Waymo robotaxi pulled over by Phoenix police after driving into the wrong lane

by with No Comment Tech

Phoenix Police pull over Waymo car

Image Credits: Phoenix Police Department

A police officer pulled over a self-driving Waymo vehicle in Phoenix after it ran a red light and pulled into a lane of oncoming traffic, according to dispatch records.

The incident took place on June 19, but local media, including Arizona Republic, released bodycam footage of the traffic stop this week, showing the vehicle weaving in traffic before eventually pulling over into a parking lot. The footage also shows the officer’s point of view as he walks up to an empty car.

The dispatch records (which are written in all caps) say the vehicle “FREAKED OUT” and that the officer was ultimately “UNABLE TO ISSUE CITATION TO COMPUTER,” according to Arizona Republic.

A Waymo spokesperson told TechCrunch in a statement that the vehicle “encountered inconsistent construction signage” and “briefly entered an unoccupied oncoming lane of traffic,” which it occupied for about 30 seconds after it was blocked from navigating back to the correct lane.

“The entire event lasted approximately one minute and there were no riders in the vehicle,” the spokesperson said.

The Alphabet-owned robotaxi company has voluntarily recalled software twice this year after crashes. The safety of its software is also under investigation by federal regulators.

Waymo robotaxi pulled over by Phoenix police after driving into the wrong lane

by with No Comment Tech

Phoenix Police pull over Waymo car

Image Credits: Phoenix Police Department

A police officer pulled over a self-driving Waymo vehicle in Phoenix after it ran a red light and pulled into a lane of oncoming traffic, according to dispatch records.

The incident took place on June 19, but local media, including Arizona Republic, released bodycam footage of the traffic stop this week, showing the vehicle weaving in traffic before eventually pulling over into a parking lot. The footage also shows the officer’s point of view as he walks up to an empty car.

The dispatch records (which are written in all caps) say the vehicle “FREAKED OUT” and that the officer was ultimately “UNABLE TO ISSUE CITATION TO COMPUTER,” according to Arizona Republic.

A Waymo spokesperson told TechCrunch in a statement that the vehicle “encountered inconsistent construction signage” and “briefly entered an unoccupied oncoming lane of traffic,” which it occupied for about 30 seconds after it was blocked from navigating back to the correct lane.

“The entire event lasted approximately one minute and there were no riders in the vehicle,” the spokesperson said.

The Alphabet-owned robotaxi company has voluntarily recalled software twice this year after crashes. The safety of its software is also under investigation by federal regulators.

Waymo robotaxi pulled over by Phoenix police after driving into the wrong lane

by with No Comment Tech

A police officer pulled over a self-driving Waymo vehicle in Phoenix after it ran a red light and pulled into a lane of oncoming traffic, according to dispatch records.

The incident took place on June 19, but local media including Arizona Republic released bodycam footage of the traffic stop this week, showing the vehicle weaving in traffic before eventually pulling over into a parking lot. The footage also shows the officer’s point of view as he walks up to an empty car.

The dispatch records (which are written in all caps) say the vehicle “FREAKED OUT” and that the officer was ultimately “UNABLE TO ISSUE CITATION TO COMPUTER,” according to Arizona Republic.

A Waymo spokesperson told TechCrunch in a statement that the vehicle “encountered inconsistent construction signage” and “briefly entered an unoccupied oncoming lane of traffic,” which it occupied for about 30 seconds after it was blocked from navigating back to the correct lane.

“The entire event lasted approximately one minute and there were no riders in the vehicle,” the spokesperson said.

The Alphabet-owned robotaxi company has voluntarily recalled software twice this year after crashes. The safety of its software is also under investigation by federal regulators.

Ring video camera doorbell on a red plain and black textured background.

Amazon reverses course, revokes police access to Ring footage via Neighbors app

by with No Comment Tech

Ring video camera doorbell on a red plain and black textured background.

