shouldn't have to bear.
Secondly, there's dealing with times where the other parent puts the kids in the very position you're trying so hard to avoid. Particularly when derogatory messaging comes home in ways that could only have come from the other party, you're left feeling defensive and wanting to set them straight with your version of the record, but now you're back at the loyalty bind problem. It's not always explicitly derogatory behaviour that creates that loyalty bind either, it can be something as minor as being emotional when the kids mention the other party or particular activities they've been involved in; "every time I talk about [thing], it makes [mum|dad] upset".
In dealing with the latter situation, I sought support from a family counsellor who gave me an example from another client that epitomises everything that is wrong with creating loyalty binds. A lady had attended with her 6-year old daughter and during the session, received a call from her lawyer related to matrimonial matters. After hanging up, she burst into tears and in an attempt to calm her, the daughter put her arms around the mother and said, "that's ok mum, I hate dad too". That story is just heartbreaking and even though it may not have been the mother's intention, her reaction drove a wedge between a child and their parent. That's a hard one but again, we're the adults, it's our responsibility to manage our emotions around these situations.
I keep coming back to what is ultimately a very simple premise: putting the kids in a situation where it creates a loyalty bind is a selfish act that prioritises your emotions over the kids' wellbeing. Whether it's deliberate or accidental, it must be avoided to the fullest extent possible.
I originally started seeing a psychologist to help me deal with stress and sustain my performance when I felt everything was getting too much for me. It quickly became clear that the bulk of my stress wasn't due to my workload, it was due to my relationship. This is where psychologists can make a big difference - cutting through the emotion and getting to the core of what's eating you.
So, I started seeing Clive. He wasn't the first psych I'd seen, but he was the first one that really resonated with me, so I made appointments to see him every couple of weeks. We'd spend an hour each time going through recent events, how they made me feel and how I'd deal with them moving forward. He made an enormously positive difference not just in terms of understanding my own emotions, but reframing situations to reduce the unnecessary stress I was feeling.
Here's a perfect example: I'd often worry about things that were really of very little consequence but would bug the hell out of me. They'd come through an email, via the kids or in a lawyer's letter. On one occasion, I unloaded the whole lot onto Clive after which he sat thoughtfully, then suggested the following:
Think of her as a drunk person in a pub throwing punches at you. It's demanding your attention, but nothing is connecting and eventually she'll tire out or sober up.
I loved that and ever since that session, I've become much more adept at separating the things that actually require my emotional input from the drunk punches.
The other exceptionally helpful guidance he gave came during a protracted legal stoush that felt like it had no end in sight:
Me: "This feels like it will never end"
Clive: "Do you know what to do next?"
Me: "Yes, I'm going to do [legal thing] then [other legal thing] then if that doesn't work, [alternating legal thing]."
Clive: "Then just follow the process."
Follow the process. Time and time again, I'd sit on the couch, pour out my heart and we'd come back again to simply following the process. Divorce paperwork - follow the process. Parenting orders - follow the process. Financial settlement - follow the process. At their essence, they were merely business deals and negotiations, they just happened to be wrapped up in multiple layers of emotions.
In a later session, there was one addition to this guidance; follow the process and sustain performance. You can't let the process sap you of energy such that you're unable to perform. You can't let it mentally or emotionally drain you, distract you from life's essentials or keep you from reaching the goal. This was the high-performance coaching I was seeking out in the first place, and it was more relevant at this juncture than ever before.
That's not to say that following the process is simple, it certainly wasn't for me, and those layers of emotions would regularly impede progress. Clive would often break it down into psychological behaviours he'd plot out on the whiteboard:
I'd rarely take notes, but I'd take photos. I'd go back through them later on in an attempt to make sense of it all. Professional help made an enormously positive difference; it helped me process everything going on in my life, understand it more objectively and ultimately, lead a happier life. Speaking of which...
