There aren’t too many ways you could make a quick $10 million these days, at least not legally. The U.S. Department of State has just provided one though, for anyone who knows any password hackers with a connection to the RedLine password-stealing threat campaign. While the reward specifically mentions Maxim Alexandrovich Rudometov, a Russian national, as allegedly being the creator of the RedLine infostealer in question, the reward is also applicable to information about those individuals using the password hack to infiltrate critical U.S. infrastructure providers. Here’s everything you need to know.
How This Password Hack Threat Could Make You Money — Legally
Channeling the South Park character Mr. Mackey, with a little creative license, password hacks are bad, m’kay. There are very few occasions where the opposite can be said to be true: gaining access to your own resources when credentials have been lost, checking the veracity of security protections within the boundaries of a contracted penetration testing exercise, accessing a terrorist device to garner life-saving information as a federal agent and, nope, I’m starting to struggle now. There is one additional password hack-related money maker, though, and that is snitching on the state-sponsored password-stealing cybercriminals who are using the RedLine infostealer against U.S. targets.
In the latest addition to the Rewards for Justice bounty scheme, the U.S. Department of Justice has confirmed that it will pay “up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure.”
In this case, the reward is open to individuals who can provide information regarding the RedLine password-hack malware operation. Available by way of a decentralized Malware-as-a-Service platform, cybercriminals are able to buy or rent the RedLine malware to use in their own attack campaigns. “Rudometov has regularly accessed and managed the technical infrastructure of RedLine,” the Department of State said, and “is associated with various cryptocurrency accounts used to receive and launder payments,” as well as being in physical possession of the RedLine malware source code.
“Anyone with information on foreign government-linked associates of Rudometov, or their malicious cyber activities, or foreign government-linked use of RedLine malware, should contact Rewards for Justice,” in order to pursue the $10 million bounty on offer. So, if you know one of these password hackers, now is the time to snitch before someone else does.