Image Credits: Neil Godwin / T3 Magazine (opens in a new window) / Getty Images

Update: Electronic Frontier Foundation Senior Policy Analyst Matthew Guariglia offered TechCrunch the following statement:

Today, Amazon Ring has announced that it will no longer facilitate police’s warrantless requests for footage from Ring users. Years ago, after public outcry and a lot of criticism from EFF and other organizations, Ring ended its practice of allowing police to automatically send requests for footage to the email inbox of users, opting instead for a system where police had to publicly post requests onto Ring’s Neighbors app. Now, Ring hopefully will altogether be out of the business of platforming casual and warrantless police requests for footage to its users. This is a step in the right direction but has come after years of cozy relationships with police and irresponsible handling of data (for which they reached a settlement with the FTC). Ring has been forced to make some important concessions — but we still believe the devices can enable end-to-end encryption by default and turn off default audio collection, which reports have shown collect audio from greater distances than initially assumed. We are also still deeply skeptical about law enforcement’s and Ring’s ability to determine what is, or is not, an emergency that requires the company to hand over footage without a warrant or user consent.

Amazon today announced that it is end-of-lifing Request for Assistance (RFA), a controversial tool that allowed police and fire departments to request doorbell video through Ring’s Neighbors app.

“Public safety agencies like fire and police departments can still use the Neighbors app to share helpful safety tips, updates, and community events,” Neighbors app head, Eric Kuhn, noted in a blog post. “They will no longer be able to use the RFA tool to request and receive video in the app. Public safety agency posts are still public, and will be available for users to view on the Neighbors app feed and on the agency’s profile.”

The feature has been a major concern for privacy advocates for a number of years. In 2021, Amazon made police requests public as part of its biannual transparency report. That year, it received 3,147 legal requests from agencies representing a 65% increase over the previous year.

Public officials have also raised concerns about the practice. In 2019, for instance, Massachusetts senator Ed Markey penned an open letter to then-CEO Jeff Bezos, noting:

Although Amazon markets Ring as America’s “new neighborhood watch,” the technology captures and stores video from millions of households and sweeps up footage of countless bystanders who may be unaware that they are being filmed. I am particularly alarmed to learn that Ring is pursuing facial-recognition technology with the potential to flag certain individuals as suspicious based on their biometric information.

Markey also cited biases in facial recognition software as a major issue, expressing concern around a disproportionate misidentification among people of color.

“As stated in Ring’s law enforcement guidelines, Ring reserves the right to respond immediately to urgent law enforcement requests for information in cases involving imminent danger of death or serious physical injury to any person. Emergency disclosure requests must be accompanied by a completed emergency request form,” the company wrote in its own letter. “Based on the information provided in the emergency request form and the circumstances described by the officer, Ring makes a good-faith determination whether the request meets the well-known standard, grounded in federal law, that there is imminent danger of death or serious physical injury to any person requiring disclosure of information without delay.”

Today’s news marks a key change in policy that is likely to be heralded as a win for privacy advocates.

A location geofence over New York City, representing a geofence warrant.

'Reverse' searches: The sneaky ways that police tap tech companies for your private data

by with No Comment Tech

A location geofence over New York City, representing a geofence warrant.

Image Credits: TechCrunch / file photo

U.S. police departments are increasingly relying on a controversial surveillance practice to demand large amounts of users’ data from tech companies, with the aim of identifying criminal suspects.

So-called “reverse” searches allow law enforcement and federal agencies to force big tech companies, like Google, to turn over information from their vast stores of user data. These orders are not unique to Google — any company with access to user data can be compelled to turn it over — but the search giant has become one of the biggest recipients of police demands for access to its databases of users’ information.

For example, authorities can demand that a tech company turn over information about every person who was in a particular place at a certain time based on their phone’s location, or who searched for a specific keyword or query. Thanks to a recently disclosed court order, authorities have shown they are able to scoop up identifiable information on everyone who watched certain YouTube videos.

Reverse searches effectively cast a digital dragnet over a tech company’s store of user data to catch the information that police are looking for.

Civil liberties advocates have argued that these kinds of court-approved orders are overbroad and unconstitutional, as they can also compel companies to turn over information on entirely innocent people with no connection to the alleged crime. Critics fear that these court orders can allow police to prosecute people based on where they go or whatever they search the internet for.

So far, not even the courts can agree on whether these orders are constitutional, setting up a likely legal challenge before the U.S. Supreme Court.

In the meantime, federal investigators are already pushing this controversial legal practice further. In one recent case, prosecutors demanded that Google turn over information on everyone who accessed certain YouTube videos in an effort to track down a suspected money launderer.

A recently unsealed search application filed in a Kentucky federal court last year revealed that prosecutors wanted Google to “provide records and information associated with Google accounts or IP addresses accessing YouTube videos for a one week period, between January 1, 2023, and January 8, 2023.”

