[HN Gopher] Try This One Weird Trick Russian Hackers Hate
___________________________________________________________________
Try This One Weird Trick Russian Hackers Hate
Author : todsacerdoti
Score : 495 points
Date : 2021-05-17 14:22 UTC (8 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| leephillips wrote:
| Do they actually refer to themselves in the third person in the
| first sentence?
|
| (Unrelated:) So are we good if we don't use Windows?
| ______- wrote:
| > "Our goal is to make money, and not creating problems for
| society," the DarkSide criminals wrote last week
|
| > In a message posted to its victim shaming blog, DarkSide tried
| to say it was "apolitical" and that it didn't wish to participate
| in geopolitics.
|
| Yes but if destabilizing and disrupting a country's computer
| infra happens as a side-effect, you are still in the game of
| politics. Being 'apolitical' is paradoxically still being
| political, since if you are involved with large groups of people,
| you can't help but _be_ political.
| mormegil wrote:
| > Imagine being the chief compliance officer at DarkSide.
| People constantly come to you with crimes, and you are
| commercial, you are like "sure go ahead do that crime," but
| occasionally you have to stop them and say "no the reputational
| risk of that crime is too great, we can't do it," and the sales
| reps grumble that you are getting in the way of business. Just
| like at a bank!
|
| https://www.bloomberg.com/opinion/articles/2021-05-11/crypto...
| deckard1 wrote:
| This was a major plot point of the Godfather. Don Corleone
| wants to stay out of drugs to keep their reputation with
| police and politicians.
| shadowgovt wrote:
| My understanding of organized crime in general is that this
| is more-or-less what it looks like. Sustainable organized
| crime finds a niche and stays in it. It ends up like any
| other large, long-lived business; optimized for its niche,
| vulnerable to niche disruption, and conservative about
| branching out because of the risk of compromise to its core
| competencies.
| edgyquant wrote:
| Definitely organize crime is just another business. We have
| this idea that hackers tend to be loose knit groups of
| people with more moral objectives. While that may have been
| true twenty years ago like all criminal markets eventually
| that stopped being the case.
| indigochill wrote:
| I don't at all believe it's stopped being the case. The
| demographics of the hacker community have certainly
| changed, with a higher degree of polarization between
| corporate/fed white hats (e.g. people like Mudge) and
| criminal black hats, but you still have some grey hat
| vigilantes in the middle like Janit0r, who wrote
| BrickerBot that went around bricking open IoT devices so
| that they wouldn't fall prey to Mirai.
| watwut wrote:
| It was never like that. If you look at those peoples
| actions, high moral objective was super rare thing.
|
| Case in point: I remember people glorifying veev making
| him sound like good guy and making his detractors sound
| like liers. Turned out differently.
| shadowgovt wrote:
| What they mean, of course, is they don't want to poop in the
| same place they eat.
|
| It's not geopolitics if the victim lacks the will or technical
| firepower to punish the offender, right? ;)
| btbuildem wrote:
| Perhaps they didn't count on their target's profit motive being
| so strong that the pipeline owners were willing to cause fuel
| shortages and panic hoarding because they wouldn't be able to
| add the dollars and cents while sorting out their response.
| BoiledCabbage wrote:
| Supposedly they paid it, but the provided decryption routine
| was so incredibly slow that they realized it was faster to
| restore from backup.
|
| Not sure how that works, but is what I read.
| not2b wrote:
| That doesn't make much sense; if they had adequate backups
| and could restore from them without getting the decryption
| key or code, why would they pay?
| bluGill wrote:
| Two possibilities: They knew restoring from backups is
| slow, so they wanted a shortcut. They knew there was data
| (ie from the day of the attack) not in the backups. Take
| your pick - or not, I have no idea if the claim is even
| true.
| andrewla wrote:
| (Caveat: I know absolutely nothing about this particular
| situation)
|
| Paying would make sense because if there was a
| vulnerability uncovered by the initial exploit (that is,
| account information compromised by the initial phishing
| attempt) then it is perfectly possible that the restored
| version will be easily exploitable by the same group.
|
| I remember this being the case back in SQL Slammer days
| -- you could restore from backup but your backup would be
| infected within minutes.
| shalmanese wrote:
| Modern ransomware teams also threaten to leak your data
| onto the public internet unless you pay.
| burnished wrote:
| I'm not 100% on this, but my understanding is that it was
| worthwhile due to the vast amount of money involved in
| the oil industry and the projected time to restore from
| backup.
| OminousWeapons wrote:
| Or they didn't understand the degree of consolidation in the
| industry. Its quite possible they hit the pipeline operators
| without understanding the level of service outage they would
| cause.
| khafra wrote:
| Antifragility advocates might say the occasional ransomware
| attack on infrastructure could be a good thing, in the long
| run, if it promotes a more resilient, less just-in-time
| based economy. Like Amazon's chaos monkey, but for whole
| economic sectors.
| 20after4 wrote:
| The chaos monkey(1) originated at Netflix.
|
| 1. https://netflix.github.io/chaosmonkey/
| ______- wrote:
| Good comment about this very thing here:
| https://news.ycombinator.com/item?id=27099862
|
| > It's just a variation of the Normalization of Deviance.
