Tracking the Worlds Dumbest Cyber-Mercenaries

Presented at DEF CON 31 (2023), Aug. 11, 2023, 2 p.m. (20 minutes).

For the last 6 years my colleagues and I have been tracking the activities of the cyber-mercenaries we call Dark Caracal. In this time we have observed them make a number of hilarious mistakes which have allowed us to gain crucial insights into their activities and victims. In this talk we will discuss the story of Dark Caracal, the mistakes they have made, and how they have managed to remain effective despite quite possibly being the dumbest APT to ever exist. REFERENCES: https://www.eff.org/wp/operation-manul https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/ https://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america

Presenters:

  • Cooper Quintin - Senior Staff Technologist at Electronic Frontier Foundation
    Cooper Quintin is a security researcher and senior public interest technologist with the EFF Threat Lab. He has worked on projects including Privacy Badger, Canary Watch, and analysis of state sponsored malware campaigns such as Dark Caracal. Cooper has given talks at security conferences including Black Hat, DEFCON, Enigma Conference, and ReCon about issues ranging from IMSI Catcher detection to fem tech privacy issues to newly discovered APTs. He has also been published or quoted in publications including: The New York Times, Reuters, NPR, CNN, and Al Jazeera. Cooper has given security trainings for activists, non profit workers, and vulnerable populations around the world. He previously worked building websites for nonprofits, including Greenpeace, Adbusters, and the Chelsea Manning Support Network. Cooper was also an editor and contributor to the hacktivist journal, "Hack this Zine." In his spare time he enjoys making music, visualizing a solar-punk anarchist future, and playing with his kids.

Links:

Similar Presentations: