[HN Gopher] DarkSide ransomware gang quits after servers, Bitcoi...
___________________________________________________________________
DarkSide ransomware gang quits after servers, Bitcoin stash seized
Author : feross
Score : 551 points
Date : 2021-05-14 15:47 UTC (7 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| notjes wrote:
| Nice story bro.
| [deleted]
| dqpb wrote:
| Going after oil companies strikes me as no different than going
| after the mafia. It's the kind of thing you do if you want to end
| up with your head in a box.
| paulpauper wrote:
| It would be ironic if they were victims of someone else's
| ransomware
| [deleted]
| [deleted]
| ggggtez wrote:
| I think this roughly answers a question that I've been wondering
| about: Why don't cyber criminals hack into the energy grid,
| water, or other utilities? Surely their cyber security is
| outdated right?
|
| Well, their cyber security may not be the most advanced, but
| _traditional_ security (i.e. military strength) likely dissuades
| criminals from choosing those targets that are likely to put them
| on the short list.
| Verdex wrote:
| For some reason, this comment immediately made me think of an
| alternate history where ransomware groups hack infrastructure
| and then improve and monitor their security for them.
|
| "Look guys, yeah, it's really easy to hack the power plants
| that supply electricity to the white house, but then we'll all
| have military ninjas showing up in our bedrooms at 3 in the
| morning. So if you try that little stunt again, then we're
| going to get our own ninjas to give you a visit. Go hack a
| cereal company or something."
| aerostable_slug wrote:
| I think DarkSide addressed this. They don't want to be viewed
| as a threat to society. They are thieves, they go after soft
| targets with deep pockets and ideally insurance, and they don't
| want to have the public or nation-states interested in them.
|
| The game changed when the valves to the pipeline were closed as
| a precaution. They just went from thief to threat.
| plank_time wrote:
| Either the founder stole the money himself, or the NSA showed the
| world just how powerful they are when they flex. If it's the
| latter, I'm really impressed by their skills.
| manquer wrote:
| The guys developing the ransomware are not necessarily the guys
| behind this group. Even if the developers were in-house, they
| may not be managing the money. So hack may be not be as
| difficult as we might think.
|
| It is kind of ironic actually, the ransomware targeted billing
| systems of colonial, however they didn't really secure their
| own money.
| KONAir wrote:
| I still can't wrap my head around how can such a critical
| infrastructre is not air gapped. This is just so... basic. You
| will never be secure enough, this is not what internet is for.
| TameAntelope wrote:
| It probably is, their billing systems aren't though.
|
| I believe they shut down the pipeline because they were unable
| to bill.
| inputError wrote:
| ive supported some major oil drilling companies in the midwest
| and they are the biggest cheapskates I have ever dealt with,
| and that's including credit unions.
| ASalazarMX wrote:
| Once I had the fortune of seeing the three cups and a ball scam
| live, on the street. One guy does the trick, another encourages
| the victim, and a third one watches the crowd disguised as a
| random onlooker. If something makes the onlooker nervous, he will
| signal the others and they will grab their things and disappear
| in less seconds than your hand has fingers.
|
| This sudden quit seems similar, specially with the withdrawal of
| funds to an "unknown address", as if they closed shop and
| disappeared.
| mathgenius wrote:
| How does the scam work ? You got me curious...
| damontal wrote:
| Ball gets placed under one of three cups. Cups get mixed
| around and people guess where the ball is for money. The ball
| isn't under any of them though. The scammer palmed it.
| ASalazarMX wrote:
| Each round is double or nothing. The victim wins the first
| few rounds, but he starts losing after the scammer starts
| hiding the ball instead of putting it under a cup. The
| victim keeps doubling on, thinking they will eventually
| win, but it never happens.
| jmkni wrote:
| I guess people let their guards down when the _plant_ in
| the audience gets it right and win some money, they pay
| less attention to the scammer 's sleight of hand.
| [deleted]
| treme wrote:
| https://www.youtube.com/watch?v=hGAfimeeCD8
| ggggtez wrote:
| Aka "three card monte". People get tricked because they don't
| realize it's a team of people, not just one.
|
| And if you notice the trick? Well, they out number you. You
| probably won't win in a fight either.
| icecap12 wrote:
| Feels like a nation-state response. US Cyber Command? Either way,
| a chilling warning to organized hacking groups.
| bdamm wrote:
| Frankly I hope it is.
| throwaway6734 wrote:
| hopefully this isn't the last of it.
|
| These people need to be found and imprisoned
| nxc18 wrote:
| Imprisonment seems generous. Perhaps a very small prison 6'
| down would be more suitable.
|
| I'm mildly surprised they survived this long
| jtbayly wrote:
| Feels like an inside job. "Oops. We lost all the money of our
| affiliates. Our money is gone too. No we didn't take it."
|
| Sure you didn't.
| [deleted]
| ggggtez wrote:
| That doesn't make a lot of sense. If they thought that they
| could take a golden exit, they wouldn't be continuing to
| setup the business again under new rules to avoid government
| scrutiny.
|
| They'd just take the money and disappear. The fact that they
| are continuing means that they want to continue the business.
|
| And if they are doing that, then why would they suddenly
| break all existing contracts? Surely that would ruin a lot of
| their reputation, and hurt their ability to get clients. Can
| you imagine what kind of amazing free PR they would be
| getting if they continued the attack? Surely other criminals
| would be amazed at their ability to resist counter hacks.
| That would mean more clients and more money.
|
| No, no. While I'm sure there is theft in the ransomware
| world, I don't think you make this kind of play from a
| position of strength.
| qaq wrote:
| 100%
| hnnnnnnng wrote:
| Yes. I doubt any other organization has the capabilities to
| break Tor anonymity. They don't want to reveal their hand so
| you will only see their tools used in extreme circumstances. At
| most we will get some official parallel construction nonsense.
| SpinsInCircles wrote:
| It's easy to quit went your a bunch of cunts and find our that
| you have poked the big dog and now are scared, fuck them, and
| anyone like them. As I said earlier insurers should put a bounty
| on these pricks, lets put an open bounty on them and theirs.
| keymone wrote:
| This is good for Bitcoin.
| slt2021 wrote:
| dont mess with american oil, period. never ever
| billytetrud wrote:
| The way the article talks about these cybercrime gangs makes them
| sound like a benevolent government or non profit. They're putting
| up restrictions? Gang representatives are talking to the press?
| What kind of world is this?
| adventured wrote:
| The idea is to narrow who's going to chase after you, based on
| how you're perceived in terms of being a threat.
|
| They want a certain type of police/authority chasing them for
| financial crimes, not special forces cutting their throats in
| the middle of the night because they're perceived to be
| terrorists attacking a superpower's critical infrastructure and
| trying to harm large numbers of people.
| null_object wrote:
| So taking down hospitals and healthcare facilities was fair game.
| But messing with Big Oil was just a step too far.
| [deleted]
| sriram_sun wrote:
| Oil shortages and long lines make for good/bad TV. Fear of bad
| media coverage energized the Govt. to act.
| rattray wrote:
| Perhaps part of the difference was that it took longer for
| the victim to pay this time. Presumably Hospitals cave before
| the impacts make the headlines.
| lostlogin wrote:
| I've got colleagues who have had radiology hardware that
| got locked - CT scanners specifically. The NHS paid and
| they were back to work in a couple of hours.
| PeterisP wrote:
| I'd guess that it's entirely the other way around - govt
| wanted to act, so they drummed up the bad media coverage to
| justify removing any restrictions they had to (re)act
| quickly, instead of through the usual law enforcement process
| which takes months or years.
| dboreham wrote:
| The pipeline thing was just a pretext to open the can of
| whupass. It could have been an electrical grid, chemical plant,
| whatever. The hospitals the the past few months would have been
| the catalyst for the dept. of whatever TLA that pulled off this
| operation. It takes a while to get authorization, staff up the
| team etc.
| unethical_ban wrote:
| It's an interesting point. I think there is a big difference
| between hitting decentralized targets and disabling fuel
| transport for the entire east coast, BUT
|
| if it was this possible before, why wait until now?
|
| Or, if it isn't true - perhaps they're deflecting attention.
| balls187 wrote:
| That shouldn't be a much of a surprise; the US has always
| aligned itself with protecting it's oil supply.
| ctdonath wrote:
| Crude insult. Akin to criticizing someone for "aligning with
| protecting his oxygen supply".
| WarOnPrivacy wrote:
| Cage match. Me with no gas vs. you with no oxygen
| ctdonath wrote:
| Sure. You with oxygen, me with gas ... and the striker
| omnipresent on my keychain. You're goin' down in flames.
|
| :-)
| elevaet wrote:
| I believe you mean a Light Sweet Crude insult.
| telmo wrote:
| > Crude insult.
|
| Kudos if that was a deliberate joke.
| Edman274 wrote:
| Everyone freaks out about oil. Japan attacked the United
| States in World War 2 because the United States stopped
| exporting oil to Japan. It was the primary motivator behind
| Pearl Harbor.
| dwheeler wrote:
| Every country protects its food, water, and energy supply.
| Exceptions stop being countries.
| russellbeattie wrote:
| Why are you being down voted? Every major war and
| international crisis in my lifetime has been directly or
| indirectly related to US prioritizing oil above pretty much
| all else. From the Iranian revolution to the Gulf wars, to
| the terrorism our involvement in the middle east has caused,
| to the climate crisis and our lack of efforts to reduce
| consumption.
|
| Whoever called this an insult isn't paying attention.
| [deleted]
| AtlasBarfed wrote:
| This just seems like the group is just closing the storefront and
| will spin up another at some other point. Almost like it's a show
| seizure of drugs to show "something was done" but really nothing
| was done.
|
| How do you "seize" bitcoin?
| g_p wrote:
| > The REvil representative said its program was introducing new
| restrictions on the kinds of organizations that affiliates could
| hold for ransom, and that henceforth it would be forbidden to
| attack those in the "social sector" (defined as healthcare and
| educational institutions) and organizations in the "gov-sector"
| (state) of any country. Affiliates also will be required to get
| approval before infecting victims.
|
| Statements like this seem to point to ransomware activities being
| far more coordinated and "business-like" than they often get
| credit for.
|
| I do wonder if ransomware is (in a strange way) a(n illegal)
| free-market response to what is perceived to be an under-
| valuation of tech skills - aggrieved people who can carry out
| attacks and gain access to deploy ransomware are likely to be
| able to earn more through this route, even factoring in their
| "risk of being caught".
|
| If a market correction occurs (ransomware becomes a real fear,
| organisations rapidly start to value security skills more and pay
| "megabucks" for the skills and hire them at-scale), the
| risk/reward of being caught starts to mean access brokers reduce
| in number, and the compensation reaches a free market equilibrium
| (accounting for the "getting caught" risk of criminal activity).
|
| A lot of the time I still see people trying to hire entry-level
| people into live/ operational security roles, without the
| experience they'd need. I wonder if this is partly due to a
| desire to cut costs, rather than accept the need to pay rock-star
| compensation?
| nyghtly wrote:
| I think you're on to something in the context of globalization.
| There are many incredibly talented tech workers globally who
| can't get paid what they're worth because they lack access to
| employment with the wealthiest employers (because of strict
| border policies and the lack of visa sponsorship). If they had
| the freedom to migrate, then they might choose to seek
| employment in another country with a supply shortage, rather
| than enter the black market.
| JackFr wrote:
| > I do wonder if ransomware is (in a strange way) a(n illegal)
| free-market response to what is perceived to be an under-
| valuation of tech skills - aggrieved people who can carry out
| attacks and gain access to deploy ransomware are likely to be
| able to earn more through this route, even factoring in their
| "risk of being caught".
|
| Sure. In the same way the mugging people is a response to
| undervaluing "beating the crap out of people and taking their
| money" skills.
| at-fates-hands wrote:
| Its been said before:
|
| "When the system fails you, you create your own system."
|
| Which relates to what you're saying. When clever, intelligent
| people are ostracized and marginalized, they then use those
| skills to get illegally what society has prevented them from
| getting legally.
|
| At some point, the idea of getting caught doesn't even
| register anymore.
| JKCalhoun wrote:
| Were these people ostracized and marginalized?
|
| If we just paid engineers more would this type of crime
| disappear?
|
| Or is greed, ego, arrogance also a part of their actions?
| at-fates-hands wrote:
| >> Were these people ostracized and marginalized?
|
| We probably will never know. A lot of hackers turn to
| hacking because of various reasons - some ideological,
| others because they felt they didn't fit in anywhere
| else.
|
| >> If we just paid engineers more would this type of
| crime disappear?
|
| Probably not. You cannot get rid of one type of crime by
| simply paying people NOT to do it. It is what is - at no
| time in human history has any civilization had zero
| crime. That's regardless of punishments and financial
| incentives.
|
| >> Or is greed, ego, arrogance also a part of their
| actions?
|
| I think its different things at different times. When I
| was hacking, it was arrogance, thinking I was smarter
| than others and trying to prove it. That leads to
| thinking you are beyond law enforcement when you get away
| with it (ego). If you're into it solely for financial
| gain, then the other two feed your greed. Get one nice
| payout for your ransomware and now you think its easy to
| do and you'll never be caught - increasing your greed to
| get more.
|
| They all kind of play into each other:
|
| arrogance: "I'll never get caught."
|
| ego: "They'll never catch me, my ops sec is too good for
| law enforcement."
|
| greed: "This was too easy, next time I'll target a bigger
| company for a bigger payout."
| cjblomqvist wrote:
| That's not really reasonable - what about replacing hacking
| with murder? It's illegal for a reason - and not because it's
| too costly to do.
| johncessna wrote:
| I was thinking replacing hacker with scammer. After all,
| Scammers scamming old folks are just showing a gap in online
| education and regulations.
|
| Ransomware gangs aren't the vigilante heroes/embodiment of
| the undervalued IT security worker. They're a group of people
| looking to make a quick buck and don't give a damn about the
| harm they cause or who they cause it to.
| johncessna wrote:
| > "We are apolitical, we do not participate in geopolitics, do
| not need to tie us with a defined government and look for other
| our motives [sic]," reads an update to the DarkSide Leaks blog.
| "Our goal is to make money, and not creating problems for
| society. From today we introduce moderation and check each
| company that our partners want to encrypt to avoid social
| consequences in the future."[1]
|
| [1] https://krebsonsecurity.com/2021/05/a-closer-look-at-the-
| dar...
|
| Yeah, just dirtbags making money.
| at-fates-hands wrote:
| Sounds like they're about to get rolled up by law enforcement
| as well. As someone who's had the full force of a three
| letter agency come down on me, this is not something you want
| to deal with on any level. I was lucky. I was young and dumb
| and got a slap on the wrist.
|
| Times have changed and when govt agencies see this as an
| attack on critical infrastructure, you're looking at some
| serious jail time. I would say its only a matter of time
| until they're tracked down. When you're being hunted like
| that, the govt works 24/7 and never stops. People on the run
| don't have that luxury.
| johncessna wrote:
| Thanks for sharing your experience. Not to dig too deep
| into details, but what would you say your primary
| motivation was in your 'young and dumb' days? Were you
| curious about it, was it a statement, was there an allure?
| at-fates-hands wrote:
| For me it was about making a statement.
|
| I had gotten into an argument with a professor on a
| discussion board. He used derogatory terms to refer to
| me, which pissed me off. I sent him a virus that was
| supposed to just damage files and delete some random
| files. It turns out it propagated onto their main network
| and crashed the entire universities network.
|
| Suddenly, you feel untouchable (even though the virus had
| gotten out of control, which I didn't mean it to do). You
| feel like you can do anything and are beyond the reach of
| law enforcement. I'd never done anything like that and
| you felt really powerful, in control. You now had this
| idea if someone slights you, you have something to shut
| them down and they can't reach you.
|
| Then the feds show up in your class, bring you to a
| windowless room on campus you didn't even know existed
| and start threatening you with jail time while they
| question you. This happened in the late 90's and the CFAA
| was still really new and DA's really didn't know how to
| apply it. I was pretty lucky for sure. The stuff they
| were threatening me with was like interference with
| interstate commerce, identity theft, stuff like that.
| They gave me the old, "You have a bright future kid,
| don't fuck it up." speech at the end. That was enough to
| scare me straight so to speak. I lost my campus network
| access for a year, which sucked, but the whole experience
| was enough for me to stop doing what I was doing.
|
| It was just in time too, because you saw during the early
| aughts, the feds really started going after hackers. They
| started using the broad powers of the CFAA to put some
| really high profile people in jail with some pretty hefty
| prison times. To this day, I still look back and feel
| like I dodged a bullet there.