| See this[1] short talk by Richard Cook for a very good
| explanation of the mechanism that causes the transition
| from "robust" to "superfluous".
|
| [1] https://www.youtube.com/watch?v=PGLYEDpNu60
| bluGill wrote:
| Just in time is good for the economy, however like
| everything else there are downsides that need to be
| managed.
| vmception wrote:
| Both you and this blog seems to be a pedantic unbundling of the
| choice of word "apolitical".
|
| To me, the most important aspect of this article is that you
| can make people think you are a Russian hacker signed off by
| Putin himself by adding these Commonwealth of Independent State
| checks to your code.
| greggman3 wrote:
| even if they only cyberlockered private individuals and/or
| small business they'd still be "creating problems for society".
| lupire wrote:
| Fundamentally, DS doesn't want to break anything, they just
| want to scare people into paying their "tax".
|
| They are a thief who just want money from people who can afford
| it.
|
| It's still wrong and side-effect heavy, of course.
| johncessna wrote:
| That may be the current goal. If I'm going to get into
| organized crime, I'm not going to start by walking into the
| local FBI building and try and buy off everyone.
|
| You start small, learn, grow, expand, and after you've gained
| sufficient resources and the power that comes with that, then
| you get to do more.
|
| > In Russia, for example, authorities there generally will
| not initiate a cybercrime investigation against one of their
| own unless a company or individual within the country's
| borders files an official complaint as a victim.
|
| Coincidence? Maybe at the start of organize technology crime,
| but not now.
| trompetenaccoun wrote:
| That's what they claim, how would we know it's true? It's the
| word of the extortionists, there is no reason we should just
| believe them.
|
| Governments in certain countries obviously tolerate this sort
| of hacking, if not outright support it. If you wanted to
| destabilize the US without directly starting a war, wouldn't
| that be a good way to go about it?
| edgyquant wrote:
| I'm just guessing here but I imagine it's like how certain
| groups in South America refrain from kidnapping/violence on
| large tourist destinations. These groups don't exist to be
| evil they exist to make money and bringing the weight of
| powerful nation states (the US) on you is bad for business.
| hutzlibu wrote:
| "In Russia, for example, authorities there generally will
| not initiate a cybercrime investigation against one of
| their own unless a company or individual within the
| country's borders files an official complaint as a
| victim. Ensuring that no affiliates can produce victims
| in their own countries is the easiest way for these
| criminals to stay off the radar of domestic law
| enforcement agencies."
|
| From the article. So I guess it is the same principle.
| hutzlibu wrote:
| It is, but ... do you really think, China or Russia really
| want the US to be destabilized even further?
|
| A US falling apart for real, would be bad for Russia as
| well as China. And vice versa. Because desperate people
| tend to do desperate actions - not a good thing with so
| many nukes involved.
|
| So I also think, it is likely that at least some russian
| hacker groups have direct or indirect links to the FSB, and
| have to work for them occasionally - but most of them
| probably have indeed their own pocket as the main
| motivator.
| kelnos wrote:
| > _not a good thing with so many nukes involved._
|
| We don't even need to go that far. A collapsing US would
| take down most of the world's financial system with it.
| In a place like Russia, where rich people with global
| financial holdings call the shots, that's not something
| they'd likely get behind.
| mumblemumble wrote:
| There's a good chance that you're failing to properly
| intuit their motivations. If it really is an organization
| that is out to make money, then it wouldn't want to
| destabilize a country like the US in the first place, any
| more than a dairy farmer wants to destabilize the health of
| a cow.
|
| It might happen accidentally, as an unintentional side
| effect of efforts to extract a greater yield. (e.g,
| Colonial Pipeline.) But nobody wants to actually _wreck_
| the source of their livelihood.
|
| And I don't think we have any reason to infer any other
| motive. This is certainly well outside my area of
| expertise, but their pattern of behavior doesn't really
| say, "state actor," to me.
| indigochill wrote:
| > their pattern of behavior doesn't really say, "state
| actor," to me.
|
| This is the fascinating thing about Russian hackers to
| me. Maybe sometimes political favors change hands, but
| ultimately they're autonomous, self-funding, self-
| training, completely deniable assets. IMO Russia's
| brilliant in how they've managed their offensive hacking
| assets.
| mumblemumble wrote:
| The downside is that this approach seems to only be
| available to nation-states that aren't particularly
| governed by rule of law.
| naniwaduni wrote:
| Wait, that was supposed to be a _downside_?
| jopsen wrote:
| > ultimately they're autonomous, self-funding, self-
| training, completely deniable assets
|
| You could say the same for Afghanistan 20 years ago, but
| plausible deniability will only go so far..
|
| If these hackers eventually end up hurting a lot of
| people, then who knows what happens next?
| hourislate wrote:
| Kaspersky (if you trust them) said this attack could have been
| a group within the CIA _(known as UMBRAGE)_. My take is why
| not? With the lack luster response from the current
| administration and the convenient events that followed,
| Darkside disbanding, their servers and shitcoin seized, etc,
| would it be that big of a surprise it was one of our Alphabet
| Organizations, those same organizations that spy on the
| American Public.
| ______- wrote:
| > My take is why not?
|
| Because of the `Russian Razor` principle:
| It wasn't Russia There's no way it was the
| Russians It was the Russians
| JustResign wrote:
| It pains me how close this is to a haiku
| naniwaduni wrote:
| "There's no way it was Russia" should do it.
