[HN Gopher] Ransomware gang threatens to expose police informant...
___________________________________________________________________
Ransomware gang threatens to expose police informants if ransom is
not paid
Author : blinding-streak
Score : 206 points
Date : 2021-04-27 13:02 UTC (9 hours ago)
(HTM) web link (therecord.media)
(TXT) w3m dump (therecord.media)
| Invictus0 wrote:
| Is it possible for organizations to buy ransomware insurance? It
| is very difficult to avoid paying the ransom when people's lives
| are in jeopardy. I can imagine hospitals would be interested in
| purchasing such insurance as well.
| szermer wrote:
| Yes... and it is a growing part of commercial property
| insurance: https://www.fmglobal.com/products-and-
| services/products/cybe...
| alexpedi wrote:
| Yes, most Cyber Insurance covers Ransomware. It's been a huge
| driver of claims and claims cost in the last couple of years
| for insurance companies.
| headmelted wrote:
| How would that work though?
|
| The group demanding the ransom can freely set their price.
| Surely if they know an insurance company is on the hook for it
| then they'll add a few zeroes accordingly, making it impossible
| to underwrite.
| gizmo686 wrote:
| Most ransomware groups just want the money; they don't
| particularly want to inflict damage on their target. If their
| demand falls within policy limits, then they will very likely
| get payed. If their demand exceeds policy limits, then the
| target needs to make a much more active decision about
| weather or not to pay. Combined with the fact that exceeding
| the insurance limit likely puts you into a realm where you
| are asking for a some large enough to be a significant
| challenge (otherwise they wouldn't have bothered with
| insurance), and you are now reducing the likelyhood of
| getting a payout.
|
| I would expect the net result of this would be that groups
| raise their demands to match what (they think) the policy
| limit is.
| deftnerd wrote:
| From what I understand, ransomware insurance is already a
| thing. With the policy you get someone who negotiates the
| price and pays the ransom directly to the ransomware gang,
| which bypasses some laws against paying ransomware directly.
|
| In theory, this helps with lower prices, negotiated support
| policies with the ransomware criminals to ensure the
| decryption process goes well, and they keep cryptocurrency
| available so the policy holding company doesn't have to
| scramble to get millions of dollars in crypto in a day or
| two.
|
| Similar to kidnapping negotiators, ransomware negotiators
| often have the experience to produce a better outcome
| usrusr wrote:
| It would work by the "insurance" paying off established
| ransom groups in advance. Protection rackets aren't exactly a
| new invention. Wether it can work or not is entirely hinging
| on the uncertainty of just how fragmented the ransomware
| industry really is. Is it actually just one loose federation
| or are multiple ecosystems existing in parallel? Do they
| perhaps informally agree on virtual turfs?
| thefifthsetpin wrote:
| Kidnap, ransom & extortion insurance have been around for a
| while. I imagine that whatever solution those industries
| employ would work here. I'm also curious what that looks
| like, though.
| Invictus0 wrote:
| Here's how I imagine it: The policy would insure up to a
| certain dollar amount, say $20 million, and pay directly to
| the insured in the event of an attack. If the ransom demand
| is $50 million, the insured can either pay the remaining $30
| million on their own or use the $20 million to begin to
| repair the damage to their systems.
| jpmoral wrote:
| There was an article or discussion I believe I read on HN
| that discussed how kidnapping and ransom insurance reduced
| violent outcomes and made dealing with the kidnappers more
| predictable.
| bluGill wrote:
| True, but what has made kidnapping mostly disappear is laws
| that make it illegal to pay a ransom. That makes it
| impossible to ask for help (as the police are more likely
| to find out) raising the ransom, and thus the total paid
| much less.
|
| Nothing is perfect, but when there is no money in the crime
| there is much less crime. (Don't confuse less with zero!)
| criddell wrote:
| Where is it illegal to pay a ransom?
| jpmoral wrote:
| Sure, but GP was asking about how insurance might work.
| Also, I'd thinnk making lowering ransoms (by making it
| illegal or other means) works only if it's paired with a
| low probability of the kidnappers being able to enjoy the
| proceeds.
| blinding-streak wrote:
| It's amazing to me how brazen the ransomware scene has become.
| The fact that they are now going after law enforcement agencies
| shows extreme confidence in their ability to evade prosecution.
|
| And I know the DC police force doesn't have global jurisdiction
| to root out cyber attackers, but the 3 letter agencies that do
| have this jurisdiction may view ransomware in a different light
| after this attack.
| _the_inflator wrote:
| These type of ransom seems to be state backed or at least
| tolerated.
| bluGill wrote:
| That has long been suspected. I can't prove it, though I
| wouldn't be surprised if the big Agencies had proof and no
| ability to do anything about it.
| ThrowItAway2Day wrote:
| North Korea conducts low-level cybercrime to fill the
| state's coffers and geopolitics. They are like vikings;
| raiding an enemy and stealing all they can while they're
| there to keep the lights on. Hackers from Russia or China
| are higher up on the hierarchy of needs and attack
| targets for geopolitical advantage.
| vkou wrote:
| Just because someone is hacking from Russia doesn't mean
| they are working for the FSB, or are doing it for non-
| commercial reasons.
|
| People who live in other countries aren't just mindless
| drones that march in lock-step with their ministry of
| foreign affairs.
| filoleg wrote:
| >Just because someone is hacking from Russia doesn't mean
| they are working for the FSB, or are doing it for non-
| commercial reasons.
|
| That's why the reply a few comments up the chain said
| "These type of ransom seems to be state backed _or at
| least tolerated_. "
|
| "At least tolerated" part means that the hackers are
| doing it for their own purposes or for money, but not
| under command or employment from foreign federal
| agencies. Foreign federal agencies simply tolerate those
| hackers by looking the other way, since no skin off their
| backs for some ransom payments taken from some US
| entities.
| whimsicalism wrote:
| Yes, and the comment comparing NK to vikings pretty
| clearly threw away the "at least tolerated" part of the
| comment above it.
| vkou wrote:
| What I am responding to in the grandparent post is:
|
| > Hackers from Russia or China are higher up on the
| hierarchy of needs and _attack targets for geopolitical
| advantage_.
|
| That is a _completely different_ claim from what you are
| talking about. The throwaway account claims that
| _foreign_ hackers are all political agents. (Which is an
| incredibly broad generalization to make about an entire
| country, that strips its residents of their agency, and
| would require extraordinary amounts of evidence to
| support.) Your statement does not support that
| interpretation - it argues that they are economic agents
| that are tolerated /encouraged/whatever by the political
| apparatus.
|
| Your claim is compatible with mine. The throwaway
| account's, on the other hand, isn't.
| raverbashing wrote:
| > extreme confidence in their ability to evade prosecution.
|
| Their ability to evade or the lack of ability of Western
| countries to deal effectively with them?
|
| Then you read how the ransomware groups "avoid" CIS
| countries, well I wonder why...
| lotsofpulp wrote:
| What is a CIS country?
| willis936 wrote:
| CIS is the not-Soviet Union.
|
| https://en.wikipedia.org/wiki/Commonwealth_of_Independent
| _St...
| papito wrote:
| And the heads of these states hold massive wealth in the
| West. Funny how they want to "destroy" the West just a
| _little_.
| chewmieser wrote:
| It exists already, yes.
|
| My company was attacked relatively recently and our local
| servers were all encrypted. All we had to do was contact our
| insurance provider and they handled the investigation and
| negotiations with the group. A day or two later and our files
| were back.
| PeterisP wrote:
| One aspect is that a bunch of ransomware actors are on US
| sanctions list, so paying money to them - for whatever reason -
| is a felony i.e. "funding terrorism" even if you don't know at
| the time who is behind them.
| everdrive wrote:
| The ransomware industry is actually in the midst of a big
| shift. As ransomware becomes more prevalent, ransomware
| insurance providers are charging more and paying out less.
|
| A lot of companies either can no longer afford the insurance,
| or else it has become expensive enough that it doesn't make any
| sense to purchase.
| thenoblesunfish wrote:
| These stories often have a part in them that makes me think about
| how it's somehow surreal that there's some person who goes to
| work in the morning and does something that looks and feels
| almost exactly like what most of us here do all day, except that
| the whole thing is part of an (explicitly) parasitic criminal
| enterprise.