The search application said that as part of an undercover transaction, the suspected money launderer shared a YouTube link with investigators, and investigators sent back two more YouTube links. The three videos — which TechCrunch has seen and have nothing to do with money laundering — collectively racked up about 27,000 views at the time of the search application. Still, prosecutors sought an order compelling Google to share information about every person who watched those three YouTube videos during that week, likely in a bid to narrow down the list of individuals to their top suspect, who prosecutors presumed had visited some or all of the three videos.

This particular court order was easier for law enforcement to obtain than a traditional search warrant because it sought access to connection logs about who accessed the videos, rather than the higher-standard search warrant that courts can use to demand that tech companies turn over the contents of someone’s private messages.

The Kentucky federal court approved the search order under seal, blocking its public release for a year. Google was barred from disclosing the demand until last month when the court’s order expired. Forbes first reported on the existence of the court order.

It’s not known if Google complied with the order, and a Google spokesperson declined to say either way when asked by TechCrunch.

Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory, said this was a “perfect example” why civil liberties advocates have long criticized this type of court order for its ability to grant police access to people’s intrusive information.

“The government is essentially dragooning YouTube into serving as a honeypot for the feds to ensnare a criminal suspect by triangulating on who’d viewed the videos in question during a specific time period,” said Pfefferkorn, speaking about the recent order targeting YouTube users. “But by asking for information on everyone who’d viewed any of the three videos, the investigation also sweeps in potentially dozens or hundreds of other people who are under no suspicion of wrongdoing, just like with reverse search warrants for geolocation.”

Demanding the digital haystack

Reverse search court orders and warrants are a problem largely of Google’s own making, in part thanks to the gargantuan amounts of user data that the tech giant has long collected on its users, like browsing histories, web searches and even granular location data. Realizing that tech giants hold huge amounts of users’ location data and search queries, law enforcement began succeeding in convincing courts into granting broader access to tech companies’ databases than just targeting individual users.

A court-authorized search order allows police to demand information from a tech or phone company about a person who investigators believe is involved in a crime that took place or is about to happen. But instead of trying to find their suspect by looking for a needle in a digital haystack, police are increasingly demanding large chunks of the haystack — even if that includes personal information on innocent people — to sift for clues.

Using this same technique as demanding identifying information of anyone who viewed YouTube videos, law enforcement can also demand that Google turn over data that identifies every person who was at a certain place and time, or every user who searched the internet for a specific query.

Geofence warrants, as they are more commonly known, allow police to draw a shape on a map around a crime scene or place of interest and demand huge swaths of location data from Google’s databases on anyone whose phone was in that area at a point in time.

Read more on TechCrunch

Minneapolis police tapped Google to identify George Floyd protestersGoogle says geofence warrants make up one-quarter of all US demandsA geofence warrant typo cast a location dragnet spanning two miles over San Francisco

Police can also use so-called “keyword search” warrants that can identify every user who searched a keyword or search term within a time frame, typically to find clues about criminal suspects researching their would-be crimes ahead of time.

Both of these warrants can be effective because Google stores the granular location data and search queries of billions of people around the world.

Law enforcement might defend the surveillance-gathering technique for its uncanny ability to catch even the most elusive suspected criminals. But plenty of innocent people have been caught up in these investigative dragnets by mistake — in some cases as criminal suspects — simply by having phone data that appears to place them near the scene of an alleged crime.

Though Google’s practice of collecting as much data as it can on its users makes the company a prime target and a top recipient of reverse search warrants, it’s not the only company subject to these controversial court orders. Any tech company large or small that stores banks of readable user data can be compelled to turn it over to law enforcement. Microsoft, Snap, Uber and Yahoo (which owns TechCrunch) have all received reverse orders for user data.

Some companies choose not to store user data and others scramble the data so it can’t be accessed by anyone other than the user. That prevents companies from turning over access to data that they don’t have or cannot access — especially when laws change from one day to the next, such as when the U.S. Supreme Court overturned the constitutional right to access abortion.

Google, for its part, is putting a slow end to its ability to respond to geofence warrants, specifically by moving where it stores users’ location data. Instead of centralizing enormous amounts of users’ precise location histories on its servers, Google will soon start storing location data directly on users’ devices, so that police must seek the data from the device owner directly. Still, Google has so far left the door open to receiving search orders that seek information on users’ search queries and browsing history.

