MicDrop: Return to Wazawaka - Episode 189 Summary

Introduction: Revisiting a Notorious Hacker

In Episode 189 of Click Here, titled MicDrop: Return to Wazawaka, Recorded Future News delves deep into the enigmatic world of Misha, also known by his aliases Wazawaka, Boris Elson, and M1X. This extended cut revisits a rare interview conducted in late 2023 with Misha shortly after his inclusion in the FBI's Cyber Most Wanted list. Host Dina Temple-Raston, alongside her team, unpacks Misha's activities, his interactions with other ransomware groups, and the broader implications of his actions on global cybersecurity.

Understanding the FBI's Cyber Most Wanted List

Dina begins by contextualizing the FBI’s Cyber Most Wanted list, drawing parallels to its historical counterparts like Al Capone and John Dillinger. She explains that this list categorizes individuals based on the severity of their cybercrimes, the nature of their attacks, and their ongoing threat to society. The list comprises various categories, including fugitives, kidnappers, and, more recently, cybercriminals who have caused significant digital havoc.

Notable Quote:

"The FBI's most wanted list is the stuff of legend... Society and the FBI has to make a calculation whether all the publicity that comes with the FBI's most wanted will help the Bureau bring them to justice."
— Dina Temple-Raston [00:03]

Profile of Misha (Wazawaka)

Misha stands out as the latest addition to this elite list. Originating from Russia, he has been implicated in numerous ransomware attacks targeting diverse entities, including hospitals, municipalities, and businesses across the United States. Despite allegations of his involvement with high-profile ransomware groups like Lockbit, Babuk, and Hive, Misha maintains that he operates as an affiliate rather than a leader within these organizations.

Notable Quotes:

"I just want to say this, the money that the DOJ attributes to, I have never seen such amounts. I don't have this money. Where did they get those numbers from? I am interested."
— Misha (Wazawaka) [03:35]

"Journalists exaggerate more than make mistakes, but there are mistakes... Hive and Lockpit, they made me look like a co-owner of."
— Misha (Wazawaka) [05:54]

Inside the Ransomware Underworld

Through Misha’s insights, the podcast sheds light on the operational dynamics of ransomware groups. He praises Conti, a Russian-language ransomware group, highlighting its structured and business-like approach. Conti's notable attack on the Costa Rican government, which involved stealing 850 gigabytes of data and making exorbitant ransom demands, exemplifies the sophistication and audacity of such groups.

Notable Quotes:

"Conti was very well structured."
— Misha (Wazawaka) [06:29]

"Conti was run like a real world business and they profited from that."
— Misha (Wazawaka) [07:06]

Although Conti publicly disbanded following the Russian invasion of Ukraine and leaked internal communications, Misha asserts that the group remains active, albeit less visible in the current cyber landscape.

The Prospect Park Attack: A Case Study

One of the pivotal discussions revolves around the Prospect Park ransomware attack in New Jersey during the summer of 2020. Led by the Lockbit G. group, the attack crippled the town's computer systems by altering file extensions to .lockbit without leaving a ransom note, creating confusion and operational paralysis.

Key Points:

• Impact on Local Governance: Walter Richmond, the officer in charge of Prospect Park, recounts how the attack prevented access to essential files, disrupting daily operations.

  Notable Quote:

  "I noticed that all of our files on our server were of the lock bit variant. They were changed... but there was no ransom note."
  — Walter Richmond [08:26]

• Misha’s Alleged Role: The Department of Justice linked Misha to this attack, alleging his participation in the conspiracy to lock up Prospect Park’s computers. However, Misha denies direct involvement, claiming he merely uploaded existing stolen data to validate the breach.

  Notable Quote:

  "It was not me. It was other people. I just uploaded the data because I thought I needed to upload it."
  — Misha (Wazawaka) [10:45]

Broader Implications: The Threat of Escalated Cyberattacks

The discussion broadens to consider the potential for more severe and widespread ransomware attacks. Referencing a recent assault on Dallas, wherein the city’s courts were shut down for weeks, Dina emphasizes the growing trend of cyberattacks disrupting critical municipal functions. Analysts warn that individuals like Misha, with their extensive connections and operational knowledge, could facilitate larger-scale disruptions reminiscent of the Dallas incident.

Notable Quote:

"The concern is that attacks with this kind of impact become the new norm and that people like Misha could help make more attacks like that happen."
— Dina Temple-Raston [11:51]

Tracking Misha: The Thin Digital Line

A significant portion of the episode focuses on Azim Kojibayev, a senior analyst at Cisco Talos, who has been tracking Misha for years. Azim details his methodology in identifying Misha through minimal digital footprints, such as a misplaced username and name in an old forum post, which he correlated with Misha’s resume and activities.

Key Points:

• Building the Case: Azim’s persistence led to establishing communication with Misha, who reacted with curiosity and eventual cordiality, intriguing Azim further.

  Notable Quote:

  "He did not deny it. His response was actually very jovial, inquisitive as to how I found out... one of the biggest icebreakers I've ever had."
  — Azim Kojibayev [13:50]

• Misha’s Recent Behavior: Despite being labeled as Most Wanted, Misha continues his activities unabated. He sends voice memos amidst everyday activities, such as listening to Rihanna or riding motorcycles, inadvertently revealing his whereabouts and appearance through these unguarded moments.

  Notable Quote:

  "I want to take Russian information technologies to the next level... teach Russian youth about cybersecurity to protect them from the prying eyes of the CIA and the FBI."
  — Misha (Wazawaka) [18:31]

Misha’s Defiance and Future Plans

In a defiant stance against international law enforcement, Misha articulates his vision to advance Russian information technologies independently of Western influence. He aspires to educate Russian youth on cyber hygiene, positioning himself as a protector against Western espionage efforts.

Notable Quotes:

"I want to show that in Russia it is still alive and well. You don't need to go to the United States to make money... to study."
— Misha (Wazawaka) [18:31]

"I also have this idea of organizing a project to teach children cyber hygiene to protect them from attacks of all sorts from CIA, FBI, who recruits our citizens."
— Misha (Wazawaka) [18:57]

Conclusion: The Ongoing Pursuit

As the episode concludes, Dina reflects on the relentless pursuit by the FBI and the challenges posed by cybercriminals like Misha. The combination of sophisticated tactics, extensive networks, and brazen public behavior makes Misha a formidable figure in the cyber underworld. The episode underscores the evolving nature of cyber threats and the imperative for robust international cooperation to combat such elusive adversaries.

Closing Quote:

"You coming after me? I'm coming after you."
— Misha (Wazawaka) [19:15]

Takeaways

• Complexity of Cybercrime: Misha’s case exemplifies the intricate web of alliances and operations within the cybercriminal ecosystem.
• Impact on Public Institutions: Ransomware attacks on municipalities highlight vulnerabilities in critical infrastructure.
• Challenges in Tracking Cybercriminals: Minimal digital footprints can both hinder and inadvertently aid in tracking individuals like Misha.
• Future of Cybersecurity: The persistence and adaptability of hackers necessitate continuous advancements in cybersecurity measures and law enforcement strategies.

This comprehensive summary encapsulates the key discussions and insights from Click Here’s episode on Misha (Wazawaka), offering listeners a thorough understanding of the intricate challenges posed by modern cybercriminals.