| shortstuffsushi wrote:
| > It turns out it propagated onto their main network
|
| > the virus had gotten out of control, which I didn't
| mean it to do
|
| This isn't just a whoops, how do you "accidentally"
| create a virus that leaves the boundaries of the computer
| and traverses their network?
| maxvu wrote:
| Already-mounted SMB?
| at-fates-hands wrote:
| A stupid mistake a script kiddie makes when playing with
| malware you're not familiar with.
|
| I copied an existing virus someone had given me. The last
| part of the virus was to multiply and seek out any other
| computers attached to the network and delete and damage
| the files on those computers as well. I didn't know that.
| When it damaged the professors PC, he was using it on his
| home network, so he said there was only one PC it
| infected.
|
| When he got back to campus, he sent the email to the
| network team (a group of students and professors) and
| they tried testing it out on a group of PC's. They
| thought the PC's were sandboxed. Turns out they weren't.
| The next 24 hours the virus rampaged and pillaged PC's
| attached all over the network. I'm still not sure how it
| eventually crashed the network. All the people involved
| refused to tell me exactly how it crashed their network -
| they said they didn't want me encouraging others to do
| it, so I was never told the full story.
|
| To this day, I'm still not sure what happened, but it had
| to be bad enough to call in the Feds, right?
| NaturalPhallacy wrote:
| Off the top of my head: Mounted network drives
|
| Save the malware there, then anybody on the network with
| access can run it.
| Miner49er wrote:
| This is better then most rich businessman, actually. Many
| don't care if they create problems for society, if it means
| more money for them.
| colechristensen wrote:
| They are, of course, lying. They don't want the extra
| attention that comes from attacking public infrastructure
| or affecting large numbers of people.
|
| Nobody cares if you sabotage a random small business. Lots
| of people care when you attack a fuel pipeline. Attention
| is bad for this business.
| throwawayboise wrote:
| > ransomware activities being far more coordinated and
| "business-like" than they often get credit for.
|
| This is the "organized" in organized crime. It's not lone bored
| teenagers doing this stuff.
| nemothekid wrote:
| > _I do wonder if ransomware is (in a strange way) a(n illegal)
| free-market response to what is perceived to be an under-
| valuation of tech skills - aggrieved people who can carry out
| attacks and gain access to deploy ransomware are likely to be
| able to earn more through this route, even factoring in their
| "risk of being caught"._
|
| Almost all crime syndicates work this way. There is a balancing
| point where the crime you do does enough damage to make you
| money, but not so much money that the government dedicates
| elites to come knocking on your door. What DarkSide did was
| veer too far in the wrong direction.
| arrosenberg wrote:
| > Statements like this seem to point to ransomware activities
| being far more coordinated and "business-like" than they often
| get credit for.
|
| It's just digital Privateering - Francis Drake with a laptop.
|
| > If a market correction occurs...
|
| The English solved it by expanding their Navy and enlisting
| those who would otherwise pirate. Seems like as good a solution
| as any here.
| yebyen wrote:
| When I heard that this pipeline company started advertising a
| job opening for CyberSecurity Advisor in the last few days, and
| heard today the ransom of about $5 million was paid, my first
| reaction was to say "I bet the salary for that position is a
| lot less than $5 million, and I bet the budget for that
| department will be less, too..."
| g_p wrote:
| I think you're spot-on here - the ransom is seen as a "cost
| of doing business", and until recently security was seen as
| "a problem that happens to other people".
|
| Sadly my experience is that organisations like this will take
| their $5m ransom (or other remediation cost), assume it's a
| one-off, then divide it by their number of ransom-free years,
| and proclaim it was better value for money than hiring 2 or 3
| senior security gurus on $300k /yr with 60 vacation days, and
| letting them bring in a team to deliver meaningful security.
|
| Beyond taking security out of the hands of bean-counters
| though, I'm not sure how you address this. Pursuing
| organisations that pay ransoms and prosecuting senior
| CEO/CFO-type executives for conspiracy to commit money
| laundering (and pushing for criminal convictions) could
| discourage paying ransoms. If it's left to businesses as
| something they can write down as a "cost", I don't see it
| getting better - there has to be a risk to the liberty of the
| CEO/CFO before they'll take security seriously in my
| experience. 90 days in federal prison would certainly sharpen
| their focus in future.
| briffle wrote:
| Even better, they will take the cost of their Insurance
| Deductible, and then do those calculations. Most businesses
| have insurance for this stuff.
| aerostable_slug wrote:
| And DarkSide has stated they target businesses with that
| insurance. It's smart. They were hosed the moment
| Colonial's infosec (or whomever) recommended closing the
| valves on the pipelines. Until that moment they'd been
| doing reasonably well (for criminal scum).
| g_p wrote:
| Interestingly, it looks like (some) insurers may be
| responding to this.
|
| > In an apparent industry first, the global insurance
| company AXA said Thursday it will stop writing cyber-
| insurance policies in France that reimburse customers for
| extortion payments made to ransomware criminals.
|
| https://www.insurancejournal.com/news/international/2021/
| 05/...
| [deleted]
| kbenson wrote:
| Well, sometimes they're right. The hit company will likely
| call in some consultancy to institute a bunch of newer and
| better security protocols, then call it a day. If they
| really aren't hit again for another decade and staffing a
| department would cost $500k a year or more, were they
| wrong?
|
| It's a gamble. It's easy to point fingers at the company
| that was caught out, but for the hundreds or thousands that
| aren't ransomed and aren't paying the extra money for
| security, they took that gamble and so far they've come out
| ahead not having spent all that money on prevention.
|
| I'm not advocating that these companies to have less
| security or not do better on security, but the fact is a
| lot of them have made the objectively correct decision _for
| themselves_ , which will continue to be correct right up
| until they're hit, if they ever are. The whole situation is
| analogous to health insurance in a way, and the same
| incentives are at play, along with similar consequences for
| individual companies and all of us as a whole, as providing
| easy targets for these groups allows them to thrive and
| grow and target others.
| yebyen wrote:
| They paid $5 million, if "it was cheaper for them,"
| that's solid math that ignores some really important
| stuff though, LOL. What is the externalized cost of this
| crisis on the entire country? The $5 million dollar
| ransom is a worse deal if you can convince your board to
| consider that externality.
|
| The criminal penalties for executives in leadership and
| board positions (and I'm not saying this is my preferred
| approach) would certainly go a long way toward changing
| the calculus of this exchange.
| pixl97 wrote:
| Which is also why they need a $15-50 million dollar fine
| on top this
| Jeff_Brown wrote:
| I'm curious about the potential legal basis for such a
| fine.
| dred_prte_rbrts wrote:
| SOX. SOX mandates that you have reasonable controls to
| secure financial information and it appears they didn't.
| Every SOX audit I've been through has a IT security
| portion.
| 35fbe7d3d5b9 wrote:
| > What is the externalized cost of this crisis on the
| entire country?
|
| If a business externalizes the cost, does it matter to
| them?
|
| Civil penalties levied by regulators will drive the
| change that matters.
| yebyen wrote:
| > If a business externalizes the cost, does it matter to
| them?
|
| I mean, yes? Maybe not before next quarter's revenue
| statement, but eventually it will have to start to
| matter?
|
| If your dog goes and craps in the yard every day, you
| eventually have to clean it up or you will get flies in
| the yard, and if you have to open the door or leave the
| house at all then sooner or later you will have flies in
| the house, it matters, yes. It's really not any more
| complicated than that.
|
| If you are responsible for dumping toxic waste out the
| back door of your factory, it's only a matter of time
| before it's in your drinking water at your house, a
| couple of miles down the road. Externalizing a problem
| doesn't really get rid of it, just makes it someone
| else's problem (for now at least.) Those other people are
| real people, and they will find you.
| Jeff_Brown wrote:
| But if you're a monopoly (a competing pipeline isn't
| likely to spring into existence any time soon) and the
| courts aren't inclined to impose particularly harsh
| penalties, business as usual will remain your optimal
| moneymaking strategy.
| Jeff_Brown wrote:
| > What is the externalized cost of this crisis on the
| entire country?
|
| One natural solution would be to subsidize cyberdefense.
| The political difficulty is that a rational subsidy would
| be proportional to the harm of an attack, which would
| mean giving the most money to the biggest corporations.
|
| The best solution would be for the firm to raise their
| prices the very small amount necessary to cover the
| expense, and for consumers to tolerate the expense
| because they know it's worth it. But a pipeline is a
| natural monopoly, presumably charging a monopoly-optimal
| price that (correctly) assumes a populace ignorant of
| such concerns until it's too late.
| mgfist wrote:
| TBH I was shocked $5 million was all it cost.
| yebyen wrote:
| I imagine it went something like this
|
| "OK, now that you have our attention, and the eyes of the
| entire international media apparatus are on us, here's how
| we're going to do this. We're going to send some integer
| number of million money dollars down this pipe, and you're
| going to turn that gas pipe back on like you said you
| would.
|
| Then here's what happens next... we're going to give you an
| integer number of minutes running head start before the
| drone strikes start raining down on these 12 sites we've
| identified as likely candidates for your location, ... now
| how many millions was it that you were asking for from us
| again?"
|
| Doesn't really matter how much it was, either, if it has
| really been seized already in less than 24 hours. Was it
| enough to convince the boss guy or gal to take the bait and
| risk revealing themselves? (Probably not, but IMHO that
| wasn't likely to happen anyway, at least not since the heat
| started getting turned up on them all.)
| sudosysgen wrote:
| There is basically a zero percent chance that the US knew
| where they were physically.
|
| The servers that were claimed to be seized were on cloud
| platforms.
|
| And even then, we don't know if this is true or if it's
| just an exit strategy.
| yebyen wrote:
| It's easy to say "basically zero chance" when we're
| armchair quarterbacks and not the ones in the hot seat.
|
| I'm inclined to agree that our cyber-security apparatus
| is not up to the task, but it's also true that nobody has
| perfect OpSec, (and I'd guess there are few out there
| have deeper pockets to track down and make sure the
| perpetrators regret this, than the combination of US
| government + oil companies.)
| throwawayboise wrote:
| > nobody has perfect OpSec
|
| Yep. Compromised people on the inside, informants,
| "intensive interrogation" etc. are more likely the way,
| as has always been the case.
|
| Also the agencies that would know who these people are
| would not want to reveal what they know in order to save
| random XYZ Corp's bacon. With this being seen as a
| "critical infrastructure" attack and something closer to
| an act of war/terrorism, the stakes got higher.
| bluGill wrote:
| This isn't the first such attack. You can bet the big
| agencies worldwide have been aware of ransomware and
| investigating. They have been putting evidence together.
| It only takes a few of the right mistakes on the part of
| the criminals for them to be figured out. In the long run
| the advantage is to the police because they can keep
| looking.
|
| If you want to be a criminal who gets away with it you
| really need exactly one big action, and at most a few
| tiny practice runs before the big one. Choose your target
| well because once the big one is done you have to be
| done. (and don't do anything copycat - investigations to
| get the first guy might find you instead)
| grumple wrote:
| The cost of shutting down this pipeline for a week is a lot
| more than 5 million. At 3 million barrels per day going
| through it, in 6 days that's 18 million barrels. At
| $65/barrel that's 195 million worth of oil that didn't
| transit and it probably has huge knock-on effects throughout
| the affected regions (things that didn't ship, trips not
| taken, etc).
| inasio wrote:
| I believe it was a gasoline pipeline, so the price per
| barrel is a lot more than that.
| rebuilder wrote:
| Well, if it's more expensive to prevent the attack than to
| pay the ransom, what's the point? ;)
| g_p wrote:
| I think you're right - as I said on a sibling comment, if
| beans are all you count, and bean-counters rule the roost,
| you can write this off as a one-off, and point out you had
| 30 years without a ransomware, and therefore we don't need
| to do anything...
| [deleted]
| Jeff_Brown wrote:
| That's surely how it would be represented in order to
| retroactively justify negligence.
|
| But a more precise calculus would take into account that
| (1) the proliferation in ransomware is recent and
| explosive, and (2) getting hit by one ransomware group
| doesn't mean a second group won't strike soon. (Although
| I'm guessing the second wouldn't be allowed to use the
| same ransomware-as-a-service platform, as that would harm
| the platform's reputation.)
| [deleted]
| bluGill wrote:
| Until the attacks get more expensive. Some companies never
| settle law suits even when it is obvious they will lose in
| court. As a result they only have to deal with courts in
| cases where it is obvious they will lose since no lawyer
| will bother a with a case that isn't obvious. (the end
| result is about the same lost overall - when they lose they
| tend to be punished in court for not settling)
| mywittyname wrote:
| I know you're saying this in jest, but that's the calculus.
|
| The outcome here shows that executives made the right call.
| The $5MM fee was easily paid, less than the costs of
| security, and the insurance company will probably cover it
| anyway. And the government/people were so outraged that the
| attackers were met with fucking swift justice.
|
| The company will probably get some grants or something to
| cover the cost of "securing their infrastructure." Never
| let a good crisis go to waste.
| pixl97 wrote:
| Which is why the company needs a significant fine for
| failing to secure infrastructure.
| rebuilder wrote:
| I wasn't really saying it in jest. The ";)" was more of
| an "oh, the horror" signifier, meaning I don't really
| think it's great that the cost-benefit analysis here is
| so short-sighted.
|
| Any employee choosing to spend millions to avoid the cost
| of a heretofore unencountered cyberattack would be making
| a strategic decision, while probably not being empowered
| to make decisions at that level. So they do not take
| action.
|
| Bureaucracies do not take visionary action. They stay the
| course.
| vsareto wrote:
| They did get some free help from the US amplifying all of
| this and the media essentially tying DarkSide to the
| pipeline shutdown (even though they likely only set out for
| the business side).
|
| Maybe now utilities going to the US for a similar reason
| will be in everyone's DR/IR plan (even if Colonial didn't
| reach out to the US admin).
| Jeff_Brown wrote:
| Expecting the company to continue operating after
| freezing data on the "business side" seems strange to me.
| blackearl wrote:
| Now that they've outed themselves as an easy mark, should
| be simple to hit them again and demand more money. At some
| point it'll be less expensive to improve their security
| infrastructure.
| hooande wrote:
| Ransoming Colonial basically put Darkside out of
| business. no one is going to hit them again
| rebuilder wrote:
| Or, so they say... We really don't know enough to say
| anything here. It might just as well be that whoever
| controls the funds at Darkside pulled an exit scam.
| Jeff_Brown wrote:
| Their stuff may have been seized, but their business
| model has not to my knowledge been invalidated.
| Ransomware is not a capital-intensive business. A new
| generation of ransomware groups will quickly spring up to
| replace DarkSide.
| jethro_tell wrote:
| This is why it's a problem. What's the point is the
| business side, but when taken as a whole, this type of
| infrastructure is too important to the country as a whole.
|
| Everyone want's to make the calculation and hope it's not
| them, but if it's everyone at once, or there is no ransom
| option it's a completely different ball game. This is a
| situation where we are asking private companies to take
| responsibility for something outside of a profit motive and
| the results are some what less than surprising.
| [deleted]
| newsclues wrote:
| Cybercrime is the market response to under utilized/paid tech
| workers.
| WrtCdEvrydy wrote:
| > seem to point to ransomware activities being far more
| coordinated and "business-like" than they often get credit for.
|
| This is a business that actually provides better support than a
| regular business.
|
| From conversations with friends in the Infragard side of this,
| and the agencies that collaborate, they have 24/7 English
| support available before and after payment, as well as
| decryption remote support if you can't get your files
| decrypted... there are also instances of refunds if they can't
| decrypt your files due to technical issues.
|
| Unlike regular businesses, support is a sales channel since
| it's the way to ensure you get paid so a lot of resources go to
| support activities in these "organizations".
| mason55 wrote:
| Yeah apparently in addition to their white label ransomware
| software, if you licensed their software you could also have
| DarkSide handle negotiations for you. 10%-25% of the ransom
| and in exchange you get people who have real experience
| handling the negotiations and have the infra in place already
| to remain anonymous while supporting 24/7 English language
| service.
| rsj_hn wrote:
| Ransomware-As-A-Platform. I wonder if they got the
| criminal-underground equivalent of VC-funding, or if they
| have something like Y-combinator to fund innovative
| criminal approaches and promote networking -- like evil-
| Kirk from the mirror universe, there could be a Saul Graham
| with a mustache writing essays about unlocking value and
| what you are not allowed to say in the ransomware
| community.