| jsterSC wrote:
| you think a US Federal institution would attack a major US
| Company and cause suffering to a large swarths of the
| population, just cause?
| kelnos wrote:
| Not the parent, but yes, I do think they would, if they had
| a good enough reason. And that reason might not be readily
| apparent to us here.
|
| I don't think that was the case here, but... yeah.
| jamespo wrote:
| you are correct in as much as the reason isn't apparent
| tomc1985 wrote:
| Idunno, thats a whole new level of tiger-teaming your own
| side. I don't think this kind of thing meets the whitehat
| community's ethical standards.
| NaturalPhallacy wrote:
| >"Our goal is to make money, and not creating problems for
| society,"
|
| I think the issue is people read that then add their own
| meaning to it, and then react to _that_ instead of what was
| actually said. What they _didn 't_ say that people add of their
| own volition seems to be "and we're not evil", "and we're not
| criminals", "and we're the good guys". They didn't say those
| things. Their goal is to make money. That doesn't mean they
| think they're doing good in the world or innocent.
|
| And 'apolitical' just means they're not choosing targets for
| political reasons, not that they're paragons of virtue or
| anything.
|
| And to be clear, I'm not defending them, just observing the
| reactions to this. People seem desperate for there to be black
| and white morality decisions when everything is a shade of
| grey.
| prirun wrote:
| Seems to me it would be rather easy to detect a system with 1
| Russian keyboard vs a system with a default English keyboard and
| and secondary Russian keyboard. It will probably take about 10
| minutes to adapt to this defense.
|
| As I mentioned in their comment section, re-installing Windows
| with a Russian keyboard as default and then adding English
| afterwards might be a good defense, but I doubt many English-
| speakers could navigate a Windows install in Russian using a US
| keyboard.
| chokolad wrote:
| > Seems to me it would be rather easy to detect a system with 1
| Russian keyboard vs a system with a default English keyboard
| and and secondary Russian keyboard. It will probably take about
| 10 minutes to adapt to this defense.
|
| Modern computing environment is pretty much unusable with just
| Russian keyboard. You need some way to enter URLs, email
| addresses, shell commands, etc. Russian keyboard is an addition
| to English, not a replacement.
| metalliqaz wrote:
| As mentioned in the article, they have to be extremely careful
| to keep the local authorities off their backs. Thus, they are
| not really into taking chances in that way. Having Russian
| language installed at all is so rare in US/UK/etc, they they
| are unlikely to change this strategy. Finding the real location
| of systems is very hard to do.
| tclancy wrote:
| Yeah and it probably wouldn't pay to change it anyway: it
| would suggest the user is at least slightly security-
| conscious and probably correlate poorly with profit margins.
| Like how spammers intentionally use typos to filter out the
| even semi-bright.
| allarm wrote:
| Pretty much everyone in Russia uses at least two keyboard
| layouts - Russian and English. Having the English layout as a
| default is quite common as well.
| tantalor wrote:
| > But is there really a downside to taking this simple, free,
| prophylactic approach?
|
| Yes, you are continuing to use Windows, and fooling yourself into
| thinking it is marginally more secure, instead of switching to
| literally any other OS.
| andreygrehov wrote:
| What stops hackers from any other country to have those "vaccine"
| checks in place, so that sec agencies blame Russian hackers?
| tgv wrote:
| An accurate clickbait title. Well have I ever!
| MayeulC wrote:
| It may be accurate, but it could be more descriptive. The
| current title feels a bit lazy, but I have trouble coming up
| with a better one.
| black6 wrote:
| I believe it may be tongue-in-cheek.
| afrcnc wrote:
| Wasn't this stupid trick debunked last week on Twitter as being
| inefficient?
| bilekas wrote:
| I had considered this approach already, and thought it would be
| better not so publicised, the checks will become more detailed,
| such as timezone settings, last connected hosts etc. Its a good
| way to frustrate bad automated bots though so far.
| ineedasername wrote:
| _"Our goal is to make money, and not creating problems for
| society,"_
|
| It's a pretty big problem for society when hospitals,
| universities, and countless business have been ransomed.
|
| What they really mean is "We're trying to make as much money as
| possible without doing so much damage that someone with unlimited
| resources will hunt us down"
|
| Hopefully shutting down a majority of the East Coast's pipeline
| capacity will be large enough that the US finally uses its deep
| pockets to do exactly that.
| raverbashing wrote:
| Yes, this is the big elephant in the room
|
| > But doing so increases the risk to their personal safety and
| fortunes by some non-trivial amount, said Allison Nixon, chief
| research officer at New York City-based cyber investigations firm
| Unit221B.
|
| Oh really? So do you mean those people are very careful to not
| toe some governments in extreme fear of them?
|
| No wonder the western countries are taken as fools. They know no
| one is going to wake up in an "uncomfortable position" by messing
| with western companies and governments.
|
| Maybe what we need is to take out those checks from the malwares
| and just resent them where they came from.
| LeifCarrotson wrote:
| American hackers are no less careful to avoid running services
| or communicating through American datacenters. Everyone knows
| that Google, Apple, Facebook, Amazon etc. are more than happy
| to turn over the IP address logs and any unencrypted data
| whenever law enforcement brings a valid search warrant, and
| sometimes they'll offer a dragnet of all their data when law
| enforcement just asks nicely.
|
| The problem is that law enforcement is listening to local
| victims: Hack Colonial Pipeline and ask them to bring you a bag
| of cash in the parking lot, and you won't be meeting with their
| CFO - that guy in a suit is from the FBI. Hack Nord Stream, and
| you'll make some Russians angry, but they're going to have a
| hard time bringing that complaint to the FBI.
|
| To make this more sensible, we need a paradigm shift. With a
| global Internet separating victims and hackers, while national
| governments only look for domestic victims of domestic
| perpetrators, you're going to end up with a lot of useless
| fist-shaking across the borders. I'm not suggesting that the
| answer is extradition of scapegoats at the whims of foreign
| powers, either, but our small, modern world has a lot of
| growing up to do before this makes sense.
| bluGill wrote:
| Actually a Russian being hacked by an American will find a
| very interested FBI - who will promptly send all the needed
| evidence to whoever in the government deals with overseas
| issues. In turn this will lead to the Americans proposing an
| exchange of criminals with the Russians. It might or might
| not happen depending on details, but the proposal will be
| made.
|
| Note, the above assumes you are not a target of a US military
| operation. If the US military is hacking you, then don't
| waste your time with the FBI (but if that is the case you
| already have access to "other" means to respond)
| nzmsv wrote:
| I'll just leave this here...
| https://www.eurogamer.net/articles/2011-02-21-the-boy-who-st...
|
| "Have you any idea how lucky you are that we got to you before
| you got on that plane?"
| FpUser wrote:
| >"No wonder the western countries are taken as fools. They know
| no one is going to wake up in an "uncomfortable position" by
| messing with western companies and governments."
|
| You can definitely get into "uncomfortable position" when
| messing with western countries. But if hacker resides in Russia
| there is not much the West can do as Russia does not extradite
| their citizens. The West in this case has to rely on Russia
| chasing after them and due to a very "warm and fuzzy" relations
| lately it is not likely to happen as long as those hackers do
| not mess with the Russia itself.
|
| Sanctions might have helped but since Russia already sanctioned
| up to it's gills it probably does not care anymore.
| raverbashing wrote:
| Meanwhile Russian tourists continue to visit picturesque
| cathedrals across Europe.
| perlgeek wrote:
| More than one Russian hacker was arrested when making
| vacation in a country that has an extradition treaty with the
| US.
|
| That's far less effective than we would want, but it's a bit
| more than nothing.
| FpUser wrote:
| >"More than one Russian hacker was arrested when making
| vacation in a country that has an extradition treaty with
| the US."
|
| Being an idiot has a consequences. I have no idea why did
| those Russian hackers ever assume that they'd be safe when
| traveling. They've committed crime and were stupid enough
| to basically ask to get arrested.
| [deleted]
| gigel82 wrote:
| It's hard to take this seriously when the author tries to make
| big points about geopolitics and then claims that Georgia or
| Ukraine have "favorable relations" with the Kremlin (those
| countries are literally at war with Russia). Not to mention them
| not knowing basic facts like Moldova and Romania being in fact 2
| separate independent countries.
| londons_explore wrote:
| Having spent considerable time in both Georgia and Ukraine, I
| can tell you that the news that gets to western media misses
| out all the nuances of reality. In both countries there are
| substantial groups of people who want to ally with Russia. The
| "Russia is invading our country" narrative is only held by
| some.
| tw04 wrote:
| I don't think it's missed at all. I think it's pretty well
| known by most people that the Russians that were moved into
| Ukraine and Georgia while under the USSR blanket are still
| loyal to Russia. That's exactly why they were moved there in
| the first place. The tartars were moved out (of Ukraine) in
| order to ensure loyalty to the USSR.
|
| https://en.wikipedia.org/wiki/Population_transfer_in_the_Sov.
| ..
|
| https://www.wilsoncenter.org/publication/why-did-russia-
| give...
| skrebbel wrote:
| He also cites Romania as having a particularly great
| relationship with Russia, which is neither true (they're in
| NATO and the EU and mostly West focused) nor relevant (the
| Romanian keyboard layout wasn't even listed, only the
| Moldovan variety).
|
| We can choose to assume that he omitted the nuance you're
| adding (eg for brevity), or that he has no clue. I'd say most
| evidence points to the latter. Which is sad because I often
| enjoy his blog a lot.
| cure wrote:
| > (the Romanian keyboard layout wasn't even listed, only
| the Moldovan variety).
|
| This makes sense. Moldova, like the Ukraine, has a
| significant portion of the population that identifies as
| Russian. Romania does not.
| skrebbel wrote:
| Yes it does, but it looks to me like Krebs read
| "Romanian" in the list of keyboard layouts, skimmed over
| the "(Moldova)" part and assumed that that means Romania
| and Russia are BFFs.
| kelnos wrote:
| Which is a shame, but can we really expect everyone to be
| up on all the various nuances of geopolitics? It's an
| unfortunate error, but I think an understandable one, and
| it doesn't undercut the point of the article.
| optimalsolver wrote:
| >The "Russia is invading our country" narrative is only held
| by some
|
| Yh. Non-ethnic Russians.