| tarsinge wrote:
| Sometime it's possible for me to at least understand the
| rationalization they must be going through (e.g. "stealing from
| rich people is okay they still have plenty, while I have
| nothing and was born poor", "Not cool but they will get past it
| and maybe I'm doing them a favor teaching them a life lesson,
| look at that security if it's not me it will be someone else",
| ...). It's both reassuring because it shows that in the
| majority of the time people still have a conscience, and
| frightening because sometimes there are no rationalization
| possible and it's purely a sociopathic/evil enterprise.
| 8note wrote:
| For a bunch of scams and the like, you could also go with
| "westerners got rich by pillaging and colonizing my country;
| this is just recapturing a piece of what they've stolen"
| joe_the_user wrote:
| _...there 's some person who goes to work in the morning and
| does something that looks and feels almost exactly like what
| most of us here do all day..._
|
| For a moment, I thought you were talking about the police
| informants themselves.
|
| Not that I'm fond of cybercriminals but it's somewhat ironic to
| see one sort of infiltration of an enterprise (say, informants
| at a drug dealing operation) threatened by another sort of
| infiltration of an enterprise (criminals spear fishing the
| police). Not all police informant program are problematic but
| plenty are imo and moreover, the need for police informants
| more or less comes from things like the drug war, which allow
| permanent criminal enterprises which need to be put permanently
| under siege.
| splithalf wrote:
| Mindgeek?
| pessimizer wrote:
| Mindgeek is no worse than any other sleazy rollup.
| 55555 wrote:
| There are better examples out there than porn companies. And
| mindgeek is probably the porn company which monetizes the
| highest amount of their traffic through legitimate offers
| (paysites) instead of straight-up scams.
| splithalf wrote:
| Fair enough. They're the first to pop in my head, perhaps
| that says more about me than their relative success as the
| best of the not quite the worst.
| Quarrelsome wrote:
| Its a bit of a stretch but I think there's a bit of distance in
| the idea that criminal gangs are a bit like corporations for
| people whose parents didn't support them through college.
| colechristensen wrote:
| Really more like small nation like entities. They provide
| services, welfare, have taxes, rules on the use of violence,
| solve disputes, have wars... and occasionally overrun the
| area government and actually run things.
|
| Organized crime gets to levels where it is essentially a
| competing government with an equally competitive consent of
| the governed.
| curuinor wrote:
| There's seldom such a thing as a nation-state that didn't
| start from organized crime. America started off as a
| smuggler gang called the Sons of Liberty, for example.
|
| That's why they have to be paranoid about gangs: they're
| embryonic states
| sneak wrote:
| Yeah, and then there are the ones who _aren 't_ in uniform.
| slim wrote:
| I voted you up because I thought you were talking about police
| informants
| [deleted]
| Cerium wrote:
| There are plenty of parasitic enterprises that are only non-
| criminal due to lobbyists.
| wheybags wrote:
| > Last week, security firm Emsisoft warned that this feature is
| often buggy and could lead to situations where the ransomware
| permanently destroys the victim's files. The Babuk Locker team
| responded a few days later in a hacking forum post that they
| fixed this bug.
|
| Basically "thanks for the report, should be fixed now". Such a
| normal workflow
| btown wrote:
| "We take any bug reports related to the integrity of our
| users' files very seriously."
| walrus01 wrote:
| "It's not a ransomware service, it's a free surprise off-site
| backup package!"
| jacquesm wrote:
| Most if not all ransomware is 'on site'.
| tiahura wrote:
| Anyone know the forum?
| nvr219 wrote:
| I thought hacker news was the forum! That's why it's called
| hacker right?
| [deleted]
| gentleman11 wrote:
| It's a business. This happens because people keep paying the
| hackers. If federal law prevented you from being able to give
| into blackmail demands like this, it would happen 90% less
| often
| jokethrowaway wrote:
| That's exactly why I don't want to work for the government.
|
| Sure, the pay may be good but you're stealing money from honest
| people.
| chasd00 wrote:
| > Sure, the pay may be good but you're stealing money from
| honest people.
|
| not really. I wouldn't work for a government because the pay
| actually sucks and everyone on the other side hates you on a
| deep and personal level.
| KittenInABox wrote:
| I don't know. A social worker processing disability claims
| from what I understand isn't being paid well and I don't
| think could be described as stealing anything, if anything
| they give more than they get.
| jokethrowaway wrote:
| Maybe not directly, but you're contributing to an entity
| which takes money from people forcefully, pay themselves
| and spend/redistributes the rest.
|
| The government violates the non aggression principle every
| day.
| baron_harkonnen wrote:
| Every B2C startup I have ever worked at has basically put a
| non-trivial component of their "product" efforts into finding
| some clever way to screw over customers and feel good about it
| at the same time. I've had YC startup teams describe fairly
| horrific ways of monetizing user data with a gleeful smile on
| their face ("It is really in the user's best interest!")
|
| I've listened to interviews with phone scammers before and
| basically their worldview is that they're ripping off some
| first-world asshole who would be just as happy to destroy the
| scammers own country if it could make the cost of consumer
| goods slightly lower.
|
| I suspect working for a ransomware company would at least mean
| you don't have to pretend the awful things you are doing are
| for the greater good, and I suspect also contains a bit of the
| phone scammer view that the people you are attacking are
| ultimately your enemy as well.
|
| It's far more surreal when I've had to check into work, plan
| all day how to rip-off or exploit users without losing them,
| and then be cheerful about what a great customer focused team
| we are.
| dmos62 wrote:
| > It's far more surreal when I've had to check into work,
| plan all day how to rip-off or exploit users without losing
| them, and then be cheerful about what a great customer
| focused team we are.
|
| That hits home.
|
| I remember an interview with a ransomware-as-a-service
| business owner. He was pretty upfront with having grown up in
| severe poverty and being empathically impaired. Somehow when
| a greedy person is honest about it it makes it better for me.
| I feel like I know what to expect of him. It's the self-
| labeled good people who think that means justify the ends
| that make my alarm bells ring.
| hellbannedguy wrote:
| A friend of mine has had mental issues. He called a
| Psychiatrist. The guy said he needed a referral from a
| Psychologist.
|
| My friend a few grand on pretty useless talk meetings, but
| got his referral.
|
| Gets his coveted time slot with the doctor. The doctor
| tells him today's fee is $450.00. Then $200 per month if I
| write a script.
|
| The guy knew he was short on funds. My friend paid, and
| walked away. I didn't give him advice other than thing will
| get better.
|
| (I look back on the biggest scammers, and most wore ties,
| and made their money legally.
| ok123456 wrote:
| Reminds me of a line from the Sopranos...
| jonny_eh wrote:
| It's how I justify eating meat: If the cow had a chance, it'd
| eat me!
| andrei_says_ wrote:
| I think you'll appreciate Dan Lyons' book Disrupted and the
| 2021 WeWork documentary.
| Clubber wrote:
| It's not just startups, we live in a scam economy. There's a
| few companies that make good stuff, but they are rare.
|
| Just an example, in 2017 I bought a fairly expensive, brand-
| new GM truck. It was manufactured in Mexico. I've bought GM
| stuff before but they were made in Texas. I'm sure it was a
| cost saving measure. I recently sold it after 4 years and 14k
| miles. Dead battery needed to be replaced, the transmission
| was hosed, and I took a bath on it. It's known as the "Chevy
| shake." There's a big class action suit that I believe was
| dismissed. We bailed them out in 2008 and they started making
| absolute dog shit. I'll never buy a GM truck again.
|
| Most home appliances are also garbage and will only last you
| 5 years or so, if that. My elderly mother is paying for 2
| ovens. The first one stopped working before it was even paid
| off. Her current one won't heat consistently and she
| constantly complains about it.
|
| The LG OLED TV I bought a few years ago has YouTube burned
| into the screen. I won't reward them with another purchase.
| My "commercial grade" grill's wheel rusted off after a couple
| of years because it wasn't treated and had cheap metal. I
| have the broken, detached wheel on the ground under it,
| sideways so the thing won't constantly rock back and forth.
|
| Planned obsolescence that almost killed many US industries 40
| years ago is back in full force and will have predictable
| results.
| JKCalhoun wrote:
| > I suspect working for a ransomware company would at least
| mean you don't have to pretend the awful things you are doing
| are for the greater good
|
| Exactly the kind of excusing I would expect from the
| Harkonnens.
| ddingus wrote:
| Lol, I get the reference, but missed the excuse in that.
| dog_boy wrote:
| > It's far more surreal when I've had to check into work,
| plan all day how to rip-off or exploit users without losing
| them, and then be cheerful about what a great customer
| focused team we are.
|
| I suspect this hits home for a ton of people and applies to
| many people who don't (or are unwilling?) to realize.
|
| I used to work for a company where their whole deal to make
| money was convince old people to enter their credit card and
| make them forget they ever entered it. Of course, I did not
| know this when I joined. I stayed for about 6 months I think.
| panlana wrote:
| "Of all tyrannies, a tyranny sincerely exercised for the good
| of its victims may be the most oppressive. It would be better
| to live under robber barons than under omnipotent moral
| busybodies. The robber baron's cruelty may sometimes sleep,
| his cupidity may at some point be satiated; but those who
| torment us for our own good will torment us without end for
| they do so with the approval of their own conscience."
|
| -- C. S. Lewis
| mcguire wrote:
| One suspects that the history of actual tyrannical robber
| barons might demonstrate some flaws in this argument.
| wernercd wrote:
| I also suspect that we don't need to look at history to
| see the backing proof. The SJW religion is very much what
| this quote is talking about and it's never been more
| relevant about the tyranny of the preachers of that
| religion as they mob anyone who disagrees.
|
| The point is that "actual" tyrannical robbers are bad -
| and there's no denying that... but so are those who are
| worse in the name of "good".
| sgift wrote:
| > The SJW religion > but so are those who are worse in
| the name of "good".
|
| And how exactly is the "sjw religion" worse in the name
| of good? I get it. You don't like people calling you out
| if you do shitty things. But that doesn't make it worse
| than robber barons. Or even in the same ballpark.
| wernercd wrote:
| "how is the sjw religion worse in the name of good" years
| of violent protests? Millions... billions?... of damage
| done? People killed?
|
| Or do you agree that peoples lives should be destroyed if
| they do something you disagree with? Mobs of people
| calling the friends, family, work places, etc of someone
| who dares do something you disagree with?
|
| I personally know someone who works in a rescue...
| someone got a bug in their butt that she did something
| "wrong". She's been hounded for weeks by The Righteous
| who have the Holy Word that she did "wrong" - no matter
| the nuances about what happened.
|
| You can ignore the violence, the mobs, the hounding and
| the overall shitty attitudes of the SJW Religous... but
| they are literally the modern day Crusaders who have The
| Holy Decree to destroy the Heathens.
|
| You want to know how SJWs are worse in the name of good?
| Open your eyes and look at all the "worse" done on a
| daily basis. I could list dozens or hundreds of publicly
| available examples but if you can't ALREADY see them
| without me pointing them out?
| omginternets wrote:
| We can agree that C.S. Lewis' quote is not a scientific
| theory, but that doesn't make it incorrect.
|
| For example, to the extent that the various Communist
| regimes fall under this descriptor, C.S. Lewis may have a
| point.
|
| Are you dismissing this out of some logical-positivist
| impulse, because you reject the idea that well-
| intentioned groups can behave tyrannically, or because
| you don't think anybody acts with good intentions?
| teachrdan wrote:
| I read the comment as saying that actual robber barons
| are worse than busy bodies.
|
| Take the oil and gas industry for example. They have
| known for 40+ years that they cause global climate change
| while disavowing it publicly and funding fake scientists
| and interest groups to spread FUD about it. I think the
| effects of global climate change will be at least an
| order of magnitude worse than well intentioned busy
| bodies. Climate change doesn't sleep.
|
| (You could easily say the same about the tobacco
| industry, advertising monopolies, social networking
| websites, etc.)
| [deleted]
| wernercd wrote:
| I'm not sure I follow your opinion on the quote... I
| don't see the oil/gas companies as "tyrannical" entities.
| Nor would I personally apply this to companies from
| tobacco to Google...
|
| "they have known about climate change" and those who know
| about it also have said we'll be dead in 1980... 1990...
| the seas will rise a dozen feet in 2000 and the snowcaps
| will be gone in 2010. If the "tyrannical" companies are
| wrong...
|
| https://nypost.com/2020/01/09/glacier-national-park-
| removes-...
|
| https://cei.org/blog/wrong-again-50-years-of-failed-eco-
| poca...
|
| If you want to go that route that Oil Companies are
| Robber Barons... that would make the GCC doomsayers the
| "good" guys who are as bad on the other end - and have no
| problem being as bad with their lies and happy about it
| because it matches their conscience.
|
| what does that say about the doomsayers? Exxon knew? When
| did the doomsayers know that their predictions were bunk?
| They are the "omnipotent moral busybodies" who have no
| care that all of their predictions are wrong and the
| damage - past, present and future - of their lies? Who
| cares because they are "Saving the Planet"...
| matheusmoreira wrote:
| > I've had YC startup teams describe fairly horrific ways of
| monetizing user data with a gleeful smile on their face
|
| Examples please.
| logshipper wrote:
| > basically their worldview is that they're ripping off some
| first-world asshole who would be just as happy to destroy the
| scammers own country if it could make the cost of consumer
| goods slightly lower.
|
| I happened to watch "The Battle of Algiers" last night and
| the scammers' sentiments reflect what the FLN commander Ben
| M'Hidi (insurgent/freedom-fighter depending on who you ask)
| had to say in response to questions about the civilian death
| toll:
|
| Journalist: M. Ben M'Hidi, don't you think it's a bit
| cowardly to use women's baskets and handbags to carry
| explosive devices that kill so many innocent people?
|
| Ben M'Hidi: And doesn't it seem to you even more cowardly to
| drop napalm bombs on defenseless villages, so that there are
| a thousand times more innocent victims? Of course, if we had
| your airplanes it would be a lot easier for us. Give us your
| bombers, and you can have our baskets.
|
| I must mention here that I am not taking any ideological
| sides, and firmly believe that killing of innocent civilians,
| by any party whatsoever is plain wrong.
|
| I suppose in any battle, ideological or otherwise, the actors
| involved come to justify their tactics as being in service of
| a greater, grander goal which also, at least in their minds,
| allows them to subvert responsibility and accountability.
| eloff wrote:
| One man's freedom fighter is another's terrorist.
|
| Even Hitler and Stalin thought they were the good guys.
|
| That doesn't mean one can't make moral judgments about
| which side is more or less evil, just that it's hard to be
| impartial., and in the end of the day, like in politics, it
| depends on what your values are.
| trhway wrote:
| >That doesn't mean one can't make moral judgments about
| which side is more or less evil, just that it's hard to
| be impartial
|
| one would think it would be easy - just compare counts of
| innocents killed by each side. Unfortunately that would
| frequently make a "good"(winning) side look like a bad
| side and so they force other and more complicated
| criteria like this:
|
| > it depends on what your values are.
| sgift wrote:
| > one would think it would be easy - just compare counts
| of innocents killed by each side.
|
| It would also be a very flawed measurement unless you
| count the innocents the "evildoers" _wanted_ to kill. The
| difference between what Hitler achieved (and that 's
| already horrible) and what he wanted to achieve is rather
| big.
| mcguire wrote:
| No one is the villein in their own story.
| thaumasiotes wrote:
| Autocorrect strikes again?
|
| _villain_ - antagonist; evildoer
|
| _villein_ - peasant ranking above a serf
| smogcutter wrote:
| Same root thought, funnily enough. Iirc the meaning of
| "villain" as evildoer actually grows out of the meaning
| of "relatively well off villager".
| hn_throwaway_99 wrote:
| TBH this seems like such a weirdly pessimistic take to me.
|
| I mean, on one hand, I fully understand that many startups
| begin by offering a free or very low cost service and then
| have to figure out how to monetize, but I don't really see
| that as "screwing over the user", I see that as ensuring the
| business is a going concern. Even as a user, when I see that
| a business is transitioning from "everything is free and
| great" stage to "now we need to make money stage", I either
| leave or decide it's worth it, but I'm not really mad about
| that.
|
| Furthermore, there are lots of startup services that I use,
| love and pay for, and I don't feel like I'm getting screwed
| over.
| figassis wrote:
| You're talking about the thinks you know as a customer.
| Things like selling your data or the other things they do
| with it are often not disclosed. Did Facebook tell you that
| it wanted to learn how to make you or your children
| addicted to it in order to monetize your engagement?
| walshemj wrote:
| They would be just as happy screwing their own people.
| sixothree wrote:
| Like the election interference. I keep imagining a small
| company of 50 employees punching in their time clock, grabbing
| coffee, then dedicating the rest of their day to ruining the
| elections of another country.
| midhhhthrow wrote:
| Keep in mind this happens from both sides
| Pfhreak wrote:
| Both sides? What do you mean 'both'? Presumably there are
| considerably more than two sides -- I'd expect that many
| countries are interfering in many other countries
| elections.
| shadowban_meme wrote:
| they should up their game with wars, sanctions, and coups
| just like the leader of the free world did/doing to every
| country on earth. _election interference_ oh sounds so
| serious.
| belatw wrote:
| I have a friend in Makedonya who wrote fake news articles im
| support of Donald Trump for two years. The best she could
| have made as a journalist was EUR350-EUR450 per month. This
| is a nation where the average salary is EUR250/month and
| senior software engineers make maybe EUR1000-EUR1500. MKD's
| biggest export is people because of their economy.
|
| Writing these articles she made EUR5000 per month. It was a
| life changing amount of money.
|
| Now she owns a 4-plex downtown and another 2 airbnb units.
| She has lifted her family into the middle-class thanks to
| this. Her employer profited millions; and they did no worse
| than the usa does to many other countries on a daily basis.
| dash2 wrote:
| I am afraid your friend is a professional liar. You seem to
| be trying to justify it with arguments that are hardly
| persuasive. (Seriously, it's fine because she got rich?) Be
| aware that while unashamedly bad guys can remain smart,
| people who want to keep their bad behaviour from themselves
| inevitably make themselves stupid by doing so.
| belatw wrote:
| Who should I believe: my best friend's fiancee whose
| house i stay at when I visit Skopje 8 times per year, and
| have known ror 6 years .. or some schmuck on a bulletin
| board?
|
| Considering America's fanatical believe in freedom of
| speech and meddling in the sovereignity of other nations
| we have zero ground to stand on in this situation.
| jfengel wrote:
| Honestly, I have a hard time even resenting your friend.
| Maybe she was especially good at her job, but most of what
| I saw from that industry was laughably bad. You'd have to
| be a complete moron to be taken in by it.
|
| That tens of millions were had more to do with the fact
| that we'd been doing it to ourselves for decades than with
| your friend's additions to it. Oh, certainly she made
| everything a tiny bit worse, but I don't have any anger to
| spare on top of the deep enmity I feel for the people who
| teed up the situation in which she worked.
|
| I have a sneaking suspicion that if your friend (and her
| coworkers) did something less despicable for a living it
| would not have made much difference. People right here
| carefully cultivated that environment of hatred and
| gullibility that your friend helped exploit. They're the
| real problems -- and they're still doing it.
| worik wrote:
| That is good news.
|
| From afar I loved the Donald! Wrecking the wreckers!!
|
| For the rest of the world he was a much better choice than
| HC. She would have been dropping bombs, and using murderous
| robots just as Obama did. Much rather the USA is rulled by
| a selfish clown than some one who cares to use the
| horrendous weapons the USA has so many of.
|
| Well done your friend!!
| [deleted]
| dmos62 wrote:
| What's weirder? A small 50 employee "hostile" company, or a
| big one with hundreds and hundreds of employees?
| grawprog wrote:
| So a CIA office?
| st_goliath wrote:
| I think this train of thought might be headed towards what
| Hannah Arendt described as the "banality of evil"[1].
|
| An average person with a mundane office job that happens to
| be for e.g. a certain government agency (to stay with the
| example), indirectly causing all kinds of mayhem elsewhere
| that is largely beyond their comprehension, simply because
| it's all neatly abstracted away from them.
|
| https://en.wikipedia.org/wiki/Banality_of_evil#The_Banality_.
| ..
| neatze wrote:
| At least on wallstreet, early on I noticed, sometimes
| people simply lose awareness (social interaction play's
| critical role) and end up doing illegal things, without
| knowing it, some end up in jail.
|
| I think if person ends up in amoral/illegal group,
| eventually he will end up doing amoral/illegal/unethical
| things, there is no guard except to avoid such groups
| proactively.
| NaturalPhallacy wrote:
| "If you want to do something evil, put it in something
| boring."
| ahelwer wrote:
| Oh yes, this is a rich area for writers. There's also the
| famous quote from _Gravity 's Rainbow_:
|
| "A million bureaucrats are diligently plotting death and
| some of them even know it."
|
| (please don't try to read that wretched book on the
| strength of this single quote)
| spoonjim wrote:
| Sure, look them up on LinkedIn at Purdue Pharmaceuticals,
| McKinsey, Goldman Sachs, Facebook, you'll find hundreds of
| thousands of them.
| Dolores12 wrote:
| They distinguish between humans and enterprises. They may not
| want to scam people, because it may ruin their karma, but there
| is nothing wrong to mess with companies, after all it's just a
| cost of doing business for them. And if you look even deeper we
| always had such parasitic criminal enterprises that use IP laws
| to ransom others.
| mensetmanusman wrote:
| I wonder when there is going to be a kinetic response to these
| types of ransoms.
| unexaminedlife wrote:
| Let's be honest. Until the government (federal, state, and local)
| gets deadly serious about cyber crime this will keep happening.
|
| There's so much waste in Washington D.C. for them to have no
| ability to do anything about this stuff makes me think there's
| way too much corruption in our government. Until that's rooted
| out and qualified people put into the important decision-making
| roles, may we simply hope things don't get too bad before they
| start getting better.
| sesuximo wrote:
| Does seem a bit nuts that they had a document sitting around
| containing informant identities. Seems like the kind of thing
| you'd never store in plain text (or not store at all!)
| CountDrewku wrote:
| Possibly breaks CJIS compliance depending on how it was stored
| and accessed.
| DyslexicAtheist wrote:
| off-topic // off-topic // off-topic
|
| therecord.media get's a lot of attention now on HN presumably
| because it's new and Catalin joined them.
|
| It's not a big deal, but I think it needs to be pointed out
| (especially to the audience outside the US) that they are CIA
| funded. They should be more transparent about this.
| vilkkala wrote:
| They seem extremely opaque about it.
| afrcnc wrote:
| https://techcrunch.com/2019/05/30/insight-partners-bags-thre...
|
| >> The deal essentially buys out earlier investors, which
| included GV (Google's venture arm), In-Q-Tel (the CIA's venture
| arm), IA Ventures, Balderton Capital, Mass Mutual Ventures and
| others -- and gives them a healthy return in the process.
| strictnein wrote:
| To clarify:
|
| Part of one of their rounds of funding included investment in
| 2010 by In-Q-Tel, the CIA's investment arm. They are one of
| numerous investors, which includes Google. They are not
| receiving ongoing funding.
|
| A private equity firm bought them two years ago for $780
| million.
| indeedmug wrote:
| So basically at some point they were funded in part by the
| CIAs fund as well as other tech companies. Now they aren't at
| all.
|
| Seems very misleading to claim they are CIA funded at this
| point.
| joe_the_user wrote:
| The reason that CIA contact at any point is significant is
| that, unlike an ordinary investment house, US intelligence
| agencies as a matter of course act to keep their activity
| secret. It stands to reason that this implies that any
| visible CIA involvement would indicate much invisible
| involvement by The Agency - and various ex-CIA agents
| who've gone public have basically confirmed this.
|
| So getting funding from the CIA really is different from
| other thing - possibly. But the situation of all this not
| being known and being officially concealed produces a lot
| of paradoxes.
| sillysaurusx wrote:
| Cool! Is there someplace you can apply for CIA funding? (I'm
| only partially joking.)
| DyslexicAtheist wrote:
| they're obviously a threat-intel company first. So create
| something that generates value (that receives the funding)
| and then set up a company blog that poses as a _" legitimate
| journalistic outfit without an agenda"_. Final step is to
| produce only quality content 98% of the time and the 2% of
| times when you should be critical to your own side turn a
| blind eye. Classic playbook for all propaganda operations
| (regardless if they're US/RU/CN/whatevs).
|
| the tragedy of all cyber reporting is that there can be no
| neutral party. the moment you need to call out your own camp
| you'll lose support/protection and legitimacy to exist (e.g.
| imagine Bellingcat being vocal of anything that happens
| within FVEY. Unthinkable!)
| nurgasemetey wrote:
| This. I stopped reading Bellingcat reports. I don't
| remember any huge Bellingcat report that is related with
| non-Russia.
| goatsi wrote:
| Sounds like an issue with what is being surfaced in your
| social/news bubble. If you go to their site you can
| certainly find deep dives into many other areas:
| https://www.bellingcat.com/news/2021/04/01/mahbere-dego-
| clue...
|
| https://www.bellingcat.com/news/africa/2017/02/20/trackin
| g-n...
| ricktdotorg wrote:
| wait, so what is the inference here with Bellingcat? that
| they are funded by CIA / gov.ru? and that they tell
| mostly the truth, but willfully withhold certain things
| detrimental to their financial masters?
| DyslexicAtheist wrote:
| no. what is insinuated is Bellingcat enjoy connections
| with GCHQ & MI6. Eliot Higgins is close to the British
| IC, gives talks at Atlantic Council and trades info with
| them.
|
| Bellingcat (despite the great work they do IMHO)
| certainly does not get Russian passport details simply by
| hacking or by asking some "corrupt" Russians working for
| the state for help. So you can probably trust most of
| what they say but not how they get their info or that
| they are simply a "hacktivist / citizen jorno" outfit
| (they'd be dead since long time if that would be all)
|
| At least until I've seen them uncover something as big as
| Skripal or the MH17 (within the FVEY) I wouldn't believe
| their claims of being "independent". Which will never
| happen because you don't bite the hand that feeds. Anyone
| playing in that league will not survive very long (quite
| literally) unless they get security benefits needed
| (which requires affiliation).
|
| There doesn't have to be a conspiracy. That protection
| comes at a cost of bias (it's not required when everyone
| around you and most importantly yourself believes you're
| part of the good guys).
| iudqnolq wrote:
| I too found the "corrupt officials" hard to believe, but
| there's a surprising amount of evidence for it. In
| general the Russian government has a surprisingly
| middling level of control over society compared to
| somewhere like China. Other Russian news orgs also buy
| personal data, try looking at Meduza for example.
| strictnein wrote:
| > imagine Bellingcat being vocal of anything that happens
| within FVEY
|
| Yes, imagine if they covered things in the US:
|
| https://www.bellingcat.com/tag/usa/
|
| Ex: "US Law Enforcement Are Deliberately Targeting
| Journalists During George Floyd Protests"
|
| https://www.bellingcat.com/news/americas/2020/05/31/us-
| law-e...
| DyslexicAtheist wrote:
| all of the reports are pretty tame in comparison with
| what they could uncover in war zones that involve the US.
| Taking a swing at US LEA is hardly something to write
| home about. Until they give me scoops at an equal
| magnitude say something that shows US black sites still
| in operation, or another Abu Ghraib or something about
| Gitmo? Nobody really cares about US racist cops - that's
| stuff that is anyway covered by WaPo & NYT.
|
| Give me something of the same magnitude that got exposed
| by Manning, Snowden or Assange and I will be happy to
| believe that they are "neutral". But oh wait - they'd be
| in exile or dead. So my point stands.
| strictnein wrote:
| Nah. Not interested in playing your game. You stated X, I
| showed X was incorrect. Now you're moving the goalposts,
| which was fully expected.
|
| One of the strongest messages the US sends abroad is that
| the 1st amendment is sacrosanct. Highlighting law
| enforcement violently suppressing that is extremely
| damaging to America's reputation.
| DyslexicAtheist wrote:
| I'm not playing any game. the goal post is not to compare
| apples with oranges. if the position is that Bellingcat
| (which markets itself as a citizen journalist type of
| outfit) is independent as they claim then they should be
| measured as such.
|
| Nobody is moving any goalposts. Your assertion that they
| are independent but also are unable to highlight crimes
| committed by the US then they are simply not independent.
|
| FWIW I'm not highlighting any side being bad or good but
| that the claim of independence needs to be viewed in
| relation to their alliances.
| voces wrote:
| As far as I can see: Bellingcat is laundromat for Mossad,
| after WikiLeaks became laundromat for Russian
| intelligence.
|
| They still are a citizen journalist type of outfit, they
| don't take direct funding from government orgs. But they
| _have_ to suspect some of their anonymous analysis
| contributors are working with a state agenda and
| resources.
|
| As a result, Bellingcat unlikely to go after Israelis in
| Gaza, but more likely to go after ISIS terrorists, Syria,
| Russia. WikiLeaks more likely to focus on US politics and
| NATO, than to look at Putin's finances or Russian banks.
|
| But then all of advanced journalism becomes murkey, as
| you can be independant, while only looking at what your
| anonymous sources give you. Is NYT or WP independant when
| it runs an article on national security by the CIA or DoD
| for censorship, and securing those future juicy leads?
| 1986 wrote:
| Here you go: https://www.iqt.org/company-submission/
| toomuchtodo wrote:
| Not OP, but very helpful, I appreciate it.
| [deleted]
| RosanaAnaDana wrote:
| grants.gov
| steve76 wrote:
| Our community is sadden to announce the tragic loss of a local
| computer hobbyist who tripped and fell in front of a municipal
| dump truck due to untied shoe laces. Contributing factors to the
| accident are believed to be a loss of focus from recent life
| stress including a failed rap career, repressed homosexuality,
| chronic tardiness, and talking back to elders.
|
| In unrelated news, we congratulate Sergeant Yang of the
| Benevolent Retirees Association Metro Police for winning the
| "face up, face down!" raffle. Also of merit is the National
| Penalty Battalion, who successful accomplished the release of a
| genetic bio-weapon targeting the financial profiteers of
| international narcotics trafficking. We ask for no money. Please
| simply change your ways. In response to your hardship and
| efforts, 100 billion dollars has been deposited to your accounts
| by the federal central bank at 0.0001% interest.
| m3kw9 wrote:
| Sure but why don't they go with subscription model because the
| gangs will always have a copy.
| Waterluvian wrote:
| When your data is encrypted and paying a ransom gets you the key,
| that makes sense.
|
| But when it's extortion, what is to stop from them instantly
| asking for another ransom?
| arecurrence wrote:
| because if the ransomer does not stick to the deal... then
| nobody will pay ransoms anymore. Their business model breaks at
| that point.
| Waterluvian wrote:
| I have a feeling a ransomer could get away with it many times
| before they saw any change in customer behaviour.
|
| It's a tragedy of the Commons thing I think?
| tartoran wrote:
| All this will stop when we start taking security seriously
| steelframe wrote:
| This is my new favorite meme.
| schaefer wrote:
| You're phrasing things in terms of a final solution.
|
| I think instead "taking security seriously" will just be an
| eternal arms race.
|
| One that we are already engaged in. And each person that gets
| extorted is rudely reminded that they are losing.
| why_Mr_Anderson wrote:
| I can imagine that sooner or later reply to threats like this
| would be a Tomahawk or two.
| intrasight wrote:
| Makes me angry and sad that this "virus" of ransomware is still
| so prevalent even thought there is a "vaccine" - in the form of
| standard cybersecurity practices. But I never hear about anyone
| getting fired over this, so I guess that it's just not a priority
| for lots of organizations.
| axaxs wrote:
| Agreed. It wouldn't surprise me at all if there were actuaries
| out there telling companies that it's cheaper to pay ransoms if
| and when they occur than to hire dedicated security. Which
| probably is true, at face value.
| intrasight wrote:
| I think the insurance industry could quickly put a stop to
| this by not insuring against incompetent cybersecurity.
| hilbert42 wrote:
| Certain critical information should never be stored as digital
| data, as we've seen repeatedly keeping it secure is essentially
| impossible. Like it or not, there's now overwhelming evidence to
| prove that statement true. We've seen far too many supposedly
| very secure sites broken into have any faith in keeping very
| sensitive data secure--the huge SolarWinds attack, the NSA break-
| in and the loss of British National Health records to name just a
| few at the tip of a huge iceberg.
|
| Now here's yet another instance, and we're seeing them at this
| high level almost every day. Tragically, this leak could have
| very serious consequences in that people are likely to be killed
| as the consequence:
|
| It's time we citizens demanded that such critical records be
| stored on paper files and in locked cabinets in secured buildings
| as they once were. Simply, we've no other option.
|
| Smart governments such as Russia have gone back to keeping
| critical documents on paper as they once did. In essence, no
| matter how hard one tries to secure digital data it's still dead
| easy for a determined adversary to access it--but it's much, much
| harder - in fact almost impossible - for the same adversary to
| break into a building and then into locked repositories and steal
| the same files in their paper form.
|
| Let's do some very basic sums to prove my point:
|
| 1. The amount of data stolen in this case is 250GB. _(This is an
| absolutely huge amount of data.)_
|
| 2. If we commit text to paper we get about 2K bytes per page (a
| long accepted round figure)
|
| 3. Therefore, a standard ream of paper, 500 pages, stores
| 1,000,000 bytes (1MB) of data.
|
| 4. 250GB is actually 250,000 megabytes
|
| 5. Now, a ream of paper weighs conservatively 2Kg (it's likely
| more). Thus, each 1MB in paper storage will weigh [?]2 kg
|
| 6. Extrapolating this out, we therefore need [?]500,000 kg ==>
| [?]500 tons of paper.
|
| 7. Thus, I'd strongly assert that whilst thieves (smart hackers)
| have amply demonstrated that they can easily steal 250GB of data
| from right under the noses of highly secured sites such as the
| NSA, Police etc, that it would be nigh on impossible for them to
| do so if the records were STILL stored in paper form, as they:
|
| (a) would have to breach the physical security of a guarded
| building and break in;
|
| (b) once inside, they'd then have to breach records security by
| breaking into secure records rooms thence secured filing
| cabinets; and,
|
| (c) then remove 500 tons of paper records, this would require a
| huge logistical operation involving much manpower and many, many
| trucks--and they'd have to do all this without being caught!
|
| The only way this could ever happen in practice would be for a
| country to be invaded by another (like the Nazis did in WWII).
|
| In short, digital security has long proved that it's nowhere near
| being ready for prime-time. QED!
| badkitty99 wrote:
| And we thought these gangs were our enemy
| 0xTJ wrote:
| You don't seem to understand what a police informant is. This
| is a bad thing.
| Pfhreak wrote:
| There's more than just informant data in the leak. Some would
| argue, for instance, that police disciplinary records being
| public is in the public good.
| badkitty99 wrote:
| Correct
| amelius wrote:
| This crime was made possible by Bitcoin(tm).
| [deleted]
| blululu wrote:
| Please correct me on this but from what I can gather ransomware
| is a direct consequence of cryptocurrency. US Federal law
| enforcement has quite a lot of control over traditional banking
| and trying to extort the amount of money from a public agency
| would traditionally call for Federal Intervention. If so it seems
| like there is a good case to be made for a direct fine placed on
| the ledger used for payment in order to compensate for the
| damages.
| snarf21 wrote:
| The outputs are easy to track. The issue you have is someone
| running an exchange over seas that won't co-operate. Also, as
| others have said, it isn't as if there were no online scams
| before 2015.
| bufferoverflow wrote:
| There are other ways of getting paid anonymously. The drone
| just landed on your lawn, place the diamonds in the pouch.
| csomar wrote:
| You can do the same with Western Union albeit it'll require
| several transactions. Crypto made it more practical.
| rfd4sgmk8u wrote:
| "Blame the Money".
|
| No, money will always be used for crime as long as money and
| crime exists. People invent new crimes, People invent new
| money. Crime is the problem, not the money.
|
| I would argue that money that can be used in this context is
| extremely valuable, as it is beyond the state. This is a very
| awful situation, and I feel for the victims, but the existence
| of cryptocurrency is not the problem, any more than
| cryptography is the problem wrt ransomware.
|
| Tech can be used in many forms. Use it properly. Find and bring
| those to justice that do not. Don't blame the tools.
| vesinisa wrote:
| Yet, very rarely do we hear about cryptocurrency being used
| for anything but speculation and crime. In fact, those are
| the only two proven usecases for cryptocurrency. Money you
| can at least use to buy stuff, so it has a marked positive
| impact on the society.
| smhenderson wrote:
| I live in the US and saw a BitCoin ATM in a gas station
| just the other day. I asked the cashier about it and
| apparently they take BC payments too.
|
| So, at least where I live, you can "buy stuff" with BC.
| scaladev wrote:
| You'll be waiting on that gas station for hours for the
| payment to go through.
| ryanlol wrote:
| Why would you need to wait for the transaction to
| confirm? That's not how bitcoin payments work.
| gruez wrote:
| Not really. Your wait depends on the attached transaction
| fee and current network conditions. If you cheap out,
| then yes you have to wait, but it's also entirely
| avoidable.
| Datagenerator wrote:
| The original Bitcoin continued as Bitcoin Cash. Very low
| transaction fees and always included in the next block.
| BCH ftw
| specialp wrote:
| Yes which now stands at $37 on average which is probably
| more than you what you bought at the gas station.
| Ethereum fees are very high too. There are other
| currencies that are better with this. But currently my
| credit card does this at a fee of ~3% instantly.
| darkerside wrote:
| Part of the problem is that the seller pays that, and not
| you
| arcticbull wrote:
| The average transaction cost is baked into sticker
| prices, so at the end of the day, it's the buyer who pays
| the transaction costs. It's like saying 'the merchant
| pays rent' - yes, in a way, but really no. The customers
| pay the rent for the merchant via mark-ups.
|
| However, there are a number of benefits; for one, average
| ticket size is about 20% higher for credit transactions
| vs cash (if I recall correctly) and merchants do not have
| to hold onto and manage piles of cash. This is a material
| cost savings.
|
| Further, of that 3%, about 0.1% goes to Visa, the rest
| goes to the issuing bank and covers the cost of rewards
| programs and loan origination. Generally speaking between
| 1 and 2% of that will be rebated to the buyer.
|
| For the remaining 0.9-1.9%, customers get benefits like
| insurance and the ability to issue chargebacks.
|
| In Europe, debit interchange is capped at 0.2% and credit
| at 0.3%, and they just don't have insurance or rewards.
|
| As it stands today if you wanted to transact in crypto,
| not only will you pay the $30 fee, you'll also be paying
| the mark-up for credit acceptance.
| CyberDildonics wrote:
| > As it stands today if you wanted to transact in crypto,
| not only will you pay the $30 fee,
|
| Only bitcoin and ethereum have fees in this range. Other
| cryptocurrencies do not.
|
| https://bitinfocharts.com/comparison/transactionfees-btc-
| eth...
| edoceo wrote:
| its "priced in"
| nanidin wrote:
| I'm curious where the $37 number comes from? I just did a
| quick search and came up with $13.64 for a "high
| priority" transaction (higher than normal fee to get
| included in a block sooner)[0]. It's still high, but not
| $37 high.
|
| [0] https://mempool.space/
| specialp wrote:
| I got that from here: https://ycharts.com/indicators/bitc
| oin_average_transaction_f...
|
| Of course the "average" might be more bytes than buying a
| pack of gum but the argument still holds that the
| transaction costs are prohibitive for general commerce.
| dvdkon wrote:
| That's because cryptocurrencies are typically much better
| than conventional currencies for speculation and crime.
| Some "coins" are also usable as standard payment methods,
| but they're either on-par with conventional banking or just
| slightly better, not enough to make them the preferred
| choice for mundane transactions. The stigma also doesn't
| help.
| flatline wrote:
| Speculation is a huge use case. Bitcoin will never be
| practical for day to day transactions but it may be for a
| settlement layer - certainly Ethereum is proving that out
| right now. A few minute settlement time is a huge advantage
| over what clearing houses offer. The immutability of the
| block chain somewhat less so, but if you introduce third
| party trust and can settle things off chain in case of a
| dispute, well, I for once do see a practical use of crypto
| beyond black market transactions and speculation.
| jokethrowaway wrote:
| Well, probably the settlement layer won't be BTC per se,
| but the incoming fork by the US government.
|
| When your economy revolves around an entity armed to the
| teeth you don't need consensus.
| random3 wrote:
| These are a bit random. The church has many perceptions
| similar to this one.
| Consultant32452 wrote:
| Deflationary currencies encourage savings. The more the
| deflation the more the savings. Inflationary currency
| encourages consumerism. The more the inflation the more
| rapid spending. Each have their pluses and minuses.
|
| The USD is an inflationary currency and Bitcoin is a
| deflationary currency. Right now Bitcoin is extremely
| deflationary and so there is extreme savings, but that is
| not sustainable indefinitely. Whether it becomes more
| popular to spend Bitcoin after the value levels out remains
| to be seen, but deflationary Bitcoin will always tend to
| encourage savings more than inflationary competitors like
| the USD.
| psychlops wrote:
| Not so fast, maybe he has a point. We should also fine the
| dollar in Bitcoin for all illegal transactions using the
| dollar as currency.
| 8note wrote:
| Crime is just a delineation about who's allowed to exploit
| people for money.
