Behind Enemy Lines: Going undercover to breach LockBit Ransomware Op
Jon DiMaggio
DEF CON 32 Main Stage · Day 1 · Main Stage
In a groundbreaking talk at DEF CON 32, cybersecurity expert Jon DiMaggio of Analyst One unveiled an unprecedented methodology for infiltrating one of the world's most prolific ransomware operations: LockBit. Shifting away from traditional technical analysis, DiMaggio detailed his two-year undercover operation, which involved deep social engineering, meticulous adversary profiling, and the cultivation of **sock puppet** personas to gain the trust of LockBit's core operators and affiliates. This talk, a culmination of his popular "Ransomware Diary" series, offers a rare glimpse into the human dynamics, internal workings, and recruitment strategies of a sophisticated cybercriminal enterprise.
AI review
This presentation by Jon DiMaggio is a groundbreaking exposé into the human element of LockBit, demonstrating an unprecedented and highly skilled infiltration of a major ransomware operation. DiMaggio's two-year undercover work, detailed adversary profiling, and sophisticated social engineering techniques provide unparalleled, actionable intelligence. It's a critical shift from purely technical analysis to understanding the adversary's social fabric, offering a new, vital paradigm for threat intelligence and defensive strategy.