Behind the Binary by Google Cloud Security
Welcome to Behind the Binary, the podcast that introduces you to the fascinating people, technology, and tools driving the world of reverse engineering. Join your host, Josh Stroschein, a reverse engineer with the FLARE team at Google, and someone passionate about sharing knowledge and shedding light on the art of reverse engineering, as he sits down with intriguing guests to explore the human side of this profession.
Behind the Binary goes beyond the code, sharing the stories, motivations, and unique perspectives of the individuals who dedicate their lives to unraveling the complexities of technology. We'll hear about their journeys into the field, the challenges they face, and the impact their work has on securing our digital world.
Whether you're a seasoned malware analyst, a software developer, a security researcher, or just someone curious about the world of reverse engineering, Behind the Binary offers insightful and engaging conversations for everyone interested in this fascinating field.
Behind the Binary by Google Cloud Security
EP24 The Glupteba Takedown: What Happens When Botnet Operators Show Up in Court with Pierre-Marc Bureau
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
"I thought that we would never hear about these people after they were named. But what was a surprise is that they actually hired a lawyer in New York... and they were like, 'Yeah, we're going to be taking part in this trial."
In this episode, we are joined by Pierre-Marc Bureau from Google’s Threat Intelligence Group (GTIG) to unpack the unprecedented takedown of the Glupteba botnet. Active since 2011, Glupteba infected roughly 1 million Windows devices before Google launched a coordinated technical and legal strike. Pierre-Marc takes us behind the scenes of an investigation that evolved from reverse engineering binaries to a surreal showdown in a New York civil court.
We break down how a single hardcoded string unraveled a massive criminal enterprise, the mechanics of using the Bitcoin blockchain for resilient command and control, and the bizarre moment when Russian cybercriminals actually hired a US lawyer to fight back.
THE SESSION:
- The Blockchain Fallback: How Glupteba operators hid AES-encrypted blobs inside Bitcoin transactions, creating an un-takable backup C2 infrastructure if their primary domains went down.
- The Fatal OpSec Flaw: How one mistake—leaving the string get.voltronwork.com in a Go module—allowed Google to connect the botnet to Russian developer shops and Delaware shell companies.
- The Corporate Cyber-Cartel: Why the group operated like a legitimate tech startup, openly selling end-to-end "services" like proxy networks and compromised Google and Facebook accounts on the open web.
- The Extortion Twist: The surreal courtroom drama where the malware operators tried to extort Google for $1 million per defendant in exchange for private keys—a move that ended with the judge sanctioning their lawyer for $250,000.
Join the Community
- Research Hub: Threat research, training events and news:
https://cloud.google.com/security/flare - The FLARE Insider: Get community updates and announcements. To subscribe, email flare-external@google.com
FOLLOW THE SHOW:
- Subscribe: Apple Podcasts | Spotify | YouTube