Every person I spoke to who'd been through divorce and "emerged on the other side" told me the same thing - it gets better. Clive told me that from day 1, pointing out that there's a very predictable cycle we all go through:
This maps pretty closely to your classic Kübler-Ross 5 stages of grief and we recognised that I was somewhere around the righthand side of the whiteboard. It's not always movement in the one direction, indeed I was oscillating back and forth around "understanding of new normal", sometimes a couple of steps backwards towards "anger", but increasingly towards "engaging and embracing new normal". And my new normal was starting to look pretty damn good:
Let’s face it. Everyone who’s as slick as Troy and done as much for the sec community deserves a girl that fine!😂 #yesG
— .b (@dot_b) June 4, 2021
I love this comment, not because I alone somehow deserve romantic happiness, but because we all do. To inject further optimism into the end of this post, upon reflection, every single story I relayed above about friends who have gone through their own divorce struggles has resulted in new partners, new lives and new happiness. Every. Single. One. Charlotte and I got engaged on New Year's Day two years ago and married in September. Life has never been better 😊
Sometimes, life feels like a fairytale. This is now my favourite photo ever ❤️ pic.twitter.com/lspKwVVSly
— Troy Hunt (@troyhunt) December 9, 2022
One final note on this, a quote from Lao Tzu:
If you are depressed you are living in the past.
If you are anxious you are living in the future.
If you are at peace you are living in the present.
There are still "drunk punches" and occasional anxious moments, but they're increasingly fleeting and I'm at peace. I hope this post has been helpful and if you recognise yourself in this, that you reach this stage of the process quickly and peacefully.
s3-ep100-js-1200
You’ve probably never heard of “16Shop,” but there’s a good chance someone using it has tried to phish you.
A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com.
The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old proprietor and one of his alleged facilitators, and that a third suspect was apprehended in Japan.
The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries. Given how long 16Shop has been around and how many paying customers it enjoyed over the years, that number is almost certainly highly conservative.
Also, the sale of “hacking tools” doesn’t quite capture what 16Shop was all about: It was a fully automated phishing platform that gave its thousands of customers a series of brand-specific phishing kits to use, and provided the domain names needed to host the phishing pages and receive any stolen credentials.
Security experts investigating 16Shop found the service used an application programming interface (API) to manage its users, an innovation that allowed its proprietors to shut off access to customers who failed to pay a monthly fee, or for those attempting to copy or pirate the phishing kit.
16Shop also localized phishing pages in multiple languages, and the service would display relevant phishing content depending on the victim’s geolocation.
Various 16Shop lures for Apple users in different languages. Image: Akamai.
For example, in 2019 McAfee found that for targets in Japan, the 16Shop kit would also collect Web ID and Card Password, while US victims will be asked for their Social Security Number.
“Depending on location, 16Shop will also collect ID numbers (including Civil ID, National ID, and Citizen ID), passport numbers, social insurance numbers, sort codes, and credit limits,” McAfee wrote.
In addition, 16Shop employed various tricks to help its users’ phishing pages stay off the radar of security firms, including a local “blacklist” of Internet addresses tied to security companies, and a feature that allowed users to block entire Internet address ranges from accessing phishing pages.
The INTERPOL announcement does not name any of the suspects arrested in connection with the 16Shop investigation. However, a number of security firms — including Akamai, McAfee and ZeroFox, previously connected the service to a young Indonesian man named Riswanda Noor Saputra, who sold 16Shop under the hacker handle “Devilscream.”
According to the Indonesian security blog Cyberthreat.id, Saputra admitted being the administrator of 16Shop, but told the publication he handed the project off to others by early 2020.
16Shop documentation instructing operators on how to deploy the kit. Image: ZeroFox.
Nevertheless, Cyberthreat reported that Devilscream was arrested by Indonesian police in late 2021 as part of a collaboration between INTERPOL and the U.S. Federal Bureau of Investigation (FBI). Still, researchers who tracked 16Shop since its inception say Devilscream was not the original proprietor of the phishing platform, and he may not be the last.