|
| It's the exploitation that's bad whether it takes the form of
| scams or profits
| pyronik19 wrote:
| Careful there, you're getting awfully close to describing
| the tax man.
| 8note wrote:
| In a lot of cases I would say that's true. US taxes
| largely go to funding unnecessary military ventures and
| preparedness, not actually helping the tax payers
| bun_at_work wrote:
| This is a hot take. How does violence fit into this model?
|
| If someone is killed in a crime of passion, where's the
| monetary exploitation?
| grumple wrote:
| We do hold banks accountable for money laundering.
|
| Just because they figured out a technologically advanced way
| to do it doesn't mean it becomes ok.
| albntomat0 wrote:
| Your argument ignores whether or not the technology makes the
| crime significantly more likely.
|
| Technology comes with negative externalities.
|
| The cryptocurrency world needs to accept that it does have
| negative externalities, and show that the benefits outweigh
| them, rather than pretending that they don't exist.
| kemonocode wrote:
| Sure, you could say the onus is on the people who use
| cryptocurrency for more than just crime or speculation to
| give proof about these uses, but for most detractors it'll
| never be enough, and for these users the benefits outweigh
| these negatives (or else they wouldn't be using crypto to
| begin with) so it's all an exercise in futility except
| maybe to convince any neutral bystanders one way or the
| other.
|
| If I say cash and banks get used by the vast majority of
| organized crime I'd be factually correct, but I'd also be
| accused of whataboutism. In a world without crypto I'd be
| seriously hampered by an unfair economic system, so to me
| personally the pros outweigh the cons, but it'd be
| anecdotal evidence. Hope you see what I'm trying to get at.
| albntomat0 wrote:
| I definitely understand what you're saying.
|
| Whether or not a technology's pros outweigh its cons is
| some appropriately weighted average across all the people
| that it affects. The person who gets hit by crypto-
| enabled ransomware likely feels differently from you.
|
| I also think there is some moral weight to particular
| benefits. Dealing with unfair economic systems is
| definitely a "better" benefit (for some definition of
| good) than those people whose benefits are currency
| speculation or ransomware.
| [deleted]
| celticninja wrote:
| By that reasoning computers make ransomware possible,
| cryptocurrency just makes it economically viable.
| [deleted]
| Pfhreak wrote:
| Yes? That's precisely the argument the parent poster was
| making -- technology (both computing and cryptocurrency
| and everything else) comes with both upsides and
| downsides.
|
| In the case of general purpose computing, the upsides are
| obvious and massive. Whereas it's much, much less clear
| that the upsides of cryptocurrencies outweigh their
| downsides.
| albntomat0 wrote:
| Yes, and it's pretty clear that computing as a whole
| comes with a huge amount of downsides (hacking, revenge
| porn, video game addiction, etc). It's also pretty clear
| that the overall benefits outweigh the downsides.
|
| I'm personally not convinced that the upsides of
| cryptocurrencies outweigh the downsides.
| suifbwish wrote:
| I was surprised it wasn't classified as some kind of
| counterfeiting scam tbh. When you mine crypto you are
| pretty much printing money. Sure yeah it takes proof of
| work/storage/stake ect but so does counterfeiting. The
| philosophical differences are kind of vague.
| thebean11 wrote:
| Crypto does not pretend to be dollars, so no it's not
| counterfeiting any more than the X foreign government
| printing Y non-USD currency is counterfeiting.
| yunesj wrote:
| Mining BTC is as much like counterfeiting USD as mining
| gold is like counterfeiting USD, which is to say, not
| alike at all.
| suifbwish wrote:
| Except gold exists as a material/commodity.
| Cryptocurrency was invented.
| chayleaf wrote:
| When thr government prints money, it isn't counterfeited.
| When you mine crypto, it isn't counterfeited, because
| everyone is crypto's "government"
| matheusmoreira wrote:
| > show that the benefits outweigh them
|
| Governments and banks can't touch your money or see what
| you're doing unless they get your keys. What other reasons
| do you need?
|
| We don't need anyone's permission or blessing either. We
| want our freedom back and society's gonna have to accept
| this. If that means more crime, energy consumption or
| whatever -- so be it.
| Thorentis wrote:
| What else does cryptocurrency currently enable to the same
| degree (or close to) as crime? Speculative investment? We
| have the stock market for that. Pyramid schemes? Got plenty
| of thost. Burning through tons of energy for nothing but
| economic gain? Plenty of that around already. Store of value?
| Precious metals say hello.
|
| Seriously, I can't think of a single positive use case of
| crypto currency. So while it _can_ be used for some things,
| it seems to me that the only concrete use case that is
| already happening, is crime.
| hn_throwaway_99 wrote:
| Ransomware literally would not be possible it today's world
| without cryptocurrency. I think that's plenty reason enough
| to blame crypto.
| dstick wrote:
| And I would argue that the need for crime is the problem. You
| seem to happily skip this step as if crime is a given. Take
| away the need for crime, solve the problem.
|
| The answer is to get rid of poverty and unequal
| opportunities.
|
| I'm not saying it's easy. But if you're dissecting a problem,
| at least present all the pieces.
| asdfasgasdgasdg wrote:
| > No, money will always be used for crime as long as money
| and crime exists.
|
| This seems to fly in the face of the facts. Namely, that
| ransomware was virtually impossible to conduct before digital
| currency, due to the traceability of electronic money, and
| all current ransomware uses cryptocurrency rather than any
| other form of payment.
| t-writescode wrote:
| Most scammers use prepaid gift cards, not cryptocurrency.
| jordansmith wrote:
| Ransomware used moneypak and other prepaid cards for years
| before switching to crypto.
|
| And there is literally no one to fine because no one owns the
| "ledger". That's the joy of a decentralized blockchain
| 8note wrote:
| You could imprison anyone that posts a ledger that includes
| that transaction.
|
| You need some intergovernmental agreements, but it's possible
| Pfhreak wrote:
| You could outlaw or regulate the mining and use of the coin
| in a country. It wouldn't be _easy_ to enforce, but you could
| certainly but the law on the record.
|
| You could increase taxes on cryptocurrency capital gains. Big
| exchanges would absolutely report those gains to the IRS and
| you could be on the hook for a bigger bill.
|
| It's not impossible to regulate this stuff. Yes, some folks
| will figure out ways around the regulations, but you'd catch
| most tech-unsavvy people just fine.
| dmos62 wrote:
| I think there are many problems with what you said, but if
| all that is just to catch the tech-unsavvy people, that
| excludes organized crime.
| Pfhreak wrote:
| I mean maybe, but tax evasion put Al Capone in Alcatraz.
| NullPrefix wrote:
| Laws don't target organized crime. Well organized crime
| influences the law so it would target regular people and
| politicians could say they are tough on crime.
| INTPenis wrote:
| Just look at the latest Mark Rober video on Youtube. Criminals
| can simply ask you to send the money cash in a box, hidden in
| books or other stuff.
|
| There will always be a way to get illegal cash, ransomware just
| became much simpler with cryptocurrency. Now that the trend is
| here to lock your systems for ransom I don't think they will go
| away with cryptocurrency.
| tnzm wrote:
| Who are you going to fine? Distributed ledgers are not owned by
| a central entity.
| PicassoCTs wrote:
| Well, you just wait for public good will to turn into active
| hatred, and then voted in on that hatred, you put the hammer
| down on all crypto forever.
| 8note wrote:
| Fine all of them?
|
| Sounds like a great benefit for the government
| anothernewdude wrote:
| Entities that are caught trading coins that have gone through
| wallets attached to ransomware. Target big exchanges.
| tartoran wrote:
| But those wallets will be a one time thing and next time a
| new walled would be used for this type of thing. How could
| exchanges know that?
| tnzm wrote:
| Bitcoin is not private. Wallets are ephemeral, however
| the coins themselves can be tracked.
|
| Monero, on the other hand...
| asdfasgasdgasdg wrote:
| Here's one possible recipe for fixing this issue:
|
| - Ban anonymous cryptocurrencies.
|
| - In pseudonymous cryptos, mark any address that has been
| the destination of a ransomware payment or demand as
| tainted. Any net positive transaction from a tainted
| source wallet marks the destination wallet as tainted.
| (I.e. you are obligated to return tainted monies to
| tainted wallets if they send money to you.)
|
| - Exchanges are forbidden to deal with tainted wallets,
| or with any exchange that deals with tainted wallets.