| vmception wrote:
| There is investment infrastructure. Mostly informal and
| enforced via smart contract and multisignature
| transactions. Organized on forums and chat rooms.
|
| Not much capital is needed though and the affiliate and
| licensing model is better, which also just means an
| address is hardcoded that splits payment, or a server
| controls the private key (or master private key for
| infinite unique address creation) to addresses and
| automatically splits received payments to the RaaS
| service
|
| I get that was supposed to be a joke, its exactly the
| same or even more streamlined than the licit economy.
| There is no major distinction except the kinds of "risk
| factors" one might list.
| meowface wrote:
| From my (admittedly shallow) understanding, all of that
| does kind of exist and has for at least a few years, now.
| It's also existed for longer for the DDoS-as-a-Service
| industry. Most of it's in Russian and takes place on
| private and semi-private Russian forums and chat
| rooms/groups.
|
| There's definitely a hierarchy to it. Any particular
| group may not necessarily develop or own the software or
| infrastructure they're using. You can probably liken it
| to drug markets, where there are some top-level central
| players and many tiers below that make up the whole
| supply and distribution chain. (And potentially, the
| absolute top-level / "The Commission" may be certain
| elements of certain nations' governments, in some cases,
| or at least closely associated with them, which further
| complicates matters.)
|
| You might find this 2020 interview with a ransomware
| operator interesting: https://talos-intelligence-
| site.s3.amazonaws.com/production/...
| munificent wrote:
| _> This is a business that actually provides better support
| than a regular business._
|
| The thing I find fascinating from a sociology perspective
| about ransomware is that they _have_ to. To be a successful
| ransomware company, you have to simultaneously be:
|
| 1. Completely immoral enough to attack companies, hold their
| data ransom and potentially put them out of business and
| reveal the private details of thousands of people.
|
| 2. Create enough trust in the company you attacked that they
| believe you _will_ give the data back once you pay them.
|
| It is crazy that they are psychologically savvy enough to
| simultaneously attain those directly conflicting goals.
| cmeacham98 wrote:
| I don't think these goals are very conflicting. It's not
| hard to imagine a criminal unwilling to lie and/or break
| their promise, as a matter of fact it is a common trope in
| works of fiction
| (https://tvtropes.org/pmwiki/pmwiki.php/Main/IGaveMyWord).
| larksimian wrote:
| In a cynical telling this is how you start a government or
| any organization with a monopoly on violence, ala mafia.
| First you make it clear that you can cause damage, then you
| make it clear that tax payers are safe. The next step for
| ransomware companies is to offer cyber security services,
| whether you want them or not. We've hacked you. We fixed
| your crappy unpatched software, if you try to remove us you
| lose all your data, so now we're your cyber security
| partners.
| ChainOfFools wrote:
| or any self-identified 'disruptive' business model
| really.
|
| step 1: "join my disruptor gang and we'll protect your
| lifestyle/income/status in exchange for tribute, or at
| least not becoming a disruptee yourself."
|
| step 2: end up eventually recapitulating the exact same
| system you disrupted, but now you get all the spoils of
| the incumbent power
| dv_dt wrote:
| There are many businesses operating in on the legal side of
| things which I find immoral, but would trust to act
| consistently in certain ways...
| jabroni_salad wrote:
| Maybe with Darkside, but they account for a very small amount
| of activity. Back in the Gandcrab days, anyone with a credit
| card could fire up their own tenancy, and they mostly sucked
| at it. They would lose the decryption keys or send non
| functional decryptors. They were not interested in talking
| and just thought the RaaS platform would be a passive income
| for them.
|
| I mostly dont do ransomware housecalls anymore, but my
| teammates tell me the situation has mostly not improved.
| gimmeThaBeet wrote:
| > there are also instances of refunds if they can't decrypt
| your files due to technical issues.
|
| I would like to hear more about this, that sounds kind of
| hilarious. "Ah, apologies, we'll get that back to you within
| 3 business days. Have a nice day, I hope you had backups"
| vmception wrote:
| That's exactly how it is and has been for a very long time
| (half decade or more).
| marsven_422 wrote:
| The free market fundamentally rests on the respect for property
| rights.
|
| Ransom-ware is a violation of said property right and thus an
| act of aggression therefore allowing for self defense.
|
| Violation of property rights is always morally wrong.
| omoikane wrote:
| > business-like
|
| Reminds me of this negotiation:
| https://www.reuters.com/article/us-cyber-cwt-ransom/payment-...
|
| Previously discussed here:
| https://news.ycombinator.com/item?id=24032779
| MattGaiser wrote:
| Why does a gang have a blog/Telegram channel?
| nkozyra wrote:
| Why wouldn't they? They exist primarily online.
| rattray wrote:
| Part of their business model is drafting acolytes who pay them
| money.
| cableclasper wrote:
| Modern Warfare.
| dredmorbius wrote:
| s/Modern/Ancient/
|
| https://suntzusaid.com/book/13
| whymauri wrote:
| why are ransomware groups transacting in BTC, which can be easily
| traced?
| willvarfar wrote:
| Just curious, what alternatives are there, and how would they
| work?
| angio wrote:
| They can also ask for ETH and use Tornado cash to launder it.
| chitowneats wrote:
| Check out Monero. I'm a lay person when it comes to
| cryptography and cryptocurrency, but supposedly an innovation
| in that currency, known as ring signatures, keeps the
| blockchain private.
| lallysingh wrote:
| Monero for transactions, then change back to BTC for value
| storage.
| smoldesu wrote:
| Because even though the transactions can be traced, the
| accounts holding them are arbitrary. You can observe a Bitcoin
| transaction propagate through the blockchain, but you'll never
| really see any personal identifiers besides the address.
| ufo wrote:
| It's easier to launder and transfer the BTC than to do the same
| with real money. According to the article, the people behind
| Darkside were also behind a bitcoin "mixing" service that was
| recently shut down.
| whymauri wrote:
| but... Monero. Mixing is fine, but there's fees and overhead
| that make it undesirable, IMO.
| ribosometronome wrote:
| Ease of access for the victims, I imagine. Going from owning 0
| bitcoin to hundreds of thousands seems easier giving it's
| popularity than say, monero (or whatever the anonymous centric
| coin of the day is). And the ransomware guys can still wash it
| later by passing it through intermediate exchanges/selling it
| for a different crypto.
| spand wrote:
| I would expect only Bitcoin markets to have the liquidity and
| depth where one can easily buy 5 million worth of coins.
| Similarly when the hackers want to sell the coins again.
| Taek wrote:
| Nah there are dozens of options where you could easily move 5
| million a day. They are probably using bitcoin because it's
| easiest for the victim to pay in. I assume they would rotate
| it through zcash/monero before they spend it
| bredren wrote:
| It was a mistake to attack the business side of the oil company,
| because it created what could be sold as reasonable doubt to shut
| down the pipeline.
|
| As a result, the ransom had the optics of an attack on
| infrastructure. As evidenced by the coverage of Americans
| desperately filling up containers.
|
| This created the impetus for the US to treat this as an incident
| far and above the ambient ransomware activities leading up to
| this.
|
| It also gave the US an opportunity to show how effective it could
| be when it had the political cover to do so.
| 867-5309 wrote:
| >Servers were seized (country not named)
|
| >gave the US an opportunity to show how effective it could be
|
| unless you know something we don't, that's quite a conclusion
| to jump to
| walshemj wrote:
| Ripping of the average middle America Jack and Hortense is one
| thing - start impinging on CNI and your playing big boy and
| girl games.
| omgwtfbbq wrote:
| >It also gave the US an opportunity to show how effective it
| could be when it had the political cover to do so.
|
| Not sure what you mean, what did the US do exactly?
| twobitshifter wrote:
| These guys retweeted the story. They didn't claim
| responsibility but it's a tacit acknowledgment of their
| involvement. https://en.m.wikipedia.org/wiki/780th_Military_I
| ntelligence_...
|
| https://mobile.twitter.com/TheRecord_Media/status/1393192862.
| ..
| toyg wrote:
| Wow, their motto is "ubique et semper in pugna" -
| everywhere and always fighting. Scary platform.
| TrackerFF wrote:
| I got downvoted for saying that maybe it's time to treat
| serious ransomware attacks (infrastructure, security, health,
| etc.) as terrorism - as in the sense that they're a threat to
| the national security. But this kinda shows the response I was
| referencing to.
|
| A lot of people like to think of ransomware attacks as the
| ultimate stress test as far as security goes, and thus a good
| thing - but let's not get too blinded by our professions (most
| probably in tech), these kinds of attacks can have serious
| consequences: Imagine if some foreign state agency
| (masquerading as hackers) launches a multiheaded attack on,
| say, utilities plants - in the middle of the winter. The
| victims/targets will pay whatever us necessary.
|
| With that said, I understand that many people will recoil at
| such things - we saw what the patriot act did, and how easy it
| is to overstep and abuse such laws, in the name of "national
| security". But it is a serious problem, in the same way actual
| piracy thrived in the gulf of Aden, as soon as the shipping
| companies started paying.
| babypuncher wrote:
| That reasoning is really dumb. It's like saying school
| shootings are the ultimate stress test on a local police
| department. They sure are, but nobody in their right mind
| should ever argue that getting real world experience with one
| is ever a good thing.
| citizenkeen wrote:
| "Intentional threats to national security" are not ipso facto
| terrorist acts, but they should be addressed with the same
| level of severity.
| iratewizard wrote:
| Agreed. To call it terrorism would water down the meaning
| of the word.
| arcticbull wrote:
| IMO terrorism is a "waffle word" that doesn't really have any
| meaning anymore. Originally a use of violence and
| intimidation against civilians in pursuit of political
| ideology, it's come to mean "people we don't like, who aren't
| state actors and don't fit conventional organized crime
| narratives."
|
| I don't think it's necessary to staple the term to the action
| in order to take it seriously. It should, however, be taken
| seriously as the national security threat it is. For
| instance, climate change _is_ a national security issue but
| oil executives, while distasteful, aren 't terrorists.
|
| I agree that many folks in the tech community (and especially
| here, though I don't know if they're overrepresented here)
| treat technology as platonic. That's not going to cut it
| moving forward. Technology that enables bad things in the
| world should be curtailed even if its "neat."
| watwut wrote:
| Original definition did not required target to be
| civilians. Suicide attacks against military were called
| terrorism too.
| Inhibit wrote:
| To your point these folks seem pretty well defined as
| organized crime. Or possibly foreign military if
| appropriate.
|
| I'm not sure leaving infrastructure hanging out in the
| breeze can be compensated for by cracking down on personal
| liberty, however. Unless you're proposing cutting off
| international computer network integration.
| walshemj wrote:
| Original its terror for terrors' sake to disrupt society
| not for individual aims is my understanding.
| bityard wrote:
| You could treat ransomware attacks with the same seriousness
| as terrorism since the practical effects are similar, but the
| key point of terrorism is that it is politically motivated.
| So a terrorist group could launch a ransomware attack, but
| not all ransomware campaigns are terrorism.
|
| The meanings of words is important; rational discussion is
| impossible when people shift commonly-accepted meanings and
| definitions to suit their agenda. It's an extremely common
| strategy in politics. And the word "terrorism" already
| received more than its fair share of this treatment quite
| thoroughly in the decade following 9/11.
| schoen wrote:
| Maybe people didn't like your use of the term "terrorism" for
| national security threats?
|
| A common understanding is that terrorism is intended to
| frighten people or make them feel unsafe, while various
| official definitions of terrorism include the idea that it's
| intended to coercively achieve some particular political
| goal.
|
| If attackers just intend to get money, they're probably well-
| described as extortionists (or in some cases, as you said,
| akin to pirates). If they just intend to damage a particular
| society without demanding anything from it or getting it to
| change its behavior, they might be saboteurs.
|
| Attacks with these motives or that pretend to have these
| motives could still be considered national security threats
| (and taken very seriously), but maybe shouldn't be described
| specifically as terrorism.
| squeaky-clean wrote:
| They may have just intended to get money, but they
| definitely spread terror. I had to have like an hour long
| phone call with my mother on Monday explaining why she had
| to go to 4 gas stations before she could get any gas, and
| that no the pipeline was not going to explode.
| a9h74j wrote:
| From the satire site that shall not be named: "People in
| the Middle East head to bomb shelters after learning that
| Americans are experiencing gasoline shortages."
| cannabis_sam wrote:
| Would the same apply for someone who physically took
| something essential to national security hostage and then
| demanded money?
|
| Would that change if they, for example, demanded the
| release of prisoners of a specific political persuasion?
| reader_mode wrote:
| Terrorism has to have some ideological agenda, which is
| what makes it dangerous - I doubt you'll see suicide
| bombers for hire.
| adamselene wrote:
| Not more than once, anyway.
| brillyfresh wrote:
| Only the ones who are bad at it.
| efuquen wrote:
| > Would that change if they, for example, demanded the
| release of prisoners of a specific political persuasion?
|
| How would that not be classified as a political motive?
| thesuperbigfrog wrote:
| On the high seas of the Internet there is a thin line
| between pirates and state actors. There could even be
| "privateer" (https://en.wikipedia.org/wiki/Privateer)
| attackers who work for a nation and for profit at the same
| time.
|
| From the victim's perspective it matters less who is
| attacking you or why they are attacking you and much more
| what the results of the attack are, how you can mitigate
| and recover from the damage, and what needs to be done to
| prevent future attacks.
|
| For the case of DarkSide and Colonial Pipeline, the
| attackers did not claim to have a political motive, but the
| resulting fuel shortages and panic buying might as well
| have been a form of terrorism.
| notatoad wrote:
| >On the high seas of the Internet there is a thin line
| between pirates and state actors
|
| maybe in as far as their capabilities go, but the
| important characteristic of a state actor is that
| retaliating against them is construed as a retaliation
| against the state that backs them. Darkside is _very_
| different to a state actor, as demonstrated here -
| retaliation has no significant geopolitical implications,
| so it can be swift and harsh.
| wongarsu wrote:
| Just causing terror doesn't make it terrorism. Causing
| terror as a means to further some political (or
| religious) goal would make it terrorism.
| [deleted]
| bluefirebrand wrote:
| With that definition this is explicitly not terrorism,
| because it was for money not for political or religious
| reasons?
| akiselev wrote:
| Yes. Its an important distinction because they are
| fundamentally different motives. If the motive is money,
| various strategies can drive up the cost until the
| behavior is no longer profitable and the bad actors stop.
| Religion and ideology are completely different beasts and
| most strategies that work on profiteers only entrench the
| others.
| omgwtfbbq wrote:
| Just like how robbing a bank may cause terror to the
| people in the bank or the neighborhood but it was done
| for profit not politics.
| 8ytecoder wrote:
| Not sure why you're getting downvoted. That's literally
| the Oxford dictionary definition.
|
| https://www.google.com/search?q=define+terrorism
| shelbyKiraM wrote:
| FTFY: https://duckduckgo.com/?q=define+terrorism+oxford
| darig wrote:
| > I got downvoted for saying that maybe it's time to treat
| serious ransomware attacks (infrastructure, security, health,
| etc.) as terrorism.
|
| Maybe it's time to treat distributing software that is
| susceptible to ransomware attacks as terrorism.
| thaumasiotes wrote:
| > I got downvoted for saying that maybe it's time to treat
| serious ransomware attacks (infrastructure, security, health,
| etc.) as terrorism - as in the sense that they're a threat to
| the national security.
|
| Well... yes? That isn't a sense of the word "terrorism".
| kordlessagain wrote:
| HN is full of assholes who practice deprecating others to
| find their own worth. Set yourself free of their dogma and
| change the world the way you see it!
| papito wrote:
| Some downvoting can be truly surprising, and one factor may
| be because HN is much more international, while I think of
| it as "American". It _is_ Y-Combinator, after all.
|
| Funny fact - one way to get down votes on HN is to say
| something negative about that shit-tier human Peter Thiel.
| Apparently becoming rich off of venture capital makes you
| automatically a good human being.
| podgaj wrote:
| Serious side effects, yes. I am homeless and live in my van
| in North Carolina and having to ration my gasoline waiting
| for the idiots to stop hoarding.
|
| These people thought they were sticking it to the man but
| they were actually sticking it to people like me.
| ChuckMcM wrote:
| FWIW in June of 2011 the Pentagon issued a report that
| defined how 'cyber attacks' can be classified as an act of
| war. Part of the defense department review of threats against
| the US. However, they have to be plausibly tied to a state
| actor such as Russia or North Korea (to give two examples)
| The net result was that the Pentagon considers military
| response (both kinetic and cyber) as legal and sanctioned
| ways to respond to cyber attacks.