| lcedp wrote:
| > The "Russia is invading our country" narrative is only held
| by some.
|
| Polls say about 2/3 think that the war in the east of Ukraine
| is with Russia (and not with independent separatists).
|
| "We must ally with Russia" believe is only held by some.
|
| In any case, even what you described would be far from
| "favorable relations". This quote only shows the author's
| ignorance.
| kbhn wrote:
| > The "Russia is invading our country" narrative is only held
| by some.
|
| Mainly those that believe in concepts such as 'borders' and
| 'sovereignty'
|
| You might personally feel that those residents welcomed
| foreign troops with open arms, but it's not a narrative that
| Russian forces crossed Ukraine's border to annex territory
| that didn't belong to it.
| briantakita wrote:
| One nuance of reality in the Western world is that the 3
| latter agencies have a tendancy to perpetrate crimes & blame
| the Russians or Sadaam or Ghadafi or the Syrians or White
| Supremacy or the fall guy du jour.
|
| The "weird trick" or "see something say something" or "kiss
| the Barney Stone" or "rub Buddha's Belly" or some other
| simple token action is an effective way to create engagement
| with a narrative.
|
| Part of the art of "hacking" is social engineering after all.
| skrebbel wrote:
| Yeah that was weird. It makes all of this read like some random
| guy in a bar speculating about geopolitics.
|
| I wonder what part of the story I _don 't_ know much about (eg
| the motivations of ransomware gangs) is similarly baseless
| speculation.
| exhilaration wrote:
| There's a comment below that explains this
| https://news.ycombinator.com/item?id=27184607
| reallyagain wrote:
| That immediately jumped out at me as well as a basic
| geopolitical error.
|
| Nonetheless:
|
| - The list of countries is taken from the malware. It is not
| speculation.
|
| - The fact that a number of major malware strains do not
| install on machines with Russian and various other Eastern
| European localisation settings is an objective fact as anyone
| in the malware field can tell you.
|
| These organisations exist to make money and "the heat" is a
| detriment to making money. These groups are able to operate
| with impunity because they take such drastic steps to not anger
| the local authorities(legitimate and illegitimate). As other
| commentators have pointed out, these list of countries are
| likely at the behest of those people, who have various reasons
| for choosing them. If interested, you can google about a fellow
| named Paunch if you want to understand the consequences of
| shitting where you eat as a Russian "cybercriminal".
|
| From a purely money-making perspective, it's a lot more
| effective to fly under the radar and infect companies far away
| from them. The ROI simply isn't there for these groups to
| infect machines closer to home.
|
| That is, of course, until you do something like this, which was
| clearly and obviously a massive fuck up.
| Damogran6 wrote:
| That's unfortunate, because he has some good points. I don't
| think he set out to offend, and ignoring the message due to a
| factual error is short-sighted.
| spijdar wrote:
| > Not to mention them not knowing basic facts like Moldova and
| Romania being in fact 2 separate independent countries.
|
| Maybe this is from a language barrier/confusion? I know that
| the modern state of Romania comes from a union of the
| Wallachian/Transylvanian/Moldavian principalities, and modern
| Moldova originates from part of the historical Moldavian
| principality which the USSR forced independent Romania to
| secede (?).
|
| I think the Moldavian would refer to themselves as "Romanians"
| as a group of people, unless emphasizing the particular
| government/nationality? I know this is probably a controversial
| topic, I really don't know much about the modern geopolitical
| status there, just speculating why the article may conflate
| Romanian and Moldova.
| gigel82 wrote:
| Oh, you're totally giving the author too much credit to
| assume they know the history of Romania.
|
| I bet it just stems from a lack of reading comprehension.
| Moldova has 2 keyboard layouts (Romanian and Russian)
| according to the screenshot posted in the article, so I
| presume they just read "Romanian" which vaguely sounded like
| a country name they sometime read about, and chucked it into
| the list.
| notdang wrote:
| You are absolutely right. The point here is that it's
| difficult to take the author's geopolitical claims seriously,
| when he is easily confused by Romania/Moldova duality.
| tbarbugli wrote:
| > Not to mention them not knowing basic facts like Moldova and
| Romania being in fact 2 separate independent countries.
|
| Moldova is also a Romanian region.
| jopsen wrote:
| > "Our goal is to make money, and not creating problems for
| society,"
|
| Ethical criminals... Lol... That's rich.
|
| These are people with some skill, and they choose to use it for
| evil. This isn't a spur of the moment crime.
| flowerlad wrote:
| In the 90s I used to make money off shareware, and every time I
| release a new version hackers would release "cracks" for the
| license key. Eventually I figured out that these cracks are
| coming from Russia.
|
| In the next version of my program, I added a check for system
| language, and if I detect Russian then I bypass the license key
| checks, and the program is free to use. This stopped hackers from
| releasing cracks.
| huhtenberg wrote:
| The earliest I've seen this trick was in Far Manager [1], back
| when it was a commercial software.
|
| Made by Eugene Roshal, the author of RAR format and WinRar, Far
| Manager distribution included a text file in Russian that
| explained how a comrade can do a full unlock in 2 easy steps.
| Don't know if it helped with sales, but I don't think it
| actually solved the cracking problem, because Roshal ended up
| open sourcing it despite of it having a very sizeable
| following.