It is not uncommon for cybercriminals to accidentally infect their own machines with password-stealing malware, and that is exactly what seems to have happened with one of the more recent administrators of 16Shop.
Constella Intelligence, a data breach and threat actor research platform, now allows users to cross-reference popular cybercrime websites and denizens of these forums with inadvertent malware infections by information-stealing trojans. A search in Constella on 16Shop’s domain name shows that in mid-2022, a key administrator of the phishing service infected their Microsoft Windows desktop computer with the Redline information stealer trojan — apparently by downloading a cracked (and secretly backdoored) copy of Adobe Photoshop.
Redline infections steal gobs of data from the victim machine, including a list of recent downloads, stored passwords and authentication cookies, as well as browser bookmarks and auto-fill data. Those records indicate the 16Shop admin used the nicknames “Rudi” and “Rizki/Rizky,” and maintained several Facebook profiles under these monikers.
It appears this user’s full name (or at least part of it) is Rizky Mauluna Sidik, and they are from Bandung in West Java, Indonesia. One of this user’s Facebook pages says Rizky is the chief executive officer and founder of an entity called BandungXploiter, whose Facebook page indicates it is a group focused mainly on hacking and defacing websites.
A LinkedIn profile for Rizky says he is a backend Web developer in Bandung who earned a bachelor’s degree in information technology in 2020. Mr. Rizky did not respond to requests for comment.
The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as “Internet Swiping” and “Million Dollar Criminal” earning millions of views, Punchmade has leveraged his considerable following to peddle tutorials on how to commit financial crimes online. But until recently, there wasn’t much to support a conclusion that Punchmade was actually doing the cybercrime things he promotes in his songs.
Images from Punchmade Dev’s Twitter/X account show him displaying bags of cash and wearing a functional diamond-crusted payment card skimmer.
Punchmade Dev’s most controversial mix — a rap called “Wire Fraud Tutorial” — was taken down by Youtube last summer for violating the site’s rules. Punchmade shared on social media that the video’s removal was prompted by YouTube receiving a legal process request from law enforcement officials.
The 24-year-old rapper told reporters he wasn’t instructing people how to conduct wire fraud, but instead informing his fans on how to avoid being victims of wire fraud. However, this is difficult to discern from listening to the song, which sounds very much like a step-by-step tutorial on how to commit wire fraud.
“Listen up, I’m finna show y’all how to hit a bank,” Wire Fraud Tutorial begins. “Just pay attention, this is a quick way to jug in any state. First you wanna get a bank log from a trusted site. Do your research because the information must be right.”
And even though we’re talking about an individual who regularly appears in videos wearing a half-million dollars worth of custom jewelry draped around his arm and neck (including the functional diamond-encrusted payment card skimming device pictured above), there’s never been much evidence that Punchmade was actually involved in committing cybercrimes himself. Even his most vocal critics acknowledged that the whole persona could just be savvy marketing.
That changed recently when Punchmade’s various video and social media accounts began promoting a new web shop that is selling stolen payment cards and identity data, as well as hacked financial accounts and software for producing counterfeit checks.
Punchmade Dev’s shop.
The official Punchmadedev account on Instagram links to many of the aforementioned rap videos and tutorials on cybercriming, as well as to Punchmadedev’s other profiles and websites. Among them is mainpage[.]me/punchmade, which includes the following information for “Punchmade Empire ®”
-212,961 subscribers
#1 source on Telegram
Contact: @whopunchmade
24/7 shop: https://punchmade[.]atshop[.]io
Visiting that @whopunchmade Telegram channel shows this user is promoting punchmade[.]atshop[.]io, which is currently selling hacked bank accounts and payment cards with high balances.
Clicking “purchase” on the C@sh App offering, for example, shows that for $80 the buyer will receive logins to Cash App accounts with balances between $3,000 and $5,000. “If you buy this item you’ll get my full support on discord/telegram if there is a problem!,” the site promises. Purchases can be made in cryptocurrencies, and checking out prompts one to continue payment at Coinbase.com.