|
| Generally though, the Justice department defines terrorism to
| be _" the unlawful use of force and violence against persons
| or property to intimidate or coerce a government, the
| civilian population, or any segment thereof, in furtherance
| of political or social objectives"_
|
| These ransomware attacks fall in the middle. They are
| 'deniable' by state actors as just crooks who happen to be
| within their borders. They certainly don't push any social
| objective other than to enrich the criminals. So that leaves
| them under the jurisdiction of law enforcement.
|
| I have read anecdotal evidence that there are the equivalent
| to "Letters of Marque"[1] for Russian criminals who attack
| enemies of the Kremlin. They wouldn't completely qualify as
| the Russians aren't actually in a declared state of war (this
| works fine for North Korea) but conceptually if you accept
| that criminals are gonna crim, then pointing them at people
| you don't like at least keeps the damage outside of your area
| of concern.
|
| In this particular case, the fairly rapid take down of these
| guys gives me pause. One wonders if the FBI and Interpol had
| Colonial pay with Bitcoin that they then traced to the
| destination wallets. And then working backward from there to
| the server infrastructure. That would be an interesting
| capability if it exists.
|
| [1] https://en.wikipedia.org/wiki/Letter_of_marque
| hinkley wrote:
| As far as I'm concerned, ransomware attacks essentially fall
| into the same classification as highwaymen, bandits, and
| pirates. We tend to take those pretty seriously. Or at least,
| we did once they've robbed the wrong people.
|
| Sounds like the ransomeware people finally robbed the wrong
| people.
| Ericson2314 wrote:
| "terrorism" is a concept that shouldn't exist.
| vkou wrote:
| Terrorism is a non-state use of violence for political aims.
|
| Ransomware is non-state, not violent, and is done for
| economic, not political aims.
| waihtis wrote:
| > non-state > economic, not political
|
| There's a well known phenonenom of a certain large nation
| harbouring cybercrime gangs and keeping them on the
| government leash. Their economic activity benefits the
| governments political agenda. Ergo all conditions are true.
| vkou wrote:
| There's also a well-known phenomena of large nations
| harboring multi-national corporations that break the law
| in other nations they operate in.
|
| That doesn't mean that the large, developed nations in
| question are engaging in organized crime.
|
| Taking advantage of regulatory arbitrage does not mean
| that their government is in collusion with them.
|
| If it did, then we could pile a lot of crimes at the feet
| of Western governments. Some mining firm violently puts
| down a strike in Central America? Clearly, we can
| conclude that Canada/the US is engaging in terrorism! [1]
|
| [1] https://digitalcommons.osgoode.yorku.ca/cgi/viewconte
| nt.cgi?... [2]
|
| [2] 28 Canadian companies, 44 deaths, 30 of which were
| targeted extra-judicial killings. Are we going to lay
| those at the feet of Parliament, too? [3]
|
| [3] Or do we have one set of standards for Russia, and
| another for our own behaviour?
| waihtis wrote:
| There is no sense to your comparison when you're putting
| a criminal enterprise (which exists to do harm and harm
| only) and legitimate business into the same bucket.
| vkou wrote:
| A 'legitimate business' that occasionally dabbles in
| murder is also a criminal enterprise.
| waihtis wrote:
| Agree to a certain extent - executives in such companies
| need to pay the price on their actions, whether involed
| directly or via a proxy
| fencepost wrote:
| _Ransomware is non-state_
|
| Are there no ransomware operations linked to North Korea? I
| was under the impression that there was some level of
| activity there to maintain supplies of globally-usable
| currency.
| Forbo wrote:
| Last I heard, they were more oriented toward
| cryptocurrency trojans and botnet mining operations, but
| I could be mistaken.
| Arubis wrote:
| I'd like to lean towards keeping terrorism defined
| essentially by intent--namely, the intent to use
| asymmetrical, threateningly or actually destructive, and
| emotionally activating ("terrorizing") means to manipulate a
| body politic or society towards a desired change.
|
| If serious ransomware attacks are being conducted by state
| actors with the sole intent of causing damage, and we want to
| use powerful terminologies to describe them, "acts of war"
| seems a reasonable start.
|
| Yes, this is semantics--but some of my concern here is that
| just freely tossing around "terrorism" gives cover for
| organizations not to be diligent in at least attempting to
| secure their networks and digital assets.
| jcranmer wrote:
| > I got downvoted for saying that maybe it's time to treat
| serious ransomware attacks (infrastructure, security, health,
| etc.) as terrorism - as in the sense that they're a threat to
| the national security.
|
| A precise definition of terrorism tends to be difficult to
| pin down (mostly due to the difficulty of considering what is
| a legitimate asymmetrical warfare tactic by a nascent
| liberation movement versus an illegitimate terrorist act).
| But a general rule of thumb is that terrorism is a) violence
| b) directed at civilian populations c) to effect policy.
|
| However, there are threats to national security that are not
| terrorist in nature; gang warfare in Mexico and Central
| America would be an example of such a threat.
| da39a3ee wrote:
| The definition of terrorism isn't a "threat to national
| security". For example, your country could do something evil
| and wrong, grievously and unjustifiably violating the
| interests of an entity with a military, and be deservedly
| subject to military action, constituting a threat to national
| security. That wouldn't be "terrorism", it would just be
| "military action".
| joe_the_user wrote:
| Treating more and more attacks "as terrorism" has it's
| limits. The US may have awesome offensive cyber attack
| abilities but stopping widespread ransom wear requires
| systematic security, not threatening the bad guys, since
| there will always be more bad guys.
| normac2 wrote:
| > This created the impetus for the US to treat this as an
| incident far and above the ambient ransomware activities
| leading up to this.
|
| And why would you say this is desirable to the US? Just general
| "governments take advantage of crises to gain power" reasons?
| gzer0 wrote:
| What? This makes no sense.
|
| The hacker group attacked resources considered "critical
| infrastructure"; this was closer to an act of war than any
| other cyber attack has come. The US Cyber Command responded
| swiftly.
|
| > "governments take advantage of crises to gain power"
|
| Please, elaborate? I fail to see how the US Govt is taking
| advantage of this crisis for more power.
| normac2 wrote:
| Without breaking down my reasoning (which was pretty half-
| baked and underthought)--I was just trying to understand
| the OP's point.
|
| OP used all kinds of language we associate with governments
| doing sketchy stuff: "what could be sold as reasonable
| doubt to shut down the pipeline"; "created the impetus"
| ("impetus" is often used to claim the real motivations were
| something else); "political cover"; etc.
|
| I just didn't know how else to interpret all the cloak-and-
| dagger language about the US's behavior. Personally, it
| seems to me like our response was pretty reasonable. I
| think the "government takes advantage of crises" line of
| argument only goes so far, and at its extreme leads to dumb
| stuff like 9/11 truthers.
| tgsovlerkhgsel wrote:
| Called it here: https://news.ycombinator.com/item?id=27101406
| rini17 wrote:
| It was a mistake to attack _overtly_. I believe $5 million can
| be easily drained covertly and inconspicuously from
| megacorporations.
|
| I'm pretty sure it's actually happening we just don't hear
| about it.
| spoonjim wrote:
| I don't think the criminals wanted it overt. They weren't
| expecting the pipeline to be shut down which is what made
| everything public.
| vasco wrote:
| It didn't work in Office Space.
| fake-name wrote:
| You do know office space is fictional, right?
| mythrwy wrote:
| I don't know that it is. You should have seen my last
| workplace.
| LadyCailin wrote:
| I thought it was a documentary?
| asperous wrote:
| There's a huge network of financial controls to prevent and
| detect this sort of thing, it's one of the foundations of the
| fields of accounting. Often there are departments looking for
| fraud regularly.
|
| I suspect small or medium organizations rather then megacorps
| would be easier targets if they haven't invested money in
| accounting controls.
| adrr wrote:
| Russia allows their FSB operatives to moonlight on the side.
| Darkside hackers could be government operatives and an attack
| on critical infrastructure is an act of war. It is the same as
| bombing the pipeline if infrastructure is disabled. I am sure
| the cyber insurance provider won't pay and say it was an act of
| war by a foreign government. It always a grey area.
| Joker_vD wrote:
| Remember when Emotet was believed to be connected to Russia?
| Until January of this year, when it turned out it was
| actually Ukrainian.
| Godel_unicode wrote:
| Do you have any extraordinary evidence for these
| extraordinary claims?
| onetimemanytime wrote:
| Very few doubt that FSB and Russian mafia are one.
| eevilspock wrote:
| those few are all here downvoting you?
| Godel_unicode wrote:
| Even if it's true that very few doubt it, that doesn't
| mean it's true that they are.
|
| See also:
| https://en.m.wikipedia.org/wiki/Argumentum_ad_populum
| jascii wrote:
| https://bpr.berkeley.edu/2019/12/16/gangs-and-gulags-how-
| vla...
| jascii wrote:
| It's pretty clear that the Russian Gov is not actively
| prosecuting cyber criminals, provided they attack foreign
| competition. On top of that, there is a fair amount of
| forensic data indicating shared resources between hacker
| groups and GRU operatives.
| ryanlol wrote:
| > On top of that, there is a fair amount of forensic data
| indicating shared resources between hacker groups and GRU
| operatives.
|
| Go on
| jascii wrote:
| You could start to look at the spread of Diskcoder.C
| across several attacks and the shared code with ExPetr
| and NotPetya... This forms the basis for the DOJ
| indictment against 6 officers of GRU Unit 74455.
|
| There is much more if you care to go down that rabbit
| hole.
| ryanlol wrote:
| Oh nonsense, that was well established to be an edit of
| the binary. It's obvious the GRU didn't have the source
| code. The idea that this was an example of the GRU
| working with criminal hackers is plainly ridiculous.
|
| https://blog.malwarebytes.com/threat-
| analysis/2017/06/eterna...
|
| Why call it diskcoder.c anyway? It's Petya
| Der_Einzige wrote:
| It's not possible to bring "extraordinary" evidence of a 3
| letter agency doing this kind of shit the way some HN user
| would want without ending up as a political prisoner
| somewhere learning all about the meaning of the word
| "pain". Never-the-less, I have no doubt that FSB operatives
| are allowed to moonlight.
| Godel_unicode wrote:
| The United States Department of Justice has not exactly
| been shy about charging operatives of foreign governments
| for their illegal activities online (e.g.
| OlympicDestroyer, Solarigate). As far as I've been able
| to determine, neither their prosecutors nor the FBI
| agents doing the investigating have had the problems you
| so colorfully describe. If it were the case that this
| type of moonlighting was happening, I think the FBI would
| have been bringing cases to court. That would constitute
| evidence.
| T-A wrote:
| They have. Here is a well known example from 2017 [1]:
|
| _During the conspiracy, the FSB officers facilitated
| Belan's other criminal activities, by providing him with
| sensitive FSB law enforcement and intelligence
| information that would have helped him avoid detection by
| U.S. and other law enforcement agencies outside Russia,
| including information regarding FSB investigations of
| computer hacking and FSB techniques for identifying
| criminal hackers. Additionally, while working with his
| FSB conspirators to compromise Yahoo's network and its
| users, Belan used his access to steal financial
| information such as gift card and credit card numbers
| from webmail accounts; to gain access to more than 30
| million accounts whose contacts were then stolen to
| facilitate a spam campaign; and to earn commissions from
| fraudulently redirecting a subset of Yahoo's search
| engine traffic._
|
| Here's what the Treasury had to say about it in April
| [2]:
|
| _To bolster its malicious cyber operations, the FSB
| cultivates and co-opts criminal hackers, including the
| previously designated Evil Corp, enabling them to engage
| in disruptive ransomware attacks and phishing campaigns._
|
| More about Evil Corp etc in [3].
|
| [1] https://www.justice.gov/opa/pr/us-charges-russian-
| fsb-office...
|
| [2] https://home.treasury.gov/news/press-releases/jy0127
|
| [3] https://apnews.com/article/business-technology-
| general-news-...
| kleer001 wrote:
| The entirety of the Cold War between the USA and USSR?
| Godel_unicode wrote:
| There's plenty of evidence that the USSR engaged in
| espionage activities. There's plenty of evidence that the
| Russian Federation has engaged in the same thing. Neither
| of those is what is being alleged here.
| this_user wrote:
| The fact that their coins were apparently easily stolen also
| debunks another favourite talking point of the crypto people
| that it secures your money from government access. Clearly,
| ways and means have been developed to do just that if
| necessary.
| lancemurdock wrote:
| so which is it then?
|
| "BTC is bad cause it can be used by drug dealers to launder
| money"
|
| "BTC is not even secure from government access"
|
| Surely someone will point out both can be true but the point
| is the anti-btc folks seem to be talking out both sides of
| the mouth
| TacticalCoder wrote:
| > Surely someone will point out both can be true but the
| point is the anti-btc folks seem to be talking out both
| sides of the mouth
|
| The most beautiful being: "The cryptocurrencies scam should
| all stop but, please, let us collect all the due taxes on
| the gains you made".
|
| From that standpoint which one is it: are they legal or
| illegal? Because it's funny that they both want it to be
| illegal, yet they want people to pay taxes on the gains
| they made.
|
| Hypocrites.
| simcup wrote:
| Not hypocritic at all. From a legal perspective even
| illegal made money is money made and therefore subject of
| taxation. Tecnically you even have to describe the means
| by that you have come to it. Otherwise you are commiting
| tax evasion. For example if you sell 100k worth of access
| to documented child abuse, you have to pay taxes on those
| 100k. Thats why you have to launder money made from
| illegal activities
| simias wrote:
| I think it's both: people who have something to hide for
| the government can make it pretty hard (but not impossible)
| for the authorities to track them down. On the other hand
| average people who don't have "anything to hide" have no
| reason to bother implementing these counter-measures,
| making it fairly easy to track their transactions on the
| public blockchain.
|
| In this case even the pros messed it up, but this is a very
| high profile case with undoubtedly a massive amount of
| manpower thrown at it in various agencies. You don't mess
| with USA's oil.
|
| And even then it's unclear if the money was actually
| confiscated.
| 21eleven wrote:
| Or one of the members of the criminal gang ran off with all
| the cryptocurrency and then made a public post claiming some
| form of law enforcement seized the crypto.
| kwertyoowiyop wrote:
| Or maybe they all did.
| aaronAgain wrote:
| This. Exit strategy all along. Or they were sloppy enough
| to get monitored accessing the coin wallet and exposing
| their private keys/passwords.
| duxup wrote:
| They seem to be trying to operate under new rules.
|
| That's not what you do if you just stole everyone's money /
| should run...
| shadowgovt wrote:
| As the old xkcd comic notes, no amount of mathematically-
| proven security protects your encrypted data if the private
| keys can be beaten out of you with a lead pipe (or, the
| cleaner version of that, "If you can be incentivized to hand
| them over given the alternative of jail time that lasts until
| you divulge your computer's password to the authorities").
| matheusmoreira wrote:
| > debunks another favourite talking point of the crypto
| people that it secures your money from government access
|
| In order to seize someone's cryptocurrency, the government
| has to literally seize the private keys used to sign
| transactions. This could be as easy as seizing computers
| containing the key but it could also be as hard as torturing
| people until they reveal their seed phrase.
|
| They can't simply order the banks to freeze people's assets.
| They have to physically go there and try to seize them. This
| puts a limit on the scope of their operations. It's just like
| surveillance: encryption makes dragnet espionage harder but
| it's still perfectly possible for a target to be attacked
| directly.
| doggosphere wrote:
| There is billions of dollars of value in BTC sitting in
| wallets as an open bounty for anyone who can hack private
| keys.
|
| So which of the following is most likely:
|
| - the government has a tool that can break private key
| encryption and used it to confiscate a hacker groups funds
|
| OR
|
| - whoever controls the groups wallet transferred it out and
| is on the run
| fencepost wrote:
| OR
|
| Someone got a little sloppy on their payment processing
| server (also seized) or with maintaining separate wallets
| and control of that server allowed sending of payments to
| an account specified by whoever was in control - likely
| since the server was for paying affiliates.
| doggosphere wrote:
| Right, which has nothing to do with blockchain security
| itself, and more to do with implementation of private
| keys.
| dstroot wrote:
| This is the most puzzling part of the story. These guys were
| evidently pretty skilled. I can see their servers being
| seized but I am struggling to figure out how they lost their
| currency. Did the Kremlin put a gun to their head and say
| "unlock the wallet"? This seems especially fishy.