|
| [1] https://en.wikipedia.org/wiki/Far_Manager
| iDisagreedEar wrote:
| I have a similar situation, most of my paying customers live in
| the united States, a few in Europe, and a rare 1 person outside
| those areas.
|
| I give away free content, so I don't mind if people use the
| website, but I have no incentive to create topics specific to
| (third world) users. They have never paid, and from
| interactions with them, they can't afford their own lives, let
| alone buying my products for under $10USD.
| PeterisP wrote:
| Hah, it reminds me of a shareware program that had two options
| for registration, one required you to pay some dollars to get a
| registration code, and the other, labeled as licence for CIS
| countries (https://en.wikipedia.org/wiki/Commonwealth_of_Indepe
| ndent_St...) simply required you to enter the name of the
| current day of week in Russian cyrillic alphabet.
| Lex-2008 wrote:
| I believe I saw it in the FAR file manager.
| orbital-decay wrote:
| I believe it's not related. When the shareware model was
| popular, a lot of the programs made by developers from exUSSR
| republics were either free or sold at the significantly
| lowered price to native speakers, so such tests were common.
| (I've seen Russian folk riddles as tests, for example). The
| developers were doing this because they were keenly aware of
| the economic situation in their home countries, and because
| the software would have been pirated anyway. So there was
| less incentive for russian speakers to crack it as it was
| free for them. It was a completely different time as well,
| nobody was thinking about legal action.
| gowld wrote:
| > I believe it's not related.
|
| Not related to what? Law enforcement risks are probably not
| related. Discouraging piracy outside of Russia, more likely
| related.
| nzmsv wrote:
| Not sure why this is downvoted. An exUSSR license was very
| common in shareware whose authors were themselves from the
| region. WinRAR and FAR are examples, but there are
| certainly more.
| grishka wrote:
| Am Russian. This made me smile.
| matthewmorgan wrote:
| Coming from a land of thieves makes you happy?
| pawnednow wrote:
| Is this really necessary ? Its true for every other
| country.
| grishka wrote:
| Piracy is not a theft because it doesn't deprive anyone of
| anything.
| NaturalPhallacy wrote:
| Yep. People are surprised when I say things like this as
| a software developer.
|
| I'm paid to create software, not for copies of software.
| The difference is subtle but very important.
|
| Copyright: literally the right to copy, as if monks
| haven't been copying books by hand since writing existed
| - and "Imaginary Property" - a concept invented so they
| can pretend information is scarce so needs to be owned
| and hoarded - were invented by lawyers, for the exclusive
| benefit of lawyers and the people who can afford lawyers,
| which is to say those already rich in actual scarce
| resources, as a means to extract value from the working
| class.
|
| Humans, and future humans are the most valuable potential
| resource we possess as a species within a universe that
| is harsh and unforgiving with terrifying real scarcity.
| And in all my reading, and searching of the heavens and
| space as far as we can see according to astronomers
| including the SETI project, there are no gods, and not
| even any more advanced civilizations to help us. So to
| me, the idea that we came up with ways to enforce
| artificial scarcity of information which could save us
| from eventual extinction is baffling to me. When someone
| says "we need copyright" I hear "I hate humanity and want
| it to die". What if copyright turns out to be the Great
| Filter?
| astrange wrote:
| It deprives you of future work from the developer. Costs
| are real even if they're not marginal costs.
| NaturalPhallacy wrote:
| Non-sequitur. Many developers have and always will
| contribute for free to open source projects, and
| freeware.
| mycologos wrote:
| Sure, and other developers want to get paid for their
| contributions, so they use copyrights. Pirating those
| pieces of software is only not theft in the narrow sense
| of not literally taking an object that can only belong to
| one person. But it's clearly breaking some sort of
| agreement of exchange that the creator tried to build
| into this process, which is _some_ kind of immoral.
|
| That's not to say that every copyright is good or makes
| sense, but blanket statements like "piracy is not theft"
| are either so narrowly scoped to be useless ("it's not
| theft, it's some _other_ unethical action ") or ...
| wrong?
| dmitrygr wrote:
| I used to sell a lot of shareware software, priced around $15.
| For Russians it was much cheaper: 200 RUR, sent by postal mail
| transfer to my grandma who still lived in Russia. She got a
| small stream of income from it (negligible by USA standards),
| to augment the laughable pension.
| slim wrote:
| It's fair because russians don't have any means to pay in
| dollars. That's why they crack
| AussieWog93 wrote:
| I sell open-source hardware and get plenty of sales to Russia
| and even occasionally China in USD. I think they appreciate
| the fact I don't charge stupid shipping fees to people in
| smaller markets.
| hvis wrote:
| That was more or less true in the 90s, at least.
| at_a_remove wrote:
| Even more amusing -- if Russian, then use a different license
| scheme.
| ma2rten wrote:
| They would likely notice once they fire up a disassembler or
| debugger.
| jonny_eh wrote:
| Plus, I don't think anyone in Russia would pay anyways. So
| it's not like making it free would lose sales.
| konart wrote:
| >Plus, I don't think anyone in Russia would pay anyways.
|
| Not in the 90s, that's for sure.
|
| Steam change this for games market though when they case
| to russian market with local prices.