Another item for sale, “Fullz + Linkable CC,” promises “ID Front + Back, SSN with 700+ Credit Score, and Linkable CC” or credit card. That also can be had for $80 in crypto.
Punchmade has fashioned his public persona around a collection of custom-made, diamond-covered necklaces that are as outlandish and gaudy as they are revelatory. My favorite shot from one of Punchmade’s videos features at least three of these monstrosities: One appears to be a boring old diamond and gold covered bitcoin, but the other two necklaces tell us something about where Punchmade is from:
Notice the University of Kentucky logo, and the Lexington, Ky skyline.
One of them includes the logo and mascot of the University of Kentucky. The other, an enormous diamond studded skyline, appears to have been designed based on the skyline in Lexington, Ky:
The “About” page on Punchmade Dev’s Spotify profile describes him as “an American artist, rapper, musician, producer, director, entrepreneur, actor and investor.” “Punchmade Dev is best known for his creative ways to use technology, video gaming, and social media to build a fan base,” the profile continues.
The profile explains that he launched his own record label in 2021 called Punchmade Records, where he produces his own instrumentals and edits his own music videos.
A search on companies that include the name “punchmade” at the website of the Kentucky Secretary of State brings up just one record: OBN Group LLC, in Lexington, Ky. This November 2021 record includes a Certificate of Assumed Name, which shows that Punchmade LLC is the assumed name of OBN Group LLC.
The president of OBN Group LLC is listed as Devon Turner. A search on the Secretary of State website for other businesses tied to Devon Turner reveals just one other record: A now-defunct entity called DevTakeFlightBeats Inc.
The breach tracking service Constella Intelligence finds that Devon Turner from Lexington, Ky. used the email address obndevpayments@gmail.com. A lookup on this email at DomainTools.com shows it was used to register the domain foreverpunchmade[.]com, which is registered to a Devon Turner in Lexington, Ky. A copy of this site at archive.org indicates it once sold Punchmade Dev-branded t-shirts and other merchandise.
Mr. Turner did not respond to multiple requests for comment.
Searching online for Devon Turner and “Punchmade” brings up a video from @brainjuiceofficial, a YouTube channel that focuses on social media celebrities. @Brainjuiceofficial says Turner was born in October 2000, the oldest child of a single mother of five whose husband was not in the picture.
Devon Turner, a.k.a. “Punchmade Dev,” in an undated photo.
The video says the six-foot five Turner played basketball, track and football in high school, but that he gradually became obsessed with playing the video game NBA 2K17 and building a following of people watching him play the game competitively online.
According to this brief documentary, Turner previously streamed his NBA 2K17 videos on a YouTube channel called DevTakeFlight, although he originally went by the nickname OBN Dev.
“Things may eventually catch up to Devon if he isn’t careful,” @Brainjuiceofficial observed, noting that Turner has been shot at before, and also robbed at an ATM while flexing a bunch of cash for a picture and wearing $500k in jewelry. “Although you have a lot of people that are into what you do, there are a lot of people waiting for you to slip up.”
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit’s leader “LockBitSupp” claims the feds named the wrong guy, saying the charges don’t explain how they connected him to Khoroshev. This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.
Dmitry Yuryevich Khoroshev. Image: treasury.gov.
On May 7, the U.S. Department of Justice indicted Khoroshev on 26 criminal counts, including extortion, wire fraud, and conspiracy. The government alleges Khoroshev created, sold and used the LockBit ransomware strain to personally extort more than $100 million from hundreds of victim organizations, and that LockBit as a group extorted roughly half a billion dollars over four years.
Federal investigators say Khoroshev ran LockBit as a “ransomware-as-a-service” operation, wherein he kept 20 percent of any ransom amount paid by a victim organization infected with his code, with the remaining 80 percent of the payment going to LockBit affiliates responsible for spreading the malware.
