专家表示,Radiant黑客组织因试图勒索儿童而在黑客界丧失公信力,这迫使其采取行动。
窃取了数千名幼儿园儿童照片及隐私信息的网络犯罪分子现已删除相关数据。
一个自称“光辉”的犯罪团伙从其建立的勒索网站上删除了英国Kido连锁托儿所儿童的相关信息。
一位网络安全领域的消息人士向《卫报》证实,该网站已删除儿童资料页面,并完成了版面重构。
《卫报》获取的网站截图显示,此前泄露的儿童资料已不再显示。当前页面仅展示了一个Kido标识及下方的“查看更多”按钮,但据网络安全消息人士透露,该链接已失效——暗示相关数据已被删除。
Kido发言人证实,攻击者已删除此前发布的信息。
发言人表示:"在整个事件过程中,我们始终遵循当局的指导原则,不鼓励支付赎金,因为这会助长犯罪活动并刺激进一步的违法行为。我们将继续与家属、监管机构、执法部门及网络安全专家密切合作,展开调查并采取积极措施,确保相关数据被永久删除。"
英国广播公司(BBC)最先报道了这起删除事件,并援引其中一名黑客的话称:“我们为伤害了孩子们感到抱歉。”
黑客团伙对负面舆论极为敏感,这不仅会加大执法部门对其采取行动的风险,还会破坏黑客群体内部的合作关系。
网络安全公司Sophos的研究员丽贝卡·泰勒表示:“即便是网络犯罪分子也明白有些底线不可逾越。Radiant组织已意识到,窃取儿童数据不仅会引发关注,更会彻底摧毁其可信度。这种行为将侵蚀他们声称的任何正当性——尤其对于一个看似新成立的组织而言。”
泰勒表示,对窃取数据并索要赎金的组织而言,“信誉至上”是关键,因为这能让他们在谈判中占据优势。据英国广播公司报道,Radiant曾要求Kido支付60万比特币以归还数据,但Kido最终未支付赎金。
“删除数据并非出于善意,而是为了止损。这是道德与私利难得短暂一致的罕见时刻。”泰勒说道。
然而,经过改版的Radiant数据泄露网站(此类门户的统称)似乎已准备好接纳更多受害者。该网站设有搜索栏,可查找遭该组织入侵的公司信息,并详细说明了如何通过加密通讯服务Tox联系该组织。
尽管'光辉'组织(Radiant)在通信中展现出熟练的英语能力,但分析人士认为该组织可能并非来自西方国家。大多数勒索软件组织——即加密企业IT文件并窃取数据的犯罪团伙——源自前苏联加盟共和国。据分析师判断,'光辉'似乎是网络犯罪圈中的一个新兴组织。
在删除资料前,一名女性向BBC透露,她曾接到犯罪分子的威胁电话,对方声称除非她向Kido施压支付赎金,否则将在网上公开其孩子的信息。Kido在伦敦周边18个地点设有托儿所,并在美国、印度和中国拥有更多分支机构。
Radiant公司宣称掌握了8000多名儿童及其家庭的敏感数据,包括事故报告、安全保护报告以及账单信息。该公司表示,英国所有Kido托儿所均受到影响。
一名网络犯罪分子向英国广播公司(BBC)表示:“所有儿童数据现已被删除,未留存任何信息,此举或可令家长安心。”
Experts say attempting to extort children lost Radiant group credibility in hacking world, which made it take action
Cybercriminals who stole pictures and the private information of thousands of nursery children have deleted the data.
A gang calling themselves Radiant have removed details of children at the UK-based Kido nursery chain from a website it had set up to extort victims.
A cybersecurity source confirmed to the Guardian that profiles of children had been removed from the site, which has been reformatted.
A screenshot of the site, seen by the Guardian, no longer displays childrens profiles from the hack. It now displays a Kido logo with view more underneath it, but a cybersecurity source said the link did not work C implying that the data has been removed.
A Kido spokesperson confirmed the attackers had removed information that they had previously published.
The spokesperson said: Throughout this incident we have followed guidance from the authorities that discourages ransom payments as they only fuel and incentivise further criminal activity. We continue to work closely with families, regulators, law enforcement and our cybersecurity experts to investigate and take active steps to confirm that the data is permanently deleted.
The BBC first reported the deletion and quoted one of the hackers who said: We are sorry for hurting kids.
Hacking gangs are sensitive to negative publicity, not least because it raises their exposure to action from law enforcement and disrupts relationships within the hacking community.
Rebecca Taylor, a researcher at cybersecurity firm Sophos, said: Even cybercriminals know some lines cant be crossed. Radiant learned that stealing data belonging to children doesnt just attract attention, it burns credibility. It erodes any legitimacy they claim, particularly as they appear to be a newly formed group.
Taylor said credibility is king for groups demanding ransoms for stolen data because it gave them leverage in negotiations. The BBC reported that Radiant had demanded 05600,000 in bitcoin from Kido to return the data but that Kido had not paid the ransom.
Deleting the data wasnt an act of kindness, it was damage control. This was a rare moment when morality and self-interest briefly aligned, Taylor said.
However, the revamped Radiant leak site C the term for such portals C appears to be ready for more victims, with a search bar for finding companies that have been hacked by the group, plus details of how to contact the group via Tox, an encrypted messaging service.
Although Radiant has shown a proficient command of English in its communications, analysts believe the group could be non-western. Most ransomware groups C groups who encrypt a companys IT files and steal data C are from states from the former Soviet Union. Radiant appears to be a new group within cybercrime circles, according to analysts.
Prior to the deletion, one woman told the BBC she had received a threatening phone call from the criminals who said they would post her childs information online unless she put pressure on Kido to pay a ransom. Kido has nurseries on 18 sites around London and more in the US, India and China.
Radiant had claimed to have sensitive data on more than 8,000 children and their families, including accident and safeguarding reports, as well as billing information. It said all Kido nurseries in the UK were affected.
One cybercriminal told the BBC: All child data is now being deleted. No more remains and this can comfort parents.