| tick_tock_tick wrote:
| I wonder if we will see a surge of eastern EU countries
| cracking again since the EU is banning local pricing in
| the region.
| forgithubs wrote:
| Wow, make them become lazy
| EastSmith wrote:
| IBExpert (firebird GUI), used to have something like this in
| cyrilic in Help -> About: "If you can read this, this program
| is free for use for you. Have a nice day."
| ljm wrote:
| > In Russia, for example, authorities there generally will not
| initiate a cybercrime investigation against one of their own
| unless a company or individual within the country's borders files
| an official complaint as a victim.
|
| And why the hell would they do otherwise?
|
| They're being sanctioned to shit by the rest of the world (the US
| hegemony) who doesn't give the slightest fuck about them.
|
| Maybe the hegemony is funding a problem.
| kazinator wrote:
| > But is there really a downside to taking this simple, free,
| prophylactic approach?
|
| Yes there is: if you're a user who already uses two or more
| languages, cycling through them with language bar hotkeys, this
| will add an annoying extra one you don't use.
|
| Maybe just the language (e.g. Ukrainian) can be installed without
| defining a keyboard, and that will still thwart the ransomware.
| But already you have no verifiable test case that the trick
| actually works _with_ the keyboard; that 's already being done on
| faith, so you're adding a wild-assed guess to faith.
| metalliqaz wrote:
| In the article there is a link to a script that just adds the
| registry keys that will trick the malware, without installing
| the actual language packs.
| rav wrote:
| Is that how the cycling works? I would hope that, just like
| with Alt-Tab, pressing the language bar hotkey Windows-Spacebar
| once will toggle between the current and the most recently used
| one.
| numpad0 wrote:
| I believe it cycles through.
|
| In earlier days of Windows 10, I had an ANSI keyboard for
| desktop and JP106 for laptop, so I had to have en_US and
| ja_JP on desktop while laptop had to have en_JP and ja_JP.
|
| Each time Settings syncs it would subtly add missing one to
| the cycling but would not update the language list, so I had
| to keep adding and removing the other one from Settings for a
| while. Later they added toggles to stop syncing keyboards.
| 734129837261 wrote:
| I sorta wish that these "criminals" would target big
| corporations, particularly the evil ones like Nestle, and
| distribute most of the profits to good causes; like distributing
| free clean water in third-world nations. The real criminals
| aren't those who take money from companies who have those losses
| budgeted in their expenses already and are insured against it
| anyway.
|
| Sure, Hacker McHackface also gets their share of the loot. Good
| for them. Now go and hack Israel's digital maps so they can no
| longer send troops/settlers to steal homes from innocent
| Palestinian families.
| azov wrote:
| _> The worst that could happen is that you accidentally toggle
| the language settings and all your menu options are in Russian._
|
| Did the author even try his own trick?.. Switching to Russian
| keyboard the way he describes will not change the UI language or
| menu options, it only applies to the text you type.
| bwanab wrote:
| This was an interesting throwaway line from the article: "
| because of Russia's unique legal culture...."
| analog31 wrote:
| Could you solve this problem by just renaming your US keyboard?
| cannabis_sam wrote:
| Imagine spending your short life, trying to destroy the lives of
| random people around the world.
|
| (To be fair I would probably prefer to be in a russian hacker
| group, than an american military unit.)
| ryanianian wrote:
| > Imagine spending your short life, trying to [show ads to]
| random people around the world.
| owl57 wrote:
| Exactly. Stealing money from big corporations is arguably
| less evil use of talent than enabling most of said
| corporations.
| justusthane wrote:
| I am certainly not defending them, but their goal isn't to
| destroy lives, it's to make money.
| cannabis_sam wrote:
| I know, and I didn't even mean to imply that their goal was
| to destroy lives.
|
| I guess I'm just disheartened by it all, but I will readily
| acknowledge that I don't have any real understanding of the
| economic context that drives people to do this.
| JabavuAdams wrote:
| Some of these people are probably spoiled brats, but others
| don't eat every day, or come from such a background.
| ed25519FUUU wrote:
| Greed is a powerful motivator.
| vlovich123 wrote:
| I bet you if this starts to matter the software will start
| monitoring your usage of each keyboard to make a call (eg no
| usage of Russian in the past month, this is likely just a
| prophylactic).
| trhway wrote:
| you can also check browser history for visits to "VKontakte",
| "Odnoklassniki" and "Anekdot.ru":)
| owl57 wrote:
| Not really. The machines they want to avoid the most are
| behind proxies that don't have these sites whitelisted.
| quercusa wrote:
| Next week's headline:
|
| "Hundreds of thousands of computers compromised through bug in
| Windows Russian keyboard driver"
| elliekelly wrote:
| I don't know much about how keyboards actually work but
| wouldn't the suggestion offered in the article insulate you
| from this risk:
|
| > But James says he loves the idea of everyone adding a
| language from the CIS country list so much he's produced his
| own clickable two-line Windows batch script that adds a Russian
| language reference in the specific Windows registry keys that
| are checked by malware. The script effectively allows one's
| Windows PC to look like it has a Russian keyboard installed
| without actually downloading the added script libraries from
| Microsoft.
| [deleted]
| curiousgal wrote:
| 2021 will go down in history as the year where Krebs finally
| decided to make his website mobile friendly! Hallelujah!