Financial sanctions levied against Khoroshev by the U.S. Department of the Treasury listed his known email and street address (in Voronezh, in southwest Russia), passport number, and even his tax ID number (hello, Russian tax authorities). The Treasury filing says Khoroshev used the emails sitedev5@yandex.ru, and khoroshev1@icloud.com.
According to DomainTools.com, the address sitedev5@yandex.ru was used to register at least six domains, including a Russian business registered in Khoroshev’s name called tkaner.com, which is a blog about clothing and fabrics.
A search at the breach-tracking service Constella Intelligence on the phone number in Tkaner’s registration records — 7.9521020220 — brings up multiple official Russian government documents listing the number’s owner as Dmitri Yurievich Khoroshev.
Another domain registered to that phone number was stairwell[.]ru, which at one point advertised the sale of wooden staircases. Constella finds that the email addresses webmaster@stairwell.ru and admin@stairwell.ru used the password 225948.
DomainTools reports that stairwell.ru for several years included the registrant’s name as “Dmitrij Ju Horoshev,” and the email address pin@darktower.su. According to Constella, this email address was used in 2010 to register an account for a Dmitry Yurievich Khoroshev from Voronezh, Russia at the hosting provider firstvds.ru.
Image: Shutterstock.
Cyber intelligence firm Intel 471 finds that pin@darktower.ru was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc. Pin was active on Opensc around March 2012, and authored 13 posts that mostly concerned data encryption issues, or how to fix bugs in code.
Other posts concerned custom code Pin claimed to have written that would bypass memory protections on Windows XP and Windows 7 systems, and inject malware into memory space normally allocated to trusted applications on a Windows machine.
Pin also was active at that same time on the Russian-language security forum Antichat, where they told fellow forum members to contact them at the ICQ instant messenger number 669316.
A search on the ICQ number 669316 at Intel 471 shows that in April 2011, a user by the name NeroWolfe joined the Russian cybercrime forum Zloy using the email address d.horoshev@gmail.com, and from an Internet address in Voronezh, RU.
Constella finds the same password tied to webmaster@stairwell.ru (225948) was used by the email address 3k@xakep.ru, which Intel 471 says was registered to more than a dozen NeroWolfe accounts across just as many Russian cybercrime forums between 2011 and 2015.
NeroWolfe’s introductory post to the forum Verified in Oct. 2011 said he was a system administrator and C++ coder.
“Installing SpyEYE, ZeuS, any DDoS and spam admin panels,” NeroWolfe wrote. This user said they specialize in developing malware, creating computer worms, and crafting new ways to hijack Web browsers.
“I can provide my portfolio on request,” NeroWolfe wrote. “P.S. I don’t modify someone else’s code or work with someone else’s frameworks.”
In April 2013, NeroWolfe wrote in a private message to another Verified forum user that he was selling a malware “loader” program that could bypass all of the security protections on Windows XP and Windows 7.
“The access to the network is slightly restricted,” NeroWolfe said of the loader, which he was selling for $5,000. “You won’t manage to bind a port. However, it’s quite possible to send data. The code is written in C.”
In an October 2013 discussion on the cybercrime forum Exploit, NeroWolfe weighed in on the karmic ramifications of ransomware. At the time, ransomware-as-a-service didn’t exist yet, and many members of Exploit were still making good money from “lockers,” relatively crude programs that locked the user out of their system until they agreed to make a small payment (usually a few hundred dollars via prepaid Green Dot cards).
Lockers, which presaged the coming ransomware scourge, were generally viewed by the Russian-speaking cybercrime forums as harmless moneymaking opportunities, because they usually didn’t seek to harm the host computer or endanger files on the system. Also, there were still plenty of locker programs that aspiring cybercriminals could either buy or rent to make a steady income.
NeroWolfe reminded forum denizens that they were just as vulnerable to ransomware attacks as their would-be victims, and that what goes around comes around.
“Guys, do you have a conscience?,” NeroWolfe wrote. “Okay, lockers, network gopstop aka business in Russian. The last thing was always squeezed out of the suckers. But encoders, no one is protected from them, including the local audience.”