| bolasanibk wrote:
| I can see plenty of governments doing exactly that.
|
| https://xkcd.com/538/
| dleslie wrote:
| > Did the Kremlin put a gun to their head and say "unlock
| the wallet"?
|
| You ask that like it seems implausible. To me, given what
| we know, it sounds light-handed for them.
|
| https://www.nytimes.com/2016/03/30/world/europe/russia-
| chech...
| soheil wrote:
| Or it didn't happen and this is just a story being told.
| ur-whale wrote:
| No.
|
| It just demonstrates that they're incompetent.
| simias wrote:
| This doesn't really improve the optics. If anything it
| makes it worse: if very technical people who clearly want
| to escape government oversight can't, what hope would my
| 60yo "I think Windows and Word are the same thing" father
| have to use them correctly?
|
| Beyond all the technical discussion about the value of
| cryptocurrencies I never believed that the idea that
| everybody would carry their cryptocurrency wallet with them
| at all time was in any way realistic. People would get
| their wallet stolen, destroyed or lost all the time,
| locking them away from their savings. The vast majority of
| people will prefer having the peace of mind of entrusting
| their coins to a third party who'd handle the technical
| details and provide insurance against lost and theft. And
| just like that we've reinvented banks.
| RandallBrown wrote:
| If you store your coins on a hard drive there's nothing the
| government can do to get them right? They would need your
| private key and your hard drive?
| thanhhaimai wrote:
| Opinions are my own.
|
| There is something called the "gun test". The crypto on an
| encrypted hard drive is not more secure than the gold bars
| in a locked safe. Its security is a function of how the
| secret holder response to gun-on-their-head events. In this
| case, since the government is directly involved (and
| angry), a lot of criminals may pick personal safety over
| assets.
|
| Frankly, I think a large portion of cryptocurrency
| proponents are overly confident in its "decentralization"
| and "safety". Cryptocurrency is only as safe as gold bars
| in a locked safe; and worse if you use a public exchange.
| TheSpiceIsLife wrote:
| This is commonly referred to as _Rubber-hose
| cryptanalysis_ :
|
| _In cryptography, rubber-hose cryptanalysis is a
| euphemism for the extraction of cryptographic secrets
| (e.g. the password to an encrypted file) from a person by
| coercion or torture[1]--such as beating that person with
| a rubber hose, hence the name--in contrast to a
| mathematical or technical cryptanalytic attack._
|
| https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
| doomroot wrote:
| In the bitcoin space it's colloquially known as the "$5
| wrench attack."
|
| All the cryptographic, air gapped security hardware
| doesn't matter if someone can beat the keys out of you.
| robocat wrote:
| Also perhaps a fair reason for some part of taxation.
| Owning millions in .*coin, and the ability to freely
| wander around in a first world country while not getting
| hit with a wrench has a _whole lot_ of value.
| gameswithgo wrote:
| Indeed, something I've tried to communicate to wealthy
| friends and family is that a higher tax rate,used halfway
| effectively, means you don't have to live in a gated
| community, in fear. You can roll around in your Ferrari,
| live where you want, and be reasonably safe.
| cletus wrote:
| Source: https://xkcd.com/538/
| ur-whale wrote:
| While I tend to agree with your argument, there is a
| difference: crypto is safe if no one knows it exists, or
| rather no one can link ownership to owner.
|
| It's very hard to do this with gold.
| asdff wrote:
| How is this different than burying gold?
| singlow wrote:
| A. You can store redundant copies in various secret
| locations.
|
| B. To bury gold you must transport the valuable property
| in meat space to your hiding spot after acquiring it.
| With cryptocurrency, you hide the secrets before they
| have value and transfer the funds to them without new
| data actually traveling to the hiding spot,
| electronically or physically.
| almost_usual wrote:
| So you accrue wealth and can never use it. What's the
| point?
| almost_usual wrote:
| This is why all crypto arguments end in "world peace" or
| a Bitcoin nation state which is centralization. The end
| game never makes sense.
| nonameiguess wrote:
| Unless you're located inside of a foreign military
| installation, there aren't many places to put a hard drive
| that the government can't get to.
| paulpauper wrote:
| put the contents on the cloud
| max__d wrote:
| In general, you store the keys of your coins, not the coins
| themselves. Everything is inside the blockchain and the
| blockchain makes possibile to be sure that you have what
| you should have, thanks to consensus.
| ac29 wrote:
| If you anger a sufficiently powerful nation-state, you
| should assume all options are on the table for recovering
| you, your hard drives, and your keys.
| [deleted]
| tartoran wrote:
| The hiding crypto from government entails im large part
| avoiding taxes, yet it seems like the government does not
| do much to recover lost taxes on current schemes such as
| fiscal paradises and so on. I doubt the governemnt would
| go as far as locating a harddrive, seizing it just for
| tax purposes. Something else must raise their flags for
| them to go that route. Also this route is very hit and
| miss in my oppinion and on a case by case basis
| ethbr0 wrote:
| "Does not" and "cannot" are two different things.
|
| My read is that tax enforcement failure is intentional,
| lubricated by political donations and influence, vs
| incompetence.
|
| See the high-net-worth enforcement group at the IRS that
| was quickly shut down for murky reasons.
| [deleted]
| paulpauper wrote:
| aes 256 is as strong as the decryption key . even as few as
| 7 words from a 2000-word dictionary should thwart any
| attackers. A slow KDF makes it all but impossible.
| sorbits wrote:
| As someone else said, you do not store coins anywhere, they
| are derived from the public ledger (block chain).
|
| What you store is your private key.
|
| Your private key was generated together with your public
| key, and your public key is, well, public.
|
| So the question is, can someone re-generate your private
| key?
|
| In theory, yes, it is possible. In practice, it takes a
| very very long time.
|
| But sometimes flaws are found in the generation process,
| like a weak pseudo-random number generated used, which
| significantly reduces the solution space, and then it
| becomes feasible.
| macksd wrote:
| I mean it feels almost cliche to post this at this point:
| https://xkcd.com/538/
| Teknoman117 wrote:
| relevant xkcd: https://xkcd.com/538/
| Huiokko wrote:
| Based on Snowden's stories you can assume that they went
| ahead as fbi/CIA national security threat which could mean
| fast access to isps and using zero days they do have.
|
| If that's not enough and anyone of them is in the USA they
| do have access
|
| Can your wallet be hard to crack? Yes but either use your
| zero day to get all data including a Password or book a
| little bit of supercomputer time for brute forcing.
|
| They might have linguists available to help out with a
| dictionary attack.
|
| As aluminum foil hat this might have sound in pre Snowden
| that's how it could have been played out.
| NotPavlovsDog wrote:
| iF you store your coins on a storage device not connected
| to a computer, maybe. As long as the government does not
| have access to the computer/phone the storage gets
| connected to, at any one time.
|
| With state actors, you have to assume they have
| access/backdoors to most modern computing devices, and that
| device has to connect to the internet only twice - feds
| activate the backdoor and give it instructions, and have
| the device send the requested info back to the fed.
|
| Minix being the most popular operating system, thanks to
| Intel-backdoor-on-a-chip, is only the tip of the iceberg.
| TacticalCoder wrote:
| > They would need your private key and your hard drive?
|
| Most people serious about cryptocurrencies do not trust
| computers/harddrives anymore since years. They use
| "hardware wallets", which are HSMs with a very small attack
| surface. It's not impossible that hacks happen but there's
| a gap so wide between "a Windows 10 computer running some
| Bitcoin software wallet" and "a Ledger Nano S" hardware
| wallet that it's basically two different worlds.
|
| Think a Yubikey (with a tiny screen) to cryptographically
| sign your transaction.
|
| $5 wrench attack still works but compromising your private
| key(s) by "logging every OS keystroke in the name of
| telemetry" or "using one of the tens JavaScript 0-day from
| today" doesn't.
|
| The idea behind these cryptocurrencies hardware wallets is
| that ANY computer you connect them to is compromised (which
| is precisely why you're using an hardware wallet) and that,
| yet, that's not a problem.
|
| I have to say: it's not a bad way to think about computer
| (in)security.
| spyder wrote:
| I don't see anywhere that the coins where stolen by the
| government. It could have been done by an insider from the
| group who had access to the wallet and 1. transferred to
| himself or 2. the damage and attention was to much for one of
| them and some ethics kicked in and ratted out the group to
| government. gave them his access. 3. the group got scared
| from the attention and stopped their operation and lying
| about the seizure, because at this point we don't even know
| if anything was seized at all, that info comes from the
| criminals which is hard to trust and wasn't confirmed by
| official reports yet.
| kwertyoowiyop wrote:
| Hey, if you can't trust anonymous cyber extortionists, who
| _can_ you trust?
| tantalor wrote:
| > business side of the oil company
|
| What are the sides of any company other than "business"?
| JohnTHaller wrote:
| I think parent may mean infrastructure side. If it had just
| attacked the office side of things, it would be the usual
| 'company infected with ransomware' story without affecting
| the public.
| tantalor wrote:
| My understanding is they did limit the attack to the office
| side:
|
| > After Colonial Pipeline reported that its corporate
| computer networks were hit by the ransomware attack, the
| company shut down the pipeline as a precaution due to a
| concern that the hackers might have obtained information
| allowing them to carry out further attacks on vulnerable
| parts of the pipeline.
|
| https://en.wikipedia.org/wiki/Colonial_Pipeline_cyberattack
| bostik wrote:
| The truly cynical take is that they managed to take down
| Colonial's _billing_. In response, Colonial shut down the
| pipeline - because obviously delivering oil without getting
| paid is out of the question.
|
| Yes, it's guesswork and pretty extreme conjecture but it
| has just the right amount of coldheartedness to it:
| https://zetter.substack.com/p/biden-declares-state-of-
| emerge...
| ctdonath wrote:
| While watching the USSR collapse in real time, I noted a
| reporter say the core of the breakdown was inability to
| issue paychecks to bureaucrats. No pay = no bureaucracy =
| no government.
|
| I've long wondered if that really was the case, seemed
| absolutely sensible...
| AlexCoventry wrote:
| They don't actually own the oil they're pumping, right?
| So if their billing was compromised to the point that
| they don't know what oil needs to be pumped where, they
| had a legal duty to refrain from pumping it willynilly.
| Scoundreller wrote:
| Shouldn't they have a paper-based/offline downtime
| procedure for this?
|
| (Oh shit, everything just went down, turn on the
| generator, go plug that printer and laptop in, and print
| off all the reports of where we were from the
| offsite/offline/whatever backup).
|
| What did they do before computers?
|
| Failing to plan is planning to fail and all.
|
| I like the idea of monthly planned downtimes where
| possible so people don't run around like a headless
| chicken when things go down. No different than a fire
| drill.
| miles wrote:
| The Colonial Pipeline Is Finally Back Online and Pumping
| Gas https://www.thedrive.com/news/40583/the-colonial-
| pipeline-is...
|
| > New details from within Colonial Pipeline have come to
| light surrounding the decision to shut off supply. Those
| briefed on the matter have suggested that fuel flows were
| shut down due to the company's billing system being
| compromised. Company officials were reportedly concerned
| that they would not be able to accurately bill customers
| for fuel delivered, and chose to stop delivery instead.
| ekimekim wrote:
| The more charitable take on this is that if one system is
| compromised, there's a high chance others may be, so if
| you have safety-critical systems and you're not
| absolutely certain they were properly air-gapped from the
| compromised system, shutting them down may be the safest
| course of action.
|
| In truth both factors probably played a role in this
| case, perhaps also with a hefty dose of "our software
| literally can't run if billing is down because it was
| never designed to handle that".
| [deleted]
| neither_color wrote:
| The more cynical part of me thinks the key is not which side of
| the company was attacked, rather the fact that it was an OIL
| company. The US has basically an unlimited budget and resources
| to go after organizations that mess with its oil supply.
| geofft wrote:
| I think the question is, how come an attack on a hospital does
| not have the optics of an attack on infrastructure?
|
| (It almost seems oil does _not_ require infrastructure - you
| can, theoretically, prep for an oil infrastructure outage by
| storing it containers, same as you do with water and food. But
| you can 't really prep for a medical infrastructure outage. Is
| it just that, as a result, there were no photos of people
| hoarding medical care and so there was less political will?)
| Denvercoder9 wrote:
| Oil does require infrastructure. What you put in your car is
| several steps removed from what is pumped out of the ground.
| jkubicek wrote:
| I think the parent's point was that if oil infrastructure
| is completely disrupted, consumers won't even be affected
| for a few days and the short-term consequences will be
| somewhat minor (some percentage of drivers won't be able to
| drive, deliveries may be delayed).
|
| If a hospital is shut down, then people will start dying
| immediately. The consequences are much more direct and
| severe.
| 3GuardLineups wrote:
| lolwut? this is insane. If oil infrastructure is
| completely disrupted it would be beyond catastrophic. Oil
| is completely foundational to our economy
| skeeter2020 wrote:
| hospitals without IT don't just kill all their patients
| and shut down. They slow down and loose capacity and
| capability while the realtively low-tech business of
| doctoring continues.
| dbt00 wrote:
| I think this is simplistic and overlooks logistics and
| flexibility.
|
| If a hospital closes, patients can be moved. If there's
| no gas, patients can't get to any hospital.
| pixl97 wrote:
| What if you attack the hospital in the middle of, lets
| say a covid outbreak, where no excess capacity is
| available. Now you've likely caused a significant number
| of deaths.
| Karunamon wrote:
| At least in the cities I've lived in, there tends to be a
| lot of internetworking in the local hospitals. If my
| local hospital, CRMC, were to be hit by ransomware or
| otherwise taken down it's likely that a good chunk of the
| city's health infra would be out or at least at risk too.
| Not to mention the damage an attacker could do to the
| data stored in an EHR system like Epic.
| jkubicek wrote:
| My point (which wasn't well made, admittedly) is that a
| closed hospital has immediate and material effects.
| Disrupted petroleum infrastructure isn't going to affect
| consumers for days.
| skynet-9000 wrote:
| Nor can you store gasoline for long unless you stabilize it
| (and even then), and certainly not safely in most
| residences. Classic car owners run into this issue, as do
| the diesel tanks for generators in datacenters (diesel is
| much more stable than gasoline)
| meepmorp wrote:
| > I think the question is, how come an attack on a hospital
| does not have the optics of an attack on infrastructure?
|
| An attack on a hospital affects someone if they work there or
| are using that hospital. A pipeline attack affects people who
| drive cars places and need gas. The latter group is much
| larger than the former.
| capableweb wrote:
| More apt comparison would be:
|
| Hospital affects workers who work there and people using
| that hospital VS Pipeline affects workers who work there
| and people currently refilling their cars with gas from
| there
|
| Or
|
| Hospital affects workers who work there and everyone within
| a radius who could need it at any moment VS Pipeline
| affects works who work there and people who generally rely
| on that gas to drive
|
| Suddenly the groups seems much similarly sized, while one
| being important for staying alive VS the other being a
| nice-to-have, if we consider it being offline for a week or
| two only.
|
| I know which one I would consider being worse if I was a
| country. But then we're also talking about a country who's
| fascination for oil is like no other, so this is hardly
| surprising.
| SirSourdough wrote:
| I mean, the pipeline in question provides half of the gas
| to the US East coast. You don't have to love oil to see
| that losing 40% of the supply to more than 100m people
| overnight would be a public safety (what if emergency
| vehicles can't buy fuel?) and economic risk.
|
| The number of people reliant on this pipeline is several
| orders of magnitude greater than would be impacted by
| taking a single hospital offline. You'd need to have many
| hospitals impacted to create a similar level of risk. The
| only big difference is that taking out hospital
| infrastructure can kill people immediately whereas the
| impact of a pipeline failure won't generally be felt for
| days or weeks.
|
| Edit: Based on your other response it sounds like we are
| on the same page.
| capableweb wrote:
| Yeah, I understand this and agree with you. Compare one
| of the biggest oil pipelines in the country with one
| hospital, of course one will be worse than the other.
|
| But if you instead compare 40% of the hospitals going
| offline VS 40% loosing access to gas, with similar
| conditions, I think the mortality will be higher by
| attacking hospitals. I think the government could
| probably somehow logistically ration oil if shit really
| hits the pan too, so essentials can keep running.
| Probably worse situation with hospitals, even though the
| military could probably help out there a bit.
|
| That's why it's weird to not react when people are
| attacking hospitals, vs oil pipelines. But as said before
| in my other comment, maybe not too weird.
| bluGill wrote:
| If 40% of the hospitals shutdown the majority of people
| would not notice if you somehow kept it out of the news.
| It would be a disaster for those who need a hospital
| right then, but the average person doesn't even visit a
| hospital once a year.
|
| The average person fills their gas tank once a month, so
| they are much more likely to notice personally.
| selectodude wrote:
| I guarantee if a ransomware attack shut down 40 percent
| of the hospitals in the United States at the same time,
| we'd have an Iraq War situation on our hands.
| throwawayboise wrote:
| Sure it's "nice to have" unless it does go on longer and
| suddenly nobody can get to the stores to buy food and the
| stores don't have any food to sell because the trucks
| that deliver it can't get fuel.
| capableweb wrote:
| Thanks for expanding, that was exactly what I meant. Ok
| for smaller duration, while a hospital without
| functioning equipment is almost useless (compared to it's
| original status) immediately.
| nonameiguess wrote:
| Hospitals themselves aren't really "infrastructure." All
| hospitals can operate independently from each other, so
| holding one for ransom only affects the one. If you can
| actually shut down a pipeline, you affect everywhere it ships
| to.
|
| Hospitals obviously do rely on infrastructure, so you'd see
| much more panic if someone could disrupt a national supply of
| blood plasma or insulin or something.
| [deleted]
| aerostable_slug wrote:
| I think the point people are missing is that hospitals don't
| just stop providing services when they are hit by ransomware,
| at least not in my admittedly limited experience. There's a
| ton of paper involved even today and life could move on with
| ballpoint pens and forms.
|
| The game was changed when Colonial closed the valves and
| services were impacted.
| Scoundreller wrote:
| And downtime procedures. They're not perfect, but like
| pipelines, they existed and operated before computers.
| myth_buster wrote:
| Critical Infrastructure as Govt defines it
|
| https://www.cisa.gov/critical-infrastructure-sectors
| Godel_unicode wrote:
| I'm not sure what point this comment is trying to make,
| according to CISA emergency services are a critical
| infrastructure sector. Therefore attacks on hospitals are
| attacks on critical infrastructure just like a pipeline.
| myth_buster wrote:
| Five distinct disciplines compose the ESS, encompassing a
| wide range of emergency response functions and roles:
|
| * Law Enforcement
|
| * Fire and Rescue Services
|
| * Emergency Medical Services
|
| * Emergency Management
|
| * Public Works
|
| Emergency Medical Services [?] Hospital
| [deleted]
| blululu wrote:
| Oil is flowing constantly and continuously into every corner
| of the country. The storage capacity is negligible and the
| need is critical. Unlike a single hospital there is very
| little room to shift excess capacity relative to usage and
| the knock on effects are potentially catastrophic (we lose
| power to every hospital in 500 miles and nobody can run the
| generator).
| throwaway316943 wrote:
| Destroying logistic infrastructure is how you defeat a
| country. Petroleum is critical to the functioning of modern
| economies, if you cut that off things go badly. They really
| kicked the hornets nest on this one.
| villasv wrote:
| I agree with you that an attack on a hospital is an attack on
| infrastructure, though I disagree with your arguments
| regarding oil infrastructure.
|
| The difference is response is a matter of impact scale.
| Usually, the infrastructure of a small group of hospitals is
| at stake. This time an entire state is hoarding gasoline.
| Both are infrastructure but the latter is causing nationwide
| effects.
| jp57 wrote:
| In addition to the other comments, there's a difference in
| scale here. Shutting down _a_ hospital would be like shutting
| down, say, several dozen gas stations in one part of a city.
| That would not have a lot of national visibility either. If
| they simultaneously shut down every hospital between Texas
| and New Jersey, it would have national optics.
| rurban wrote:
| Because when you attack oil it will be considered as an act
| of war and they will counter with their war powers. Which
| they did. No civilian police action against Sergey followed,
| but military style seizures, bitmix closure and Bitcoin
| retrieval. This was not the FBI, but their criminal higher
| ups. Military style, with no civilian oversight.
|
| Which is somewhat disturbing, because first the industry is
| still considered more important than civil services (city
| councils, hospitals). And second they will still continue
| using Windows services in their backbones. I have nothing
| against using Windows as frontends, but in the backbone of a
| critical company it's criminal negligence. Easy to hack, no
| backups, untrained admins with no idea about security.
| Wasting billions on money on theatre, and not working
| servers, groupware and email.
| munificent wrote:
| Implicit in your question is the idea that the reason there
| was a stronger response here was because of _optics_
| --because a large mass of US citizens demanded it.
|
| I think a more likely answer is that optics had little to do
| with it. Attack a hospital and you've got angry hospital
| administrators mad at you. Attack an oil pipeline and you've
| got billionaire oil executives and shareholders who have much
| of the US government in their pocket mad at you.
|
| You really don't want to anger people who can buy US
| elections.
| strict9 wrote:
| Lots of opining about motives and reasoning for the shutdown, but
| this seems like the most likely scenario:
|
| > _"However, a strong caveat should be applied to these
| developments: it's likely that these ransomware operators are
| trying to retreat from the spotlight more than suddenly
| discovering the error of their ways"_
| gzer0 wrote:
| "So Sergey has pulled the inevitable exit scam, proving yet
| again, that there really is no honour amongst thieves.
|
| I sincerely hope that no companies had paid the Tsar's ransom
| before Sergey headed off for his dacha in the Urals. Forking out
| millions and still having your network out would be a bitter pill
| indeed to swallow."
| rebelde wrote:
| DarkSide's English is incredibly good for some supposed Russians.
| It even has the correct use of the apostrophe in "clients'". I
| know nothing, but my hunch is that this was written by a well-
| educated person who grew up in the US or Canada.
| andreygrehov wrote:
| As a native Russian speaker living in New York, I concur. I
| work in Ad Tech and deal with clients from Eastern Europe quite
| often. Russians' English is _always_ recognizable.
| dkarp wrote:
| Is this sarcastic? Because you're a native Russian speaker
| and yet your English isn't recognizably Russian...
| andreygrehov wrote:
| Nope, it's not. I always try to polish my English as much
| as I can, but after more than 8 years living in US, I still
| occasionally get messages from co-workers saying like, "hey
| dude, not to be pedantic, but ..."
|
| If I were to write a long piece, you'd almost certainly
| notice that I'm not a native speaker. I'm subscribed to a
| few Telegram channels led by Russian speaking people and I
| always spot minor mistakes in their messages. Even when the
| text is grammatically correct, the way sentences are
| structured is what usually reveals them. I observe similar
| pattern with the partners I work with. Heck, even my
| English teacher's English (she is my friend on FB) is
| different from a typical writing style of a native speaker.
|
| It obviously doesn't mean that Russians cannot learn a more
| "traditional" English, but when it comes to Russian
| hackers...meh, the chances are low, imho.
| baobabKoodaa wrote:
| > I observe similar pattern
|
| I think a native English speaker would have written
| either "I observe a similar pattern" or "I observe
| similar patterns". Your choice of words in that sentence
| feels russian to me (although I may be influenced knowing
| what you told earlier).
| intricatedetail wrote:
| Or they used something like Grammarly...
| whatshisface wrote:
| The lack of thick accents, hammer and sickle symbols, and
| hardbass leaves me seriously questioning the plausibility of
| this "Russian" theory.
| baobabKoodaa wrote:
| I also took note of the apparent lack of tracksuits, vodka,
| AK-47s, and bears.
| mywittyname wrote:
| I've noticed that central Europeans have pretty stellar grammar
| in general. I was doing some work on an open source project
| created by a Polish team and was surprised by how many obscure
| grammar rules they obeyed.
|
| Might have something to do with many of these rules being
| derived from Latin and their native language is probably closer
| in structure to Latin than English is.
| [deleted]
| culturestate wrote:
| I can't decide if it's worse to imply that Russians can't learn
| English or to think that the anglosphere only exists in North
| America.
| rebelde wrote:
| I am just saying that it is idiomatic North American English.
| I, for instance, could not write in idiomatic British English
| if I tried. For instance, your use of "state" in your
| username and "anglosphere" in your one sentence strongly
| hints to me that your English is not purely North American.
| (I see your profile, too.) The vast majority of Americans
| would use different terms.
| culturestate wrote:
| Looking only at the parts quoted in krebs's post, it
| doesn't really stick out to me as either American or
| British English. They use double quotation marks, for
| example - American - but leave the trailing comma outside,
| which is British.
|
| Other than that, there are no giveaway spellings or idioms.
| It could just as easily be someone whose exposure to
| English is dominated by technical documentation, which
| tends to use mostly American style.
| rebelde wrote:
| You have a good point about the comma. I am not sure what
| the use of the word "funds" tells me. I think in the US,
| only the highly-educated or those in the financial
| industry would use that term instead of "money"
| (bitcoin?). It very well could be much more common in
| other parts of the, umm, anglosphere.
| [deleted]
| jtdev wrote:
| I would wager a foolish sum that Colonial had a complete shit
| security posture and had many opportunities to improve but chose
| to accept this risk at the executive level. I have zero sympathy
| for Colonial.
| jtdev wrote:
| LOL:
|
| "Tech audit of Colonial Pipeline found 'glaring' problems"
|
| https://apnews.com/article/va-state-wire-technology-business...
| ThinkBeat wrote:
| A far fetched scenario:
|
| If I were these guys (I am glad I am not), You have just brought
| down far more interest and heat from now just law enforcement but
| probably at least a couple of intelligence services.
|
| Arranging your own death would seem like a reasonable thing to
| do.
|
| All our money is gone, stolen. All our servers are gone, grabbed
| by law enforcement. We have nothing left. Bye.
|
| It would be interesting to follow the Bitcoins traversal around
| the network.
| adventured wrote:
| Having done something so idiotic as inadvertently taking down
| critical infrastructure for a superpower with global military &
| espionage capabilities (that nearly all nations will cooperate
| with) - the problem is, the people chasing you do not give a
| shit about your money and whether it's gone, and they do not
| care about your servers. Bye won't work, and faking your death
| won't be believable. If you're these people, you're going to be
| hunted to the ends of the planet and most likely they're
| royally screwed with no way out (unless they're under the
| direct protection of eg China or Russia).
| kordlessagain wrote:
| Like I said, unethical and unskilled losers.
| goshx wrote:
| So is everyone accepting this as truth? No suspicion of smokes
| and mirrors?
| 2wired wrote:
| Lets not forget a lot of the images they were showing of plastic
| bags in car trunks were stock photos from Mexican fuel smugglers
| etc, media was used to fuel panic to protect the oil company, and
| justify retaliation.
| thysultan wrote:
| A good old "i lost the electronic coins in a boating accident".
| If nothing comes of this after this, this serves as a good proof
| of concept.
| SavantIdiot wrote:
| Why should I believe this? They can shut down their servers, move
| their crypto to different wallets, and pop up again in a few
| weeks, right?
| timdellinger wrote:
| It's plausible that this is all a scheme to evade capture.
| Disband the current organization, (get rid of a few people who
| you've wanted to jettison anyway), and then set up shop afresh
| elsewhere. It sends the message to whoever's looking for you
| that the whole thing has been burned to the ground and there's
| nothing to raid or seize or shut down.
| bluGill wrote:
| Possible, but there is too much a chance that the cops
| already know who you are and just need to gather evidence in
| a form they can take to court. By shutting down they ensure
| that no more evidence is gathered. By starting a new
| organization they can't be sure that they aren't still being
| watched.
| bluetwo wrote:
| Depends if the DOJ issues arrest warrants for the members in a
| couple weeks.
| SavantIdiot wrote:
| Since they aren't in the US, it is probably more of a
| proactive step by the DOJ to build a case for sanctions.
| Assuming they know what country the perps are from, which
| doesn't seem all that clear.
| bluGill wrote:
| There are only a handful of countries that won't accept the
| US arrest warrants and turn over whoever. A few countries
| will demand something first, but this means no death
| penalty, not something that is in anyway a big deal for the
| other country. It is semi-routine for most countries to
| capture and turn over criminals within the borders to
| another country.
|
| That is why people bring up Russia and North Korea. Those
| are the two most likely countries that wouldn't. There are
| a few others, but not many.
|
| Even China which in general I wouldn't trust would in this
| case. If China did an attack like this it would be much
| more targeted and they wouldn't be looking for ransom money
| - See the attacks on the Iran nuclear program for example:
| attack a target that actually matters. (those attacks were
| probably US or Israel, but it is the type of thing China
| might do).
| sfotm wrote:
| I'm skeptical as well. They know they built up a little too
| much notoriety and want to exit the game, is my guess. A core
| set of people can live pretty comfortably off of the ransom
| here, though they'll have a hard time laundering it.
| stickfigure wrote:
| Agreed, except why bother pop up again? They just got a big fat
| payment of $5m. Plenty to split with a small team. It's a good
| time to cash out and disappear.
| SavantIdiot wrote:
| Seriously! It's FIVE MILLION. That's "I don't ever have to
| work again" money. What is wrong with people! Probably they
| want Mercedes, and Rolexes, and Mont Blanc pens and all that
| showy consumer garbage.
| simias wrote:
| $5million spread between an unknown number of people and
| that need to be laundered before it's turned into Rolexes
| and Mercedeses. Given the high risks it doesn't sound like
| a great deal to me especially since competent hackers can
| usually command a fairly high salary in legit companies.
| colechristensen wrote:
| The median lifetime earnings in the US is 1.7 million, and
| that's equivalent to... $20 an hour or so. 5 million is
| "never work again" money for a couple of people who want
| middle class incomes the rest of their lives... it is not
| really that much when spread over more than a few people.
| stickfigure wrote:
| These people likely do not live in the US. Also, how big
| do you think the core team is? I would assume they're
| freezing out anyone who can't identify the culprits.
| showerst wrote:
| Darkside is likely based in Russia, where lifetime median
| earnings are much lower.
| jandrese wrote:
| They're also going to lose a big chunk of that to money
| laundering losses. But since it is in Bitcoin it's
| probably going to appreciate over time. The problem is
| that if they fuck it up just once the record will be on
| the blockchain forever and they'll never be safe.
| specialp wrote:
| They know that they can and will be found, and are running
| scared. In general ransomware works because it takes a lot of
| resources to find the criminals behind it. And generally
| there's not enough resources to do this. But once it hits a
| level where it creates a widespread national problem, it
| becomes more of an act of war. Then you get people involved
| that aren't just law enforcement and have tools that aren't
| available to law enforcement with large budgets.
| jl2718 wrote:
| I don't understand how ransom ware works at all. The address
| is known well in advance, so a miner knows they might face
| sanction of their own coins for including it in their block.
| Not worth it.
| snypher wrote:
| Running scared though? I see this as the dash from 2nd plate
| to 3rd. If you're going to ditch your servers and wash your
| coins you might as well make it seem like you were
| compromised. I don't think there's any fear here as they
| surely must have anticipated the consequences.
| ttul wrote:
| Not to mention diplomatic channels to apply pressure on local
| governments that may have previously lacked the impetus to do
| anything about these groups.
| aazaa wrote:
| > The crime gang announced it was closing up shop after its
| servers were seized and someone drained the cryptocurrency from
| an account the group uses to pay affiliates.
|
| If so, this is either:
|
| 1. one heckuva Mickey Mouse operation
|
| 2. a smokescreen
|
| The statement never mentions Bitcoin, but let's assume that this
| is the "cryptocurrency" being referred to.
|
| That Bitcoin private keys were being stored on a "server" strains
| credulity. There's very little reason to do so, and every reason
| not to.
|
| Payments can be received and orders fulfilled by a server -
| without private keys. Multiple addresses can be watched in read-
| only mode.
|
| The only reason for a server to hold private keys is if that
| server is capable of making automated payments, and that
| capability is a crucial part of the operation.
|
| Bitcoin's history is littered with the corpses of people who
| messed up the management of their own cryptographic keys. Any
| reasonably competent operator would know about them and would
| never, under any circumstances hold private keys on a server.
|
| Which leaves Option 2. Smokescreen. Make it look like all the
| loot was lost, try to throw investigators off the trail.
|
| If so, it's a lame attempt.
|
| One other possibility comes to mind. The ransom itself was the
| smokescreen.
|
| The amount of the ransom was nothing for a company the size of
| Colonial. And it's about 1/10 of the annual salary of some
| developers. Why risk the prospect of life in prison for such as
| small payoff?