But as Google and others are finding out the hard way, the only way for companies to avoid turning over customer data is by not having it to begin with.

Google moves to end geofence warrants, a surveillance problem it largely created

How Ukraine’s cyber police fights back against Russia's hackers

by with No Comment Tech

Yevhenii Panchenko, the chief of division of the Cyberpolice Department of the National Police of Ukraine, during a talk on Tuesday in Manhattan, NY.

Image Credits: Kris Tripplaar/Chainalysis

On February 24, 2022, Russian forces invaded Ukraine. Since then, life in the country has changed for everyone.

For the Ukrainian forces who had to defend their country, for the regular citizens who had to withstand invading forces and constant shelling, and for the Cyberpolice of Ukraine, which had to shift its focus and priorities.

“Our responsibility changed after the full scale war started,” said Yevhenii Panchenko, the chief of division of the Cyberpolice Department of the National Police of Ukraine, during a talk on Tuesday in New York City. “New directives were put under our responsibility.”

During the talk at the Chainalysis LINKS conference, Panchenko said that the Cyberpolice is comprised of around a thousand employees, of which about forty track crypto-related crimes. The Cyberpolice’s responsibility is to combat “all manifestations of cyber crime in cyberspace,” said Panchenko. And after the war started, he said, “we were also responsible for the active struggle against the aggression in cyberspace.”

Panchenko sat down for a wide-ranging interview with TechCrunch on Wednesday, where he spoke about the Cyberpolice’s new responsibilities in wartime Ukraine. That includes tracking what war crimes Russian soldiers are committing in the country, which they sometimes post on social media; monitoring the flow of cryptocurrency funding the war; exposing disinformation campaigns; investigating ransomware attacks; and training citizens on good cybersecurity practices.

The following transcript has been edited for brevity and clarity.

TechCrunch: How did your job and that of the police change after the invasion?

It almost totally changed. Because we still have some regular tasks that we always do, we’re responsible for all the spheres of cyber investigation.

We needed to relocate some of our units in different places, of course, to some difficult organizations because now we need to work separately. And also we added some new tasks and new areas for us of responsibilities when the war started.

From the list of the new tasks that we have, we crave information about Russian soldiers. We never did that. We don’t have any experience before February 2022. And now we try to collect all the evidence that we have because they also adapted and started to hide, like their social media pages that we used for recognizing people who were taking part in the larger invading forces that Russians used to get our cities and kill our people.

Also, we are responsible for identifying and investigating the cases where Russian hackers do attacks against Ukraine. They attack our infrastructure, sometimes DDoS [distributed denial-of-service attacks], sometimes they make defacements, and also try to disrupt our information in general. So, it’s quite a different sphere.

Because we don’t have any cooperation with Russian law enforcement, that’s why it’s not easy to sometimes identify or search information about IP addresses or other things. We need to find new ways to cooperate on how to exchange data with our intelligence services.

Some units are also responsible for defending the critical infrastructure in the cyber sphere. It’s also an important task. And today, many attacks also target critical infrastructure. Not only missiles, but hackers also try to get the data and destroy some resources like electricity, and other things.

When we think about soldiers, we think about real world actions. But are there any crimes that Russian soldiers are committing online?

[Russia] uses social media to sometimes take pictures and publish them on the internet, as it was usual in the first stage of the war. When the war first started, probably for three or four months [Russian soldiers] published everything: videos and photos from the cities that were occupied temporarily. That was evidence that we collected.

And sometimes they also make videos when they shoot in a city, or use tanks or other vehicles with really big guns. There’s some evidence that they don’t choose the target, they just randomly shoot around. It’s the video that we also collected and included in investigations that our office is doing against the Russians.

In other words, looking for evidence of war crimes?

Yes.

How has the ransomware landscape in Ukraine changed after the invasion?

It’s changed because Russia is now not only focused on the money side; their main target is to show citizens and probably some public sector that [Russia] is really effective and strong. If they have any access on a first level, they don’t deep dive, they just destroy the resources and try to deface just to show that they are really strong. They have really effective hackers and groups who are responsible for that. Now, we don’t have so many cases related to ransom, we have many cases related to disruption attacks. It has changed in that way.

Has it been more difficult to distinguish between pro-Russian criminals and Russian government hackers?