If Khoroshev was ever worried that someone outside of Russia might be able to connect his early hacker handles to his real life persona, that’s not clear from reviewing his history online. In fact, the same email address tied to so many of NeroWolfe’s accounts on the forums — 3k@xakep.ru — was used in 2011 to create an account for a Dmitry Yurevich Khoroshev on the Russian social media network Vkontakte.
NeroWolfe seems to have abandoned all of his forum accounts sometime in 2016. In November 2016, an exploit[.]ru member filed an official complaint against NeroWolfe, saying NeroWolfe had been paid $2,000 to produce custom code but never finished the project and vanished.
It’s unclear what happened to NeroWolfe or to Khoroshev during this time. Maybe he got arrested, or some close associates did. Perhaps he just decided it was time to lay low and hit the reset on his operational security efforts, given his past failures in this regard. It’s also possible NeroWolfe landed a real job somewhere for a few years, fathered a child, and/or had to put his cybercrime career on hold.
Or perhaps Khoroshev saw the coming ransomware industry for the endless pot of gold that it was about to become, and then dedicated himself to working on custom ransomware code. That’s what the government believes.
The indictment against Khoroshev says he used the hacker nickname Putinkrab, and Intel 471 says this corresponds to a username that was first registered across three major Russian cybercrime forums in early 2019.
KrebsOnSecurity could find no obvious connections between Putinkrab and any of Khoroshev’s older identities. However, if Putinkrab was Khoroshev, he would have learned from his past mistakes and started fresh with a new identity (which he did). But also, it is likely the government hasn’t shared all of the intelligence it has collected against him (more on that in a bit).
Putinkrab’s first posts on the Russian cybercrime forums XSS, Exploit and UFOLabs saw this user selling ransomware source code written in C.
A machine-translated ad for ransomware source code from Putinkrab on the Russian language cybercrime forum UFOlabs in 2019. Image: Ke-la.com.
In April 2019, Putkinkrab offered an affiliate program that would run on top of his custom-made ransomware code.
“I want to work for a share of the ransoms: 20/80,” Putinkrab wrote on Exploit. “20 percent is my percentage for the work, you get 80% of the ransoms. The percentage can be reduced up to 10/90 if the volumes are good. But now, temporarily, until the service is fully automated, we are working using a different algorithm.”
Throughout the summer of 2019, Putinkrab posted multiple updates to Exploit about new features being added to his ransomware strain, as well as novel evasion techniques to avoid detection by security tools. He also told forum members he was looking for investors for a new ransomware project based on his code.
In response to an Exploit member who complained that the security industry was making it harder to profit from ransomware, Putinkrab said that was because so many cybercriminals were relying on crappy ransomware code.
“The vast majority of top antiviruses have acquired behavioral analysis, which blocks 95% of crypto-lockers at their root,” Putinkrab wrote. “Cryptolockers made a lot of noise in the press, but lazy system administrators don’t make backups after that. The vast majority of cryptolockers are written by people who have little understanding of cryptography. Therefore, decryptors appear on the Internet, and with them the hope that files can be decrypted without paying a ransom. They just sit and wait. Contact with the owner of the key is lost over time.”
Putinkrab said he had every confidence his ransomware code was a game-changer, and a huge money machine.
“The game is just gaining momentum,” Putinkrab wrote. “Weak players lose and are eliminated.”
The rest of his response was structured like a poem:
“In this world, the strongest survive.
Our life is just a struggle.
The winner will be the smartest,
Who has his head on his shoulders.”
Putinkrab’s final post came on August 23, 2019. The Justice Department says the LockBit ransomware affiliate program was officially launched five months later. From there on out, the government says, Khoroshev adopted the persona of LockBitSupp. In his introductory post on Exploit, LockBit’s mastermind said the ransomware strain had been in development since September 2019.