|
| The reason is, of course, to make this operation look like
| something it's not. A Mickey Mouse band of idiots who can't
| manage their own private keys or servers. Lots of reasons to do
| this, starting with the notion that the attackers are trying to
| conceal their identities. And maybe that this was a test
| operation. Throw in the trinkets of ransom to make it look
| believable to the public.
| KZZ wrote:
| $5 million is 1/10 the annual salary of some developers?
| [deleted]
| CobsterLock wrote:
| I could see 10 developers costing that much
| kube-system wrote:
| $500,000 salary? Let me know where these jobs are because
| I'd like to submit my resume.
| jandrese wrote:
| More like a $250,000 salary + benefits. Medical coverage
| is hideously expensive for example. Plus retirement,
| dental, insurance, and taxes. Still a cushy salary for a
| dev, but not completely out of the realm of reason.
| simias wrote:
| That's definitely a high salary except for the biggest
| companies in the richest parts of the richest countries.
|
| I do thin the parent's point still stands though, my
| current salary is not nearly that high but you'd have to
| pay me a lot more than $500k for me to risk hacking an
| American pipeline. That's an insane amount of risk for a
| few years worth of salary (that I'll probably have to be
| very careful laundering if I don't want to raise
| suspicions).
| eganist wrote:
| Senior/Staff developers/architects etc at FAANGs can
| command as much or more. It's a routine topic of
| conversation on hn. Netflix specifically is known for
| paying much more of it as cash than the others.
|
| https://www.levels.fyi/?compare=Amazon,Apple,Netflix,Goog
| le,...
| jorblumesea wrote:
| For experienced seniors and principal/staff engineers,
| this is pretty close if not below market rate. But
| presumably most of these engineers are globally
| distributed and 500k for eastern Europe is an immense
| sum.
| smabie wrote:
| A 500k isn't all that unusual in tech I feel like..
|
| Like a senior engineer at a FANG is probably making that
| much or more all in.
|
| Entry level salary for tier one firms across finance and
| tech is probably around 250-300k. Not hard to get to 500k
| with some experience.
| kube-system wrote:
| It is very, very unusual. Unusual even in California:
| https://www.bls.gov/oes/current/oes151256.htm
| vmception wrote:
| Ironically, it plays off of ignorance in either option.
|
| The DOJ could bolster credibility of itself to the ignorant by
| saying "thats right criminals you cant hide" even if the DOJ
| never got anything.
| InfiniteRand wrote:
| Anyone curious about who were the advertisers of a ransom ware
| gang? Am I missing something?
| justapassenger wrote:
| Seems like they should invest more into cybersecurity, if someone
| was able to "steal" their Bitcoin and take over their
| infrastructure ;).
|
| But honestly, this only shows that IT systems are nowadays so
| complex that you cannot get them right and be able to truly
| protect you, no matter if you're good or bad guy.
| dkarras wrote:
| I doubt anyone stole their bitcoins though. I assume they just
| transferred it out themselves and will cash out later.
| intrasight wrote:
| I was thinking the same. But it would be hard to cover such a
| conspiracy.
| stadium wrote:
| It just takes one agent or informant on the inside to bring the
| whole house down.
| intrasight wrote:
| > takes one agent or informant
|
| Only if that agent has the master keys. Strong security is
| about making sure that there is no master key.
| justapassenger wrote:
| If you have single point of failure, either on technical or
| human level, you aren't doing it correctly.
|
| But it's really hard to build systems and organizations like
| that.
| breck wrote:
| > like they should invest more into cybersecurity
|
| I would say invest more thought, less money.
|
| For example, use open source more. Minimize the amount of data
| and information you have that needs to be closed source.
|
| Avoid Windows. Use Gmail over Outlook. Have offline backups
| with sneakernet disaster planning. Get a cheap safety deposit
| box for storing keys. Use 2FA. There are lots of free/low cost
| ways to have better security.
| feu wrote:
| > Use Gmail over Outlook.
|
| Why would you recommend this? I can understand the reasoning
| behind the rest of your recommendations, but not this one.
| breck wrote:
| AFAIK, Gmail has suffered on the order of 100x+ fewer
| security incidents than Outlook. However, I am unclear on
| the distinction between cloud Outlook and the
| Exchange/Outlook combo. So me saying "Outlook" may be a
| mistake, and the correct term may be Exchange.
| justapassenger wrote:
| It's not 2001 anymore. You can have both secure windows and
| Linux infrastructure.
|
| Telling people to just use Linux as a remedy doesn't help. If
| you don't invest into securing your Windows infra, your Linux
| infra will be also full of holes.
| breck wrote:
| In 2016, while I was still working at Microsoft, they gave
| us cloud engineers a separate laptop for accessing customer
| data (they called them SAWS, for Secure Access
| Workstation), because they decided that our normal everyday
| Windows 10 machines with root privileges could not be
| trusted. This was in 2016, not 2001.
|
| I do not think you can have secure Windows infrastructure
| today. In the future, a few years after it's fully open
| source, perhaps.
|
| Of course you are free to make your own bets.
| justapassenger wrote:
| This sounds more like a policy decision. Any serious
| company is heavily limiting how customer data is
| accessed. Lots of them have special rooms, with heavy
| physical security, where you cannot even bring electronic
| watch, not even talking about your work phone or normal
| work laptop. And those companies often run on Linux.
|
| Open source doesn't make stuff magically secure. Remember
| heartbleed? Or how easy it's was proven (by sketchy
| research, sure, but that's secondary point) to bring
| malicious code into THE open source project, Linux
| kernel?
|
| Believing that by simply using open source you have
| secure infra, and that by using Windows is naive view by
| people who never seriously worked on security for big
| companies.
|
| I say all of that as a heavy Linux supporter. Linux is
| better, yes. But it's not a magic bullet. I've worked in
| Windows shops that had extremely good security, and Linux
| shops that could've been hacked by someone after one day
| classes of how to be a hacker.
| breck wrote:
| Agreed that open source isn't perfect, but 99.999% secure
| is still a lot better than 99.9% secure.
| jakearmitage wrote:
| https://xkcd.com/538/
| purple_ferret wrote:
| What exactly is a 'payment server' in terms of a crypto wallet?
|
| Surely, they're not storing their bitcoin keys on some aws linux
| box are they?
| doomroot wrote:
| With bitcoin you can produce infinitely many public
| keys/addresses without your private keys ever touching an
| internet device.
| cirowrc wrote:
| wouldn't be surprised if that's their version of "lost all my
| crypto in a boating accident"
| klyrs wrote:
| > "There's too much publicity," the XSS administrator explained.
| "Ransomware has gathered a critical mass of nonsense, bullshit,
| hype, and fuss around it. The word 'ransomware' has been put on a
| par with a number of unpleasant phenomena, such as geopolitical
| tensions, extortion, and government-backed hacks. This word has
| become dangerous and toxic."
|
| I am... flabbergasted. _What?_ Ransomware has _always_ been a
| brand of extortion; it 's right there in the name. _Extortion_
| has become dangerous and toxic? You have got to be kidding me. I
| wonder what 's next for these folks. A life of simple, honest,
| pleasant and non-toxic crime?
| jmkni wrote:
| I actually laughed out loud reading this, _These guys are
| giving ransomware a bad name_ , ahahaha, what?!
| knolan wrote:
| I read it as more of a "they've ruined it for the rest of us"
| whinge.
| ketzo wrote:
| It's absolutely that, yeah. These guys were making fat
| stacks licensing out their Ransomware-as-a-Service package;
| now, since a customer flew too close to the sun/U.S.
| government, they're fucked.
|
| Tragedy of the commons? Sort of? Not really?
| eganist wrote:
| I'm interpreting the statement to mean that ransomware very
| rapidly lost its reputation as a nuisance-crime this week.
|
| Misplaced ransomware runs a far more substantial risk of
| triggering enforcement action now. Or at least that's the
| perception I'm deriving from the quote.
| klyrs wrote:
| Others seem to suspect that this is a ploy. It does kinda fit
| the melodrama on display...
|
| Otoh, as a kid I was into small-time mischief (pilfering
| candy from teacher's desk kinda stuff). I had a good sense of
| what would go unnoticed, but I was a bit too trusting of my
| friends. They'd go overboard, get caught, and I'd take the
| blame. So, I can sympathise with this a bit
|
| Without external proof, I wouldn't hazard a guess as to which
| it is
| renewiltord wrote:
| It actually sounds like what someone does when the mob boss is
| coming after you. Your car catches fire and there's a charred
| body inside with your watch on it. The money you took from him is
| gone. It probably caught fire.
| kossTKR wrote:
| Can crypto actually be non-traceable? I remember currencies like
| Monero or ZCash advertising privacy from the last crypto craze.
|
| I mean if you have 100M in some account, can you actually run it
| trough "private" currencies to remove traces? BTC, ETH etc. all
| seems super traceable, even more so than in regular banking.
|
| Also how are criminals getting their money out with no one
| noticing, does Panama/Malta etc. have Kraken/Bittrex equivalents
| with no questions asked?
| andrepd wrote:
| As far as I understand it, Monero (XMR) is private and
| untraceable.
| vmception wrote:
| You dont do it that way. Just drop it in Tornado.cash and a few
| days later withdraw to a virgin crypto address. The virgin
| crypto address just pumps a token that you bought in another
| clean address with clean money prior.
|
| You sell the token in the clean address at a massive profit and
| cash out under your real name and ID _and even pay taxes_.
|
| Go look at any highly pumped token on
| Uniswap/Sushiswap/Pancakeswap and you'll find plenty of
| addresses that either bought or added to the liquidity pool
| using funds that begin with Tornado.cash, there is no way to
| distinguish the nature of the transaction from simple
| observation. All blockchain technology is heading to parity
| with the privacy afforded by traditional banking, without the
| financial intermediary to question anything for the state.
| intotheabyss wrote:
| You could even send ETH to the Secret Network and perform
| token swaps and then send it back to a clean address.
| vmception wrote:
| Yes, even better because the smart contract execution is
| private and all the variables (receiver, quantity) are only
| temporarily stored with the validator's SGX chips and not
| onchain.
|
| Less liquidity there, for now. Meaning the exits would more
| likely be the same beneficial owner, but definitely an
| additional route for liquidity.
|
| Similarly, I think there should be a version of
| Tornado.cash that stores notes in SGX and Secure Enclaves,
| as enough devices have this now. (Although that forces only
| one device to have the note. Instead of a transferable IOU)
|
| How well does Keplr or Cosmos wallets work over Tor? Are
| their any onion nodes that can resolve broadcasted
| transactions?
| vmception wrote:
| Also note: I would still say having a record of trading
| gains would still be better whether using an EVM+Tornado
| or Secret Network, as this is much easier to account for
| than never accounting for the obfuscated funds or trying
| to further obfuscate and reintegrate with front
| businesses
| intotheabyss wrote:
| ETH can be sent through tornado.cash or through zkDAI. Both of
| these use zero knowledge proofs to break the link in the chain.
| TwelveNights wrote:
| One way I've seen discussed on HN is by sending varying amounts
| to N different accounts, where some are owned by you /
| affiliates and others are not. In a sense, paying for
| obfuscation of which accounts are actually owned by you.
| briffle wrote:
| Until one of those people buys a Tesla with bitcoin (yeah, I
| know they just stopped doing that) from a wallet that can be
| traced to that payment, and then its just the authorities
| following up the chain.
|
| People like to seem like all these crypto's are totally
| anonymous, but every transaction ends up in some sort of
| public blockchain. So unless you have air-tight OPSEC and
| people that will never talk, no matter what kind of jail time
| they are facing, its always going to be traceable with enough
| interest.
| paulpauper wrote:
| it can be harder to trace, but the bigger problem is trying to
| turn it into cash, which is hard to do anonymously regardless
| of the currency used (BTc, XMR, etc). THe FBI,Secret Service,
| are mostly focused on the conversion of crypto to cash, not the
| intermediary steps.
| mwvr wrote:
| doesn't work if the fiat converted to is in another
| jurisdiction
| adventured wrote:
| There are few jurisdictions where the US Government can't
| easily get at you, either physically or financially. China,
| Venezuela, North Korea, Russia the list is super thin and
| almost exclusively places you either don't want to be or
| where you better be a protected local (otherwise they'll
| just hang you out to dry for their own benefit or
| amusement).
|
| Most authorities around the world will want to nail you -
| and or your money - in cooperation with the US authorities
| (or otherwise for their own benefit). Once they know the US
| wants you, you become a toy to be used to some end, you're
| toast, your life is over.
| sudosysgen wrote:
| Don't forget Iran and Vietnam.
|
| You don't need to live there for very long. Just for long
| enough to cash out into fiat, launder the money, etc...
| bluGill wrote:
| Maybe. This isn't a political target though, this is
| criminals wanting money. At most the governments gets a
| bit of tax money: it just isn't worth it even before you
| consider that the gangs who can pull this off may turn
| against the governments. Governments may want the types
| of people on staff who can pull off these attacks, but
| they are careful on who gets targeted, and money isn't
| the goal.
|
| Vietnam doesn't like the US for historical reasons, but
| overall they want to play on the world stage. Also US
| relations have been thawing over the years. I'm inclined
| to think they see it as to their advantage to help out.
|
| Similar with China - they want the ability to get at the
| US, but they are more likely to reserve it for something
| that matters to them. Money doesn't really matter as much
| as they get plenty sending the US cheap plastic toys.
| Though if China declares war next week this could be
| their first attack (highly unlikely, it is possible
| though)
| danlugo92 wrote:
| One (of many) ways: Monero -> bitcoin -> localbitcoins with
| stolen identity.
|
| Each localbitcoins account can trade up to $200k a year without
| any kind of in-person verification.
|
| Also a lot of exchanges let you cash out via western union
| so... you could theorically send yourself say 10k or 20k a a
| month with that, there's no need to just withdraw it all at
| once.
| Kranar wrote:
| There is no way to exchange Monero for Bitcoin or vice-versa
| without the risk of being tracked. LocalBitcoins has been
| doing KYC/AML since 2018.
| TheAdamAndChe wrote:
| Transactions between monero accounts can't be tracked, or
| at least there's no evidence that they can be tracked.
| stiltzkin wrote:
| Atomic Swaps on Monero will be decentralized, no KYC.
| intricatedetail wrote:
| But if you get BTC through a mixer chances are they are
| tainted and you get yourself in trouble when withdrawing.
| Taek wrote:
| Yeah Zcash provides good privacy for the most part, as long as
| you use it correctly. Once you cash out, it's a typical money
| laundering problem. How do you get money into circulation
| without raising suspicions of where it came from?
|
| Plenty of solutions. Mules using exchanges, buying NFTs from
| yourself, "lucky" investment picks in low liquidity alts, etc
| ikeboy wrote:
| Yes, up to a limit.
|
| It's super trivial to withdraw, say, 1M. You can use
| https://tornado.cash/ to mix 100 ETH, there's currently around
| 10k such deposits, so you could do that 2-3 times to move 1M in
| ETH to an address that can't be tied to your previous
| addresses.
|
| It's possible but no longer trivial to withdraw 10M. You could
| use the above method over a period of time, and some other
| methods.
|
| It becomes much more difficult at much higher values. You could
| probably get 100M out disguised as trading profits or
| something. If I spent a few days thinking about it I could
| probably figure out ways to mix that much money on ETH, filter
| through DeFi apps, etc. Seems doable.
|
| You could also just work with large exchanges that don't care.
| I don't know which ones are like that now, probably fewer than
| years ago.
| intotheabyss wrote:
| You don't need to. You can send the ETH to tornado.cash.
| Their anonymity set is such that 100 million would take a
| long time, but on the order of months to withdraw.
| Tornado.cash has millions in total locked value in different
| ETH denominated pools.
| ikeboy wrote:
| Yeah I guess, as long as ETH stays around the current
| level.
|
| But if you do hundreds of withdrawals from tornado, it's
| less anonymous, because the set of people that have
| deposited that range to tornado is much smaller than the
| set of people who did a handful of deposits. Instead of
| 10k, you might be one of a few dozen or less.
|
| You could always send a million to a friend (through
| tornado) and have them cash out for a cut, and repeat that
| 100 times, if you have 100 friends. That would kill on-
| chain analysis.
| skeeter2020 wrote:
| The fact that everyone's first answer when prompted "how
| do we wind down this huge pile of cryptocurrency?" is
| convert it to fiat makes me skeptical on all the long-
| term ambitions from promoters.