Really difficult, because they don’t like to look like a government structure or some units in the military. They always find a really fancy name like, I don’t know, ‘Fancy Bear’ again. They try to hide their real nature.

Contact Us

Do you have information about cyberattacks in Ukraine? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.

But we see that after the war started, their militaries and intelligence services started to organize groups — maybe they’re not so effective and not so professional as some groups that worked before the war started. But they organize the groups in a massive [scale]. They start from growing new partners, they give them some small tasks, then see if they are effective and truly succeed in a small portion of IT knowledge. Then they move forward and do some new tasks. Now we can see many of the applications they also publish on the internet about the results. Some are not related to what governments or intelligence groups did, but they publish that intelligence. They also use their own media resources to raise the impact of the attack.

What are pro-Russian hacking groups doing these days? What activities are they focused on? You mentioned critical infrastructure defacements; is there anything else that you’re tracking?

It starts from basic attacks like DDoS to destroy communications and try to destroy the channels that we use to communicate. Then, of course, defacements. Also, they collect data. Sometimes they publish that in open sources. And sometimes they probably collect but not use it in disruption, or in a way to show that they already have the access.

Sometimes we know about the situation when we prevent a crime, but also attacks. We have some signs of compromise that were probably used on one government, and then we share with others.

[Russia] also creates many psyops channels. Sometimes the attack did not succeed. And even if they don’t have any evidence, they’ll say “we have access to the system of military structures of Ukraine.”

How are you going after these hackers? Some are not inside the country, and some are inside the country.

That’s the worst thing that we have now, but it’s a situation that could change. We just need to collect all the evidence and also provide investigation as we can. And also, we inform other law enforcement agencies in countries who cooperate with us about the actors who we identify as part of the groups that committed attacks on Ukrainian territory or to our critical infrastructure.

Why is it important? Because if you talk about some regular soldier from the Russian army, he will probably never come to the European Union and other countries. But if we talk about some smart guys who already have a lot of knowledge in offensive hacking, he prefers to move to warmer places and not work from Russia. Because he could be recruited to the army, other things could happen. That’s why it’s so important to collect all evidence and all information about the person, then also prove that he was involved in some attacks and share that with our partners.

Also because you have a long memory, you can wait and maybe identify this hacker, where they are in Russia. You have all the information, and then when they are in Thailand or somewhere, then you can move in on them. You’re not in a rush necessarily?

They attack a lot of our civil infrastructure. That war crime has no time expiration. That’s why it’s so important. We can wait 10 years and then arrest him in Spain or other countries.

Who are the cyber volunteers doing and what is their role?

We don’t have many people today who are volunteers. But they are really smart people from around the world — the United States and the European Union. They also have some knowledge in IT, sometimes in blockchain analysis. They help us to provide analysis against the Russians, collect data about the wallets that they use for fundraising campaigns, and sometimes they also inform us about the new form or new group that the Russians create to coordinate their activities.

It’s important because we can’t cover all the things that are happening. Russia is a really big country, they have many groups, they have many people involved in the war. That type of cooperation with volunteers is really important now, especially because they also have a better knowledge of local languages.

Sometimes we have volunteers who are really close to Russian-speaking countries. That helps us understand what exactly they are doing. There is also a community of IT guys that’s also communicating with our volunteers directly. It’s important and we really like to invite other people to that activity. It’s not illegal or something like that. They just provide the information and they can tell us what they can do.

What about pro-Ukrainian hackers like the Ukraine IT Army. Do you just let them do what they want or are they also potential targets for investigation?

No, we don’t cooperate directly with them.

We have another project that also involves many subscribers. I also talked about it during my presentation: it’s called BRAMA. It’s a gateway and we coordinate and gather people. One thing that we propose is to block and destroy Russian propaganda and psyops on the internet. We have really been effective and have had really big results. We blocked more than 27,000 resources that belong to Russia. They publish their narratives, they publish many of psyops materials. And today, we also added some new functions in our community. We not only fight against propaganda, we also fight against fraud, because a lot of fraud today represented in the territory of Ukraine is also created by the Russians.

They also have a lot of impact with that, because if they launder and take money from our citizens, we could help. And that’s why we include those activities, so we proactively react to stories that we received from our citizens, from our partners about new types of fraud that could be happening on the internet.

And also we provide some training for our citizens about cyber hygiene and cybersecurity. It’s also important today because the Russians hackers not only target the critical infrastructure or government structures, they also try to get some data of our people.