The original LockBit malware was written in C (a language that NeroWolfe excelled at). Here’s the original description of LockBit, from its maker:
“The software is written in C and Assembler; encryption is performed through the I/O Completion Port; there is a port scanning local networks and an option to find all DFS, SMB, WebDAV network shares, an admin panel in Tor, automatic test decryption; a decryption tool is provided; there is a chat with Push notifications, a Jabber bot that forwards correspondence and an option to terminate services/processes in line which prevent the ransomware from opening files at a certain moment. The ransomware sets file permissions and removes blocking attributes, deletes shadow copies, clears logs and mounts hidden partitions; there is an option to drag-and-drop files/folders and a console/hidden mode. The ransomware encrypts files in parts in various places: the larger the file size, the more parts there are. The algorithms used are AES + RSA.
You are the one who determines the ransom amount after communicating with the victim. The ransom paid in any currency that suits you will be transferred to your wallets. The Jabber bot serves as an admin panel and is used for banning, providing decryption tools, chatting – Jabber is used for absolutely everything.”
Does the above timeline prove that NeroWolfe/Khoroshev is LockBitSupp? No. However, it does indicate Khoroshev was for many years deeply invested in countless schemes involving botnets, stolen data, and malware he wrote that others used to great effect. NeroWolfe’s many private messages from fellow forum members confirm this.
NeroWolfe’s specialty was creating custom code that employed novel stealth and evasion techniques, and he was always quick to volunteer his services on the forums whenever anyone was looking help on a malware project that called for a strong C or C++ programmer.
Someone with those qualifications — as well as demonstrated mastery of data encryption and decryption techniques — would have been in great demand by the ransomware-as-a-service industry that took off at around the same time NeroWolfe vanished from the forums.
Someone like that who is near or at the top of their game vis-a-vis their peers does not simply walk away from that level of influence, community status, and potential income stream unless forced to do so by circumstances beyond their immediate control.
It’s important to note that Putinkrab didn’t just materialize out of thin air in 2019 — suddenly endowed with knowledge about how to write advanced, stealthy ransomware strains. That knowledge clearly came from someone who’d already had years of experience building and deploying ransomware strains against real-life victim organizations.
Thus, whoever Putinkrab was before they adopted that moniker, it’s a safe bet they were involved in the development and use of earlier, highly successful ransomware strains. One strong possible candidate is Cerber ransomware, the most popular and effective affiliate program operating between early 2016 and mid-2017. Cerber thrived because it emerged as an early mover in the market for ransomware-as-a-service offerings.
In February 2024, the FBI seized LockBit’s cybercrime infrastructure on the dark web, following an apparently lengthy infiltration of the group’s operations. The United States has already indicted and sanctioned at least five other alleged LockBit ringleaders or affiliates, so presumably the feds have been able to draw additional resources from those investigations.
Also, it seems likely that the three national intelligence agencies involved in bringing these charges are not showing all of their cards. For example, the Treasury documents on Khoroshev mention a single cryptocurrency address, and yet experts interviewed for this story say there are no obvious clues connecting this address to Khoroshev or Putinkrab.
But given that LockBitSupp has been actively involved in Lockbit ransomware attacks against organizations for four years now, the government almost certainly has an extensive list of the LockBit leader’s various cryptocurrency addresses — and probably even his bank accounts in Russia. And no doubt the money trail from some of those transactions was traceable to its ultimate beneficiary (or close enough).
Not long after Khoroshev was charged as the leader of LockBit, a number of open-source intelligence accounts on Telegram began extending the information released by the Treasury Department. Within hours, these sleuths had unearthed more than a dozen credit card accounts used by Khoroshev over the past decade, as well as his various bank account numbers in Russia.
The point is, this post is based on data that’s available to and verifiable by KrebsOnSecurity. Woodward & Bernstein’s source in the Watergate investigation — Deep Throat — famously told the two reporters to “follow the money.” This is always excellent advice. But these days, that can be a lot easier said than done — especially with people who a) do not wish to be found, and b) don’t exactly file annual reports.
Related tags
FreshRSS