You can edit almost every page by Creating an account. Otherwise, see the FAQ.

Bad Packets LLC

From EverybodyWiki Bios & Wiki

Bad Packets LLC
Founded 📆2017
Founders 👔
  • Troy Mursch
  • Mathew Woodyard
Headquarters 🏙️, ,
Area served 🗺️
Products 📟 Bad Packets® CTI
Number of employees
📇 Address
📞 telephone

Bad Packets is a cybersecurity company based in Chicago, Illinois. Bad Packets provides cyber threat intelligence data to academic institutions, government CERT teams, and ISAC organizations. Bad Packets operates a global honeypot network to monitor exploit activity targeting vulnerabilities in enterprise networks, internet of things (IoT) devices and cloud computing environments.[1]


Bad Packets was founded in 2017 in Chicago, Illinois by co-founders Troy Mursch and Mathew Woodyard.

Illicit cryptocurrency mining incidents[edit]

In 2017, Bad Packets was the first to disclose that the websites of Showtime Networks[2][3] and PolitiFact[4][5][6] were infected with cryptojacking malware targeting users visiting those sites.

In 2018, Bad Packets collaborated with Concordia University researchers to co-author the peer-reviewed academic research paper, "A first look at browser-based cryptojacking" which analyzed both incidents in further detail.[7]

On February 27, 2019, cybersecurity investigative journalist Brian Krebs reported the cryptocurrency mining service used in these attacks, Coinhive, was shutting down permanently.[8]

IoT botnet research[edit]

In 2019, Bad Packets partnered with Lancaster University researchers who detected 1,600 industrial control devices globally to be infected with the Mirai malware.[9] Bad Packets cyber threat intelligence data was instrumental in additional research profiling IoT-based botnet traffic using DNS which significantly reduced botnet detection time.[10]

Critical VPN vulnerabilities[edit]

On August 24, 2019, Bad Packets identified 14,500 vulnerable Pulse Secure VPN servers globally that were unpatched against a critical vulnerability that allows remote unauthenticated attackers to compromise the VPN server and connected clients.[11][12] This vulnerability was widely reported by the NSA,[13] NCSC,[14] FBI,[15] and CISA[16] to be exploited by nation-state advanced persistent threat actors for ransomware attacks.

On December 31, 2019, threat actors exploited this critical Pulse Secure VPN flaw to compromise the computer network of Travelex in a ransomware cyberattack. Bad Packets warned Travelex that they were using vulnerable Pulse Secure VPN servers on September 13, 2019, but received no response.[17][18][19]


  1. "The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle" (PDF). USENIX Association. Retrieved August 27, 2021.
  2. "CBS's Showtime caught mining crypto-coins in viewers' web browsers". The Register. Retrieved May 28, 2021.
  3. "No Incident Unnoticed: Interview with Troy Mursch from Bad Packets Report". SecurityTrails. Retrieved July 14, 2021.
  4. "Hackers have turned Politifact's website into a trap for your PC". The Washington Post. Retrieved May 28, 2021.
  5. McMillan, Robert (27 October 2017). "Your Computer May Be Making Bitcoin for Hackers". The Wall Street Journal. Retrieved May 28, 2021.
  6. "Your Browser Could Be Mining Cryptocurrency For a Stranger". WIRED. Retrieved May 28, 2021.
  7. Eskandari, Shayan; Leoutsarakos, Andreas; Mursch, Troy; Clark, Jeremy (2018). "A first look at browser-based Cryptojacking". Arxiv:1803.02887 [Cs, Econ]. arXiv:1803.02887. arXiv:1803.02887. Retrieved May 28, 2021.
  8. "Crypto Mining Service Coinhive to Call it Quits". Krebs on Security. Retrieved May 28, 2021.
  9. "Lancaster academics detect 1.6K industrial control devices globally to be infected with the Mirai malware". Lancaster University. Retrieved May 28, 2021.
  10. "Profiling IoT-based Botnet Traffic using DNS". Lancaster University. Retrieved May 28, 2021.
  11. "Pulse Secure VPN contains multiple vulnerabilities". Carnegie Mellon University. Retrieved May 28, 2021.
  12. "Pulse Secure VPN Servers Leak:Incident Case Study" (PDF). Retrieved May 28, 2021.
  13. "Mitigating Recent VPN Vulnerabilities" (PDF). National Security Agency. Retrieved May 28, 2021.
  14. "Vulnerabilities exploited in VPN products used worldwide". National Cyber Security Centre. Retrieved May 28, 2021.
  15. "Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks". Retrieved May 28, 2021.
  16. "Continued Exploitation of Pulse Secure VPN Vulnerability". Cybersecurity and Infrastructure Security Agency (CISA). Retrieved May 28, 2021.
  17. "Major Companies Shared Vulnerability Used in Travelex Cyberattack". The Wall Street Journal. 16 January 2020. Retrieved May 28, 2021.
  18. "Cyber gangsters demand payment from Travelex after 'Sodinokibi' attack". ComputerWeekly. Retrieved May 28, 2021.
  19. "Travelex showdown highlights growing 'professionalization' of cyber gangs". S&P Global. Retrieved July 14, 2021.

External links[edit]

Initial page creation for Bad Packets[edit]

Bad Packets - Revised Draft (removed references that were not independent of the subject)[edit]

Added additional references to meet WP:CORPDEPTH requirement[edit]

User:Pahunkat Looking at please explain how the WP:CORPDEPTH requirement is not met?

Resubmission for Bad Packets[edit]

User:CNMall41 I've already included plenty of references that discuss the company itself with significant coverage, such as The Wall Street Journal article ( I would suggest you read | Journalism ethics and standards for further understanding that journalists will not simply write about Bad Packets or any other company – just for the sake the writing about the company – unless it's sponsored content (such as a puff piece) and thus not meeting the requirements of WP:CORPDEPTH in an ethical fashion.

This article "Bad Packets" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Bad Packets. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.