For example, Telegram. Now it’s not a big problem but it’s a new challenge for us, because they first send interesting material, and ask people to communicate or interact with bots. On Telegram, you can create bots. And if you just type twice, they get access to your account, and change the number, change two-factor authentication, and you will lose your account.

Is fraud done to raise funds for the war?

Yes.

Can you tell me more about Russian fundraising? Where are they doing it, and who is giving them money? Are they using the blockchain?

There are some benefits and also disadvantages that crypto could give them. First of all, [Russians] use crypto a lot. They create almost all kinds of wallets. It starts from Bitcoin to Monero. Now they understand that some types of crypto are really dangerous for them because many of the exchanges cooperate and also confiscate the funds that they collect to help their military.

How are you going after this type of fundraising?

If they use crypto, we label the addresses, we make some attribution. It’s our main goal. That’s also the type of activities that our volunteers help us to do. We are really effective at that. But if they use some banks, we only could collect the data and understand who exactly is responsible for that campaign. Sanctions are the only good way to do that.

What is cyber resistance?

Cyber resistance is the big challenge for us. We wanted to play that cyber resistance in cyberspace for our users, for our resources. First of all, if we talk about users, we start from training and also sharing some advice and knowledge with our citizens. The idea is how you could react to the attacks that are expected in the future.

How is the Russian government using crypto after the invasion?

Russia didn’t change everything in crypto. But they adapted because they saw that there were many sanctions. They create new ways to launder money to prevent attribution of the addresses that they used for their infrastructures, and to pay or receive funds. It’s really easy in crypto to create many addresses. Previously they didn’t do that as much, but now they use it often.

A screenshot of the seized LockBit darknet website.

Police resurrect LockBit's site and troll the ransomware gang

by with No Comment Tech

A screenshot of the seized LockBit darknet website.

Image Credits: TechCrunch (screenshot)

An international coalition of police agencies have resurrected the dark web site of the notorious LockBit ransomware gang, which they had seized earlier this year, teasing new revelations about the group.

On Sunday, what was once LockBit’s official dark net site reappeared online with new posts that suggest the authorities are planning to release new information about the hackers in the next 24 hours, as of this writing.

The posts have titles such as “Who is LockBitSupp?” “What have we learnt,” “More LB hackers exposed,” and “What have we been doing?”

In February, a law enforcement coalition that included the U.K.’s National Crime Agency (NCA), the U.S. Federal Bureau of Investigation, and forces from Germany, Finland, France, Japan and others announced that they had infiltrated LockBit’s official site. The coalition seized the site and replaced information on it with their own press release and other information in a clear attempt to troll and warn the hackers that the authorities were on to them.

The February operation also included the arrests of two alleged LockBit members in Ukraine and Poland; the takedown of 34 servers across Europe, the U.K., and the U.S.; and the seizure of more than 200 cryptocurrency wallets belonging to the hackers.

FBI spokesperson Samantha Shero told TechCrunch that the bureau had no comment. The NCA did not respond to a request for comment.

LockBit first emerged in 2019 and has since become one of the most prolific ransomware gangs in the world, netting millions of dollars in ransom payments. The group has proven to be very resilient. Even after February’s takedown, the group has reemerged with a new dark web leak site, which has been actively updated with new alleged victims.

All the new posts on the seized website, except for one, have a countdown that ends at 9 a.m. ET on Tuesday, May 7, suggesting that’s when law enforcement will announce the new actions against LockBit. Another post says the site will be shut down in four days.

Since the authorities announced what they called “Operation Cronos” against LockBit in February, the group’s leader, known as LockBitSupp, has claimed in an interview that law enforcement has exaggerated its access to the criminal organization as well as the effect of its takedown.

On Sunday, the hacking collective vx-underground wrote on X that they had spoken to LockBit’s administrative staff, who had told them the police were lying.

“I don’t understand why they’re putting on this little show. They’re clearly upset we continue to work,” the staff said, according to vx-underground.

The identity of LockBitSupp is still unknown, although that could change soon. One of the new posts on the seized LockBit site promises to reveal the hacker’s identity on Tuesday. It has to be noted, however, that the previous version of the seized site also appeared to promise to reveal the gang leader’s identity, but eventually did not.

This story was updated to include the FBI’s no comment.