CEO & Co-founder at Corridor.
Previously: Senior Technical Advisor at CISA, TechCongress in the Senate, Krebs Stamos Group, CISA, Defense Digital Service, and Stanford.
| Website | https://cablej.io |
I told Congress the story of how I got into hacking: winning the Hack the Air Force competition at 17, and helping start Stanford's bug bounty program as a freshman.
While we've made progress, we need to do more to normalize security research. I called on Congress to reform the Computer Fraud and Abuse Act by exempting good-faith security research.
Excited to share new research w/ Ian Gray and Damon McCoy, where we leverage novel heuristics to identify over $700 million in previously-unreported ransomware payments. We publish our set of payments, which when combined with the Ransomwhere dataset totals over $900 million in ransomware payments — several times larger than any existing public dataset.
Read here: https://arxiv.org/abs/2408.15420
Get the data: https://github.com/cablej/showing-the-receipts
Ransomware attacks continue to wreak havoc across the globe, with public reports of total ransomware payments topping billions of dollars annually. While the use of cryptocurrency presents an avenue to understand the tactics of ransomware actors, to date published research has been constrained by relatively limited public datasets of ransomware payments. We present novel techniques to identify ransomware payments with low false positives, classifying nearly \$700 million in previously-unreported ransomware payments. We publish the largest public dataset of over \$900 million in ransomware payments -- several times larger than any existing public dataset. We then leverage this expanded dataset to present an analysis focused on understanding the activities of ransomware groups over time. This provides unique insights into ransomware behavior and a corpus for future study of ransomware cybercriminal activity.
Excited to share new research with Ian Gray, Ben Brown, Vlad Cuiujuclu and Damon McCoy.
This is the first in-depth peer-reviewed research into the Conti leaks. We mapped over $80 million in new payments to Conti.
Read the paper: https://arxiv.org/abs/2304.11681
Some takeaways 🧵
Ransomware operations have evolved from relatively unsophisticated threat actors into highly coordinated cybercrime syndicates that regularly extort millions of dollars in a single attack. Despite dominating headlines and crippling businesses across the globe, there is relatively little in-depth research into the modern structure and economics of ransomware operations. In this paper, we leverage leaked chat messages to provide an in-depth empirical analysis of Conti, one of the largest ransomware groups. By analyzing these chat messages, we construct a picture of Conti's operations as a highly-profitable business, from profit structures to employee recruitment and roles. We present novel methodologies to trace ransom payments, identifying over $80 million in likely ransom payments to Conti and its predecessor -- over five times as much as in previous public datasets. As part of our work, we publish a dataset of 666 labeled Bitcoin addresses related to Conti and an additional 75 Bitcoin addresses of likely ransom payments. Future work can leverage this case study to more effectively trace -- and ultimately counteract -- ransomware activity.
For the first time ever, Congress has included memory safety in a law, requiring the National Cyber Director to study memory safety in the Federal government. The omnibus, which this was included in, is expected to pass this week. Proud to have worked on this provision while in the Senate!
https://www.appropriations.senate.gov/imo/media/doc/Division%20E%20-%20FSGG%20Statement%20FY23.pdf
Excited to share new work with Andrés Fábrega, Sunoo Park, and @[email protected] on securing voter registration systems!
We present the first formalization of voter registration systems, including security policies and a threat model.
Read it here: https://eprint.iacr.org/2022/1562