| intotheabyss wrote:
| Well you could take the ETH and stake in the beaconchain
| and get 8% more ETH per year (depending on staking
| rates). Or you could use the ETH to get a loan in DAI on
| Compound or Maker. Or you cn buy synthetic assets like
| stocks on Synthetix. Plenty of things to do in the
| Ethereum ecosystem.
| bruiseralmighty wrote:
| Crypto currency itself can be completely anonymous, but the
| difficulty is in the on-ramp and off-ramps to and from state
| fiat money.
|
| For example, I want to buy ZCash that is untraceable to me. I
| need to exchange ownership of a hardware wallet (like a
| physical USB device) for a pre-determined amount of state fiat,
| lets say USD in this case. In order to facilitate this I need
| to find a trusted seller, arrange a meeting, verify the actual
| value of the physical wallet, and make the exchange. There are
| non-physical means of making it _harder_ to trace state fiat
| back to you, but not impossible. The state has simply had too
| much influence over these places of transaction for too long
| for anybody to be truly un-findable given a long enough period
| of time.
|
| Assuming I can find someone willing to on-ramp me like this I
| will need to take steps to ensure that our communications are
| encrypted and untraceable. This means not only do I need a
| decentralized encrypted messaging service, I also need to
| conduct this communication in a way that does not give away my
| geographical location and is not vulnerable to security logs
| (say by checking the cafe's video feed from the time I was
| messaging my seller). Then I need to go to the meet, exchange
| the physical wallet for cash, and verify the amount in it is
| accurate (and also preferably not stolen). I need to do this
| without revealing my identity to my seller and avoiding
| security logs once again. This is all now possible whereas
| before Satoshi it was impossible, but it is still difficult.
|
| Alternatively, I could just sell some kind of digital asset in
| exchange for ZCash to begin with. Now I do not have to worry
| about an on-ramp. If I control my distribution server then I
| can erase or encrypt my sales logs in order to prevent any
| estimation of my total sales for the year.
|
| Off-ramping is much harder. I either need to become a seller of
| a physical wallet which has all the same problems that plagued
| me before, or I need to live in an economy where off-ramping is
| not required. This would be a physical location where all
| transactions are conducted in secure, anonymize, cyrpto-
| currency transactions. Similar to my earlier problem, this is
| now possible but extremely difficult. An individual or a group
| of individuals is going to have to bootstrap an entire local
| economy.
|
| Being localized is also an issue since there is nothing
| preventing the USG from simply rolling in the tanks to break up
| this localized tax haven.
| generalizations wrote:
| I think it's still just pseudo-anonymity, even for monero.
| Which means, practically, that I don't think it would have done
| more for these guys than just delay the seizure.
| tryptophan wrote:
| Nope. Monero is actually private and untraceable.
| gowld wrote:
| Is getting in and out of Monero private and untraceable?
| jackson1442 wrote:
| Until someone cracks it, that is. If it becomes the crypto
| of choice for some of the bigger fish, you can bet the
| government will find a way to trace it.
| dougk16 wrote:
| There is at least $625,000[1] on the table already. Not
| to mention how many blockchain analytics companies and
| other actors would pay millions to have such a
| capability.
|
| [1] https://www.forbes.com/sites/kellyphillipserb/2020/09
| /14/irs...
| jackson1442 wrote:
| The main reason I bring this up is this is the same
| promise Tor brought- "completely private" etc. And we all
| know how that went down:
| https://www.vice.com/en/article/4x3qnj/how-the-nsa-or-
| anyone...
| meowkit wrote:
| I did a deep dive with a friend of mine (we're both OS
| engineers) and its going to be a hell of a cookie to
| crack.
|
| There is a literal virtual tumbler built into the
| transaction protocol called ring signatures.
|
| Stealth addresses (an additional crypto key pair)
| obfuscate senders and receivers.
|
| They also hide the amount transferred which blew my mind.
| ryanlol wrote:
| >Until someone cracks it
|
| This is certainly not a given. The government isn't going
| to be cracking signal messages within any reasonable
| timeframe either.
| bluGill wrote:
| There are ways to crack encryption that have nothing to
| do with math. It doesn't matter how good your crypto is.
| You could probably get by plain text as far as the FBI's
| effort to crack your crypto are concerned as they won't
| waste their time checking if you are that stupid.
| 55555 wrote:
| This doesn't really make sense. In the case of a criminal
| laundering crypto, they don't know who the criminal is,
| so the rubber hose attack doesn't work.
| briffle wrote:
| Obligitory XKCD: https://xkcd.com/538/
| ryanlol wrote:
| Rubberhose cryptanalysis does not work with Monero
| because you don't know who to whack.
| 2OEH8eoCRo0 wrote:
| How many times are we going to learn that that's just not
| true.
|
| There is no safe, only shades of safer.
|
| Is the mathematical underpinnings of Monero sound? That's a
| good starting point. There are still implementation bugs,
| compiler bugs, architecture bugs, supply chain
| vulnerabilities, and state actors with unlimited $.
| ur-whale wrote:
| >I think it's still just pseudo-anonymity
|
| Nope.
|
| Monero, ZCash, and mimblewimble-based cryptos (grin, beam)
| are certainly not pseudo-anonymous, and tracking is darn near
| impossible if the users don't do anything stupid.
| hanklazard wrote:
| yes, with zksnark-based tech (zcash, zk.money, etc)
| chowda wrote:
| These groups will often use bitcoin tumblers/mixers to
| anonymize their btc. This is a solid explanation
| https://www.deepwebsiteslinks.com/wp-content/uploads/2017/10...
| chrisBob wrote:
| Is there a technical reason that makes use of a tumbler
| legally safe? My concern would be that putting in a clean
| bitcoin would result in me getting a fraction of a stolen
| bitcoin and I would be receiving stolen property. The fact
| that they are fully traceable means that it would be easy for
| someone innocent to be caught up in something like that.
| [deleted]
| jandrese wrote:
| That and you don't know if the tumbler you are using is
| operated by the FBI.
| normac2 wrote:
| I'm interested to understand the psychology of ransomware types
| who go after these enormous and important targets. That includes
| the pipeline, which obviously claimed at least a few lives of its
| own via people not being able to drive to get medical care, etc.
|
| Are they armchair criminal masterminds who don't really have a
| visceral understanding of how much damage they're doing? Or just
| straight up psychopaths? I can't think of any other options.
| notsureaboutpg wrote:
| It is not obvious that this claimed any lives as fuel shortages
| weren't really there because of the quick payment of ransom.
| About 1% of gas stations in the Southeast ran out of fuel for
| like a day.
|
| By the standard you are applying almost everything can cost
| lives.
| Miner49er wrote:
| They've learned from this, from the article:
|
| "The REvil representative said its program was introducing new
| restrictions on the kinds of organizations that affiliates
| could hold for ransom, and that henceforth it would be
| forbidden to attack those in the "social sector" (defined as
| healthcare and educational institutions) and organizations in
| the "gov-sector" (state) of any country. Affiliates also will
| be required to get approval before infecting victims."
|
| They aren't trying to cause this kind of harm.
|
| Additionally: "DarkSide organizers also said they were
| releasing decryption tools for all of the companies that have
| been ransomed but which haven't yet paid."
|
| This people have more morals then most rich businessman, IMO.
| normac2 wrote:
| Well, maybe they learned they did the wrong thing. Other
| reasons seem plausible: maybe they just thought it would make
| them look better if they're caught. Maybe they wanted to look
| better to their clients/allies who are currently like "whoa
| Nelly, these guys are basically Gus Fring. Maybe we'll work
| with someone a little less evil."
|
| I don't know nearly enough to guess, but it doesn't seem cut-
| and-dried to me that this is a case of them realizing what
| they did was wrong.
|
| In any case, the same question still applies for what
| happened _before_ : why were they in a psychological state
| that made them try this in the first place?
|
| Even if we grant that they've changed their tune for moral
| reasons, that would rule out straight psychopaths, but would
| include people who had severe antisocial traits but still
| started to have some feelings about it once they saw the
| real-life consequences. We see this with repentant murderers.
|
| As far as rich businessmen who do evil stuff, there's a
| literature on that, and it seems to be a complicated mix.
| There's "just filling my role" (for those not at the very top
| of their organizations), thinking you'd be replaced by
| someone else doing the same thing, dissociation/denial about
| what you're doing, and -- yeah -- straight up
| antisocial/psychopath types. And more. It's a fascinating
| topic.
| ______- wrote:
| Re-posted comment from a previous thread[0]
|
| Still relevant
|
| [0] https://news.ycombinator.com/item?id=27097966
|
| ___________________
|
| There is a theory floating about that some ransomware attacks
| were done purely to damage a country's infra and making money was
| a bonus, but not the main aim. So the perpetrators used
| ransomware as a _front_ and the real goal is to destroy and
| disrupt a country 's computer infra.
|
| But then we could argue ransomware is just going to bolster and
| make our systems antifragile and resilient against such attacks
| in the future, so the ransomware attacks could backfire since in
| the future it would be much harder to attack the US for example
| with other types of malware.
|
| It also means people are going to be storing mission critical and
| crown-jewels type data in airgapped systems and making
| filesystems read-only. The data would also be encrypted and
| compartmented into separate containers so attacks can't affect
| the whole filesystem if the airgap was breached.
| hnnnnnnng wrote:
| It's about time the NSA uses it's surveillance capabilities to
| stop a ransomware attack.
| lawnchair_larry wrote:
| I think this is what you say when the heat is on you too badly.
| They're trying to shed the target on their back.
| vmception wrote:
| Idiots. They have every arm-chair analyst saying "cryptocureency
| is the cause of ransomware!" and they don't even use multisig to
| leverage the cryptocurrency technology preventing that prevents
| its unilateral seizure?
|
| Looking forward to the day when someone proves there is nothing
| the state can do. But for now we have to watch these
| lackadaisical shit shows.
| [deleted]
| lamontcg wrote:
| > "There's too much publicity," the XSS administrator explained.
| "Ransomware has gathered a critical mass of nonsense, bullshit,
| hype, and fuss around it. The word 'ransomware' has been put on a
| par with a number of unpleasant phenomena, such as geopolitical
| tensions, extortion, and government-backed hacks. This word has
| become dangerous and toxic."
|
| You've finally figured out that extortion is bad, well done.
| karmasimida wrote:
| They learned the hard lesson who is the boss. Fighting government
| with military power is never a good idea, even if you are fully
| prepared. The consequences would surely follow.
| code-munkee wrote:
| Critical Infrastructure Sectors as defined by CISA
|
| https://www.cisa.gov/critical-infrastructure-sectors
|
| Pretty easy to identify what is Critical Infrastructure.
|
| The bigger reason for more coverage is optics. People take money
| out of their wallet on a regular basis to pay for gas. Gas gets
| them to their job, where they can then make more money to pay for
| gas, food, and so on. If Gas is affected, their job, their
| routine and their wallet is affected.
| ur-whale wrote:
| > Bitcoin stash seized
|
| Just goes to show how unsophisticated they are and how low
| ransomware game barrier of entry really is.
| throwawaysea wrote:
| If this is the US taking action, they should go after distributed
| denial of secrets next (https://en.m.wikipedia.org/wiki/Distribut
| ed_Denial_of_Secret...). This group is doxxing people for their
| donations, which isn't "hacktivism" - it's just a criminal breach
| of privacy. Crime doesn't become a non-crime just because it is
| left-biased. Enough with the unchecked rise of cyber crimes.
| kall wrote:
| So they have a public representative living in the US and are
| associated with Harvard University. I don't think there's much
| shadowy cybercrime to investigate there.
|
| How do you feel about Wikileaks and the prosecution of Julian
| Assange?
| throwawaysea wrote:
| Having a "Harvard affiliation" doesn't legitimize illegal
| activities. Leaking private messages, passwords, and so on
| from social networks is an unacceptable breach of privacy.
| Exposing people's private donations is also unacceptable.
| This is a group looking to create a chilling effect on
| others' speech, particularly moderates and conservatives,
| through illegal cyber crimes. I am not sure how you can
| possibly see that as anything other than "shadowy
| cyberycrime" given their identities are anonymous and they're
| committing cyber crimes.
| kall wrote:
| As far as I can tell from wikipedia they are not anonymous
| (at least the leader) and not working in the shadows (bc
| they are working together with serious public
| organizations).
| Miner49er wrote:
| I don't think any of this is a crime?
| jtchang wrote:
| Just like the mob there are some targets that just aren't worth
| it because they bring too much heat. They are learning this is
| bad for business all around so they are stepping back and
| encouraging others to do the same.
| [deleted]
| mywittyname wrote:
| One thing that impressed me about this situation was the speed
| at which this was dealt with. A few hours after the attack, an
| executive order was signed reducing regulations around truck
| transport of fuel. But the next day, service was being
| restored. And by the end of the week, the attackers were
| disbanded and their assets seized.
|
| There's a pretty clear message here that the US isn't fucking
| around.
| wang_li wrote:
| If I'd just collected enough ransom to retire and never work
| again, I'd also put out a press release announcing I was out
| of business and someone seized all my shit and etc.
| hooande wrote:
| Darkside was a legit business. They routinely collected
| ransoms ten or twenty times larger than what they got from
| Colonial. if they were going to retire, they would have
| done it a long time ago
| fuzzylightbulb wrote:
| I can't find evidence of this "routinely collected
| ransoms ten or twenty times larger than what they got
| from Colonial" claim. Colonial is rumored to have paid
| out ~$4mm. Every source about Darkside seems to cite a
| "between $200,000 and $2 million for the file decryption
| key" range. This would put the Colonial ransom far above
| their typical payout.
| snypher wrote:
| Didn't Colonial pay $5m? I don't think Darkside ever
| received a $50m-$100m ransom. Do you have any more
| details?
| ggggtez wrote:
| This is it. Governments have cyber abilities that far outstrip
| individual organizations. And when cyber fails, there are still
| other diplomatic and _less diplomatic_ tools.
|
| I wouldn't be surprised if the US Government here reached out
| to foreign governments for assistance in dismantling their
| infrastructure (it almost certainly was not on US soil).
|
| An individual hospital probably couldn't garner that kind of
| backing, but oil pipelines? The US would probably be willing to
| use military strikes to keep the oil flowing. A small country
| would be very willing to help out to maintain good will.
| 3GuardLineups wrote:
| yup. In popular parlance, "fucked around, found out"
| bluGill wrote:
| Small countries routinely help out for cases like this. I
| expect the US has reached out to whatever ones were involved
| long ago - it is just that until now things were still in the
| evidence gathering stage. While the police are sometimes
| willing to make an example of the wrong guy - that is the
| exception - most of the time they try to be right which means
| long investigations over many attacks.
| 3pt14159 wrote:
| Statements like "money of advertisers and founders was
| transferred to an unknown account" don't make sense to me. Why is
| the money held on a server at all? Surely it's more secure to
| keep wallets receiving money locally on a laptop or in a paper
| wallet, no? Why would they put the gold in the munitions depot if
| they don't have to?
| timdellinger wrote:
| I'm seeing statements about the payments server and the money
| associated with the payments server, but (at the risk of using
| an analogy) it seems like they've lost their "petty cash" box,
| not their main account. Surely they were wise enough to only
| put a small amount of money in the payments server. The bulk of
| their cash would be in a separate account (which wasn't lost).
| 3pt14159 wrote:
| Oh well then I take it these guys will be back in some form
| or another in the coming weeks. With enough cash and time
| they can replace their seized infrastructure without too much
| effort. Probably with a non-American target next time. I
| don't understand why so many hackers target America when the
| USA has the strongest offensive cyber capabilities of any
| nation on earth. Surely there is less blowback from hacking
| an Argentinian pipeline.
| tyingq wrote:
| _" drained the cryptocurrency from an account the group uses to
| pay affiliates"_
|
| Some pretty good karma/irony there. They left wallet keys laying
| around on a server.
| Havoc wrote:
| I'd love to know the behind the scenes on this.
|
| Guessing the US leaned on some other country hard to confiscate
| servers asap...
|
| Loads of "bulletproof" hosting locations but don't think any can
| withstand that kind of focused above national law type pressure
| [deleted]
| ipaddr wrote:
| How do we know they haven't pulled another exit scam, Mt Gox
| style?
| johnvaluk wrote:
| I'm having a hard time accepting the premise of this article.
| Does it contain any verifiable facts?
| coldcode wrote:
| When I was doing anti-cheat stuff for a game company I was able
| to leverage their attempts at avoiding being hacked by a third
| party who kept stealing their cheats and reselling them. Even
| criminals have criminals trying to steal from them.
___________________________________________________________________
(page generated 2021-05-14 23:00 UTC)