|
| While you're at it, I guess you could mark any wallet
| funded at an exchange that doesn't KYC as tainted as
| well, to limit the use of crypto for money laundering.
|
| I'm guessing we're going to figure a lot of this stuff
| out in the next 10-20 years, if the crypto craze doesn't
| die off naturally during that timeframe.
| mtgx wrote:
| "Just target the big cartels".
|
| How has that worked out for the war on drugs so far?
|
| In the real world the solutions will never be this easy or
| perfect.
| hanklazard wrote:
| There are mechanisms to obfuscate using Bitcoin laundering
| services or with zksnarks-based transactions
| (https://zk.money). As much as it would be great to be able
| to track these funds, I think it will be increasingly
| impossible.
| amluto wrote:
| Ban the exchange of laundered bitcoins and other coins,
| too. If laundering you non-banned coins gets them banned,
| your incentive to do so goes way down.
| vmception wrote:
| A) Use already clean money in one address to buy a token
| on uniswap (or any AMM)
|
| B) Use your laundered dirty money in other addresses to
| pump the token on uniswap (or any AMM)
|
| C) Sell the token from address in A) back into the
| Uniswap liquidity pool at a massive profit, enjoy the
| profits and reintegrated money. You look like any trader.
|
| D) Bag hold the token in the address from B) and never
| think about it again and never worry about trying to cash
| that out. In addition that address can add to the
| liquidity pool and provide a service to all other traders
| indefinitely.
|
| E) Laugh at people that are still imagining how difficult
| it is to launder money on public ledgers. Blockchain
| detectives on their wild goose chase looking at the wrong
| addresses.
|
| Do this all over time, and not immediately pumping a
| token with the laundered money.
|
| Sure, I'll probably get more scrutiny after writing this
| but you won't. I really hate chilled speech and people
| having dumb ideas because the should-be-obvious reality
| is never talked about. The point is that the trader
| behavior is indistinguishable from others, and there are
| no financial intermediaries on permissionless AMMs to
| flag anything.
| amluto wrote:
| This isn't that different from regular (non-blockchain)
| money laundering. You can pick your favorite illiquid
| penny stock, pump it up to 10 cents, and arrange to pick
| up the profit on the other end. You'll be up against
| various people betting against you and, if you use
| Uniswap between reasonably liquid tokens, you'll also be
| up against arbitrageurs. With Ethereum you can, in
| principle, arrange to atomically pump a liquidity pool
| and take the profit, but doing so makes it really obvious
| what's going on. And, with Ethereum, all the creative
| sleuths can see what's going on and can analyze the data
| and find you.
|
| (This style of intentionally introducing a pricing error
| and arbitraging it yourself happens for real and is not
| always particularly profitable. You can read about the
| foreign exchange fixing antitrust shenanigans. Some
| traders thought they were being very clever, and,
| according to Matt Levine, made relatively small amounts
| of money and ended up getting seriously smacked down. The
| feds and the courts may be slow, but they're not dumb.)
|
| This all seems very abstract, but, when you try to spend
| what you think were carefully laundered ransomware gains
| on a nice beach in France or Florida and Interpol or the
| FBI arrests you, the resulting trial and prison time will
| be considerably less abstract. :)
| Hermel wrote:
| In practice, it is very hard to get away with the ransom due to
| the public nature of blockchain-based transaction.
|
| For example, the author of the wannacry failed at layering and
| exchanging his Bitcoins into fiat.
|
| Source: https://www.fatf-
| gafi.org/publications/virtualassets/documen...
| strictnein wrote:
| Wannacry was (very likely) created by Lazarus Group, which is
| one of DPRK's hacking groups.
| mimikatz wrote:
| In reality it isn't or all these ransomware attacks wouldn't
| demand payment in bitcoin.
| dmos62 wrote:
| Why stop there? Cryptocurrency is a direct consequence of
| cryptography.
| ceilingcorner wrote:
| Expand your definition of ransomware to include state actors
| and you'll quickly see that the dollar itself, being a global
| reserve currency controlled by a single government, is used for
| all sorts of ransom demands.
| seany wrote:
| "Just add more authoritarianism" I'll pass, thanks.
| greggturkington wrote:
| Prepaid cash services enabled ransomware before they were
| asking for cryptocurrency
| ddtaylor wrote:
| Any fungible good can be used this way, like regular cash,
| which is what's used for the vast majority of crime.
| nautilus12 wrote:
| But there is a certain amount of law enforcement
| involvement with cash too. Fighting forged bills, tracing
| bills by serial number, etc.
| NullPrefix wrote:
| Tracing serial numbers on Bitcoin is way easier
| TheCoelacanth wrote:
| Also things that can easily be sold off for close to face
| value, like iTunes gift-cards.
|
| I think the IRS scammers still usually ask for something like
| that instead of cryptocurrency, because cryptocurrency is a
| bit too hard for their marks to figure out.
| tkinom wrote:
| https://darknetdiaries.com/episode/ podcast #70 is a very
| good story on how someone use the prepaid cash on the dark
| side.
|
| All other stories on that podcast list are very interesting.
| mjevans wrote:
| They should assume it's all compromised and has all _already_
| been shared with their worst enemies, and everyone else.
|
| Undercover agents should be extracted or wrap up things where
| they are under the assumption of being exposed.
|
| Informants should be notified, and possibly given witness
| protection (by a more competent agency) if they are at risk.
|
| Training and re-training for everyone involved on proper digital
| hygiene. Also get qualified staff and create a process that
| avoids compressible elements where possible. E.G. Text files are
| so much nicer for security, automation, and long term archive.
| tyingq wrote:
| I'm guessing that screenshot of a "Disciplinary Records" folder
| is causing some anxiety.
| EMM_386 wrote:
| There are battles in various states regarding making these
| records public. In some states they are already public.
|
| https://project.wnyc.org/disciplinary-records/
| tyingq wrote:
| Washington DC shows as "CONFIDENTIAL" in your link :)
| _throwawayaway wrote:
| they must have enough confiscated bitcoin to pay any ransom
| pretext wrote:
| It's not a ransomware gang but a blackmail one.
| weltensturm wrote:
| It looks like they switched from .doc to .docx in January, I
| wonder if the old format was the attack vector
| annoyingnoob wrote:
| .doc can contain macros that do bad things
|
| .docx cannot contain macros
| londons_explore wrote:
| I don't think thats true...
| jaywalk wrote:
| It is true. .docx files cannot contain macros, but .docm
| files can. The same x/m convention applies to all of the
| other Office file formats as well.
| BTCOG wrote:
| I support this. Criminals ransoming criminals. Please keep this
| up and hit the corporate pricks next.
| boomboomsubban wrote:
| "Rap Feuds" 7.6 GB
|
| "Hate Crimes" 525 KB
|
| Though exposing police informants could lead to their death and
| obviously shouldn't happen, I'm fairly curious why they're
| tracking the "MOST VIOLENT PERSON MVP."
| ThrowItAway2Day wrote:
| On a serious note, I would expect that street beefs (especially
| ones that spill over to rap diss tracks) are responsible for
| the largest percentage of urban homicides.
| boomboomsubban wrote:
| They have a section for street gangs, Latino gangs, gang
| conflict, and a daily gang report. All combined are smaller
| than rap feuds.
| [deleted]
| londons_explore wrote:
| I assume in "Rap Feuds" there are many hours of rap videos as
| evidence...
| boomboomsubban wrote:
| If those folders are containing evidence, they are possibly
| criminally unorganized and you would still expect "hate
| crimes" to contain a comparable amount of video. Not KB to GB
| difference.
| not1ofU wrote:
| Somebodies secret torrent folder :-D
| whimsicalism wrote:
| Glad I'm not the only one who noticed how big the "Rap Feuds"
| folder is!
| slim wrote:
| It is strange that they keep files on police informants. In my
| country it certainly does not work this way. Every police officer
| has his own informants and nobody knows who they are apart from
| him.
| alsetmusic wrote:
| I'm surprised that top-level comments aren't interested in the
| escalation of ransomware threats. From holding data of
| individuals hostage under threat of erasure to corp targets to
| threatening human life at hospitals and now directly dangling a
| threat of violence against police informants.
|
| This is easily the most vicious threat that I've seen.
| 8note wrote:
| It's the police who are really dangling the threat of violence.
| If we're not ok with those threats becoming public, we should
| not have police make those threats
___________________________________________________________________
(page generated 2021-04-27 23:02 UTC)