|
| That being said, the trick is to install a Russian virtual
| keyboard.
|
| Maybe this would all turn out to be a ruse years from now as the
| Russian keyboard drivers will have contained a 0-day. I would not
| be surprised.
| BenjiWiebe wrote:
| The article mentions a way of configuring the registry without
| actually installing the Russian keyboard.
| rsync wrote:
| This is classic victim rationalization in the face of an abusers
| whims.
|
| Maybe if I talk softly when he comes home or make just the right
| meal I won't get a black eye.
|
| Maybe if I do the correct little rain dance, Windows won't open
| up gaping security holes whose descriptions could have been
| written _twenty years ago_.
|
| It's not going to work.
|
| Windows is going to keep abusing you.
|
| You're going to keep getting black eyes.
|
| It is simultaneously _fascinating and depressing_ to know that
| more than twenty years later we 're still reading about
| autorun.inf and LANMAN.
| [deleted]
| EvanAnderson wrote:
| While I would agree that Windows has had a less-than-stellar
| security record (as has Unix, for that matter), I don't think
| an operating system-specific mechanism is at play for enabling
| ransomware.
|
| The paradigm that all programs run with a set of permissions
| defined by the identity of executing user is the main fault
| (i.e. I ran the ransomware and, therefore, the ransomware has
| access to all files I have access to). That's not unique to
| Windows.
|
| A capabilities-based permission system would help. I'm not
| convinced that capabilities will limit the damage to file
| servers, however. I don't see users or IT admins having the
| capacity to map out access to shared filesystems on a two
| dimensional matrix of security principals and applications.
| Most companies can barely pull it off for just security
| principals.
|
| If we move away from file servers the new ransomware will move
| to attacking whatever the next platform is, co-opting whatever
| "tokens" define the users' and devices' access to applications.
|
| Rate limiting and behavior monitoring are probably our best
| bets on long-term eradication of ransomware. (That and CoW
| filesystems becoming the rule, rather than the exception.)
| OminousWeapons wrote:
| I agree that moving off of Windows would be helpful, but I'm
| not sure that abandoning Windows is a realistic proposition for
| many companies given how much legacy tech exists.
| fnord77 wrote:
| kinda agree. I can't see why anyone in their right mind would
| use windows for security critical infra
| derefr wrote:
| Windows IoT Core is a pretty good RTOS, competitive with
| VxWorks. The NT kernel is good engineering. It's the Win32
| userland baggage that causes all the problems.
| dylan604 wrote:
| Can you have one without the other?
| EvanAnderson wrote:
| The native NT kernel APIs are "undocumented" and meant
| for private use inside Microsoft only.
| paulpauper wrote:
| enabling uefi secure boot is another. full disk encryption
| typically does not work with UEFI , so upgrading t to windows 10
| will make you immune to this. WIndows 7 uses legacy settings.
| Surprised the 'expert' on security would not notice this much
| better solution.
| goatcode wrote:
| Gee, a great big "RUSAI DID TIHS HACK" written across the
| software. Little sus?
| ellimilial wrote:
| [...] all currently have favorable relations with the Kremlin,
| including [...] Georgia, [...] Ukraine.
|
| One might wonder how unfavourable relations with Kremlin look
| like then.
| takeda wrote:
| Don't know much about Georgia, but even though Ukraine the
| leadership is against Russia, they do have part of the country
| that's favorable (mainly it was Russians that were moved to
| live in Ukraine during the Soviet era).
| slezyr wrote:
| > all currently have favorable relations with the Kremlin,
| including ... Ukraine
|
| Really???
| specproc wrote:
| Yeah, Georgia being on there was odd too, but lots of bizniz
| going on with the industries and infrastructure of both.
|
| That said, I've never been a fan of the all-too-frequent
| approach of armchair Kremlinology as a first and last line of
| investigation. I'd say it's likely just as much about
| targetting the attack in a direction where you're unlikely to
| get blow-back. I would not want to find myself negotiating with
| a representative of an angry Ukrainian vodka plant.
| nbk_2000 wrote:
| Georgia is a popular tourist destination for Russians, they
| might fear getting nabbed on vacation if they committed
| crimes there.
| specproc wrote:
| Hmm, maybe, but the point I was making was that if you piss
| the wrong company off in Tbilisi, they can find you in
| Petersburg.
| simion314 wrote:
| Weird that he included Romania too, Romania is part of NATO ,
| has pretty cold relations with Russia and we use a latin based
| keyboard.
|
| There must be a different reason.
| Elora wrote:
| They didn't, they included Romania (Moldova), which must be
| what they use in Moldova.
| xdennis wrote:
| It's "Romanian (Moldova)", i.e. "Language (Country)". East
| Moldova stopped calling it Moldavian a while ago and "mo"
| and "mol" have been deprecated.
| Elora wrote:
| My point stands, they did not include Romania, the
| country -- you would not have the Romanian (Moldova)
| keyboard installed in Romania.
| pajko wrote:
| Nope, that's Moldova. Reasons:
| https://en.wikipedia.org/wiki/Russians_in_Moldova
| https://en.wikipedia.org/wiki/Transnistria
| simion314 wrote:
| That makes sense, but the article is using the wrong reason
| , it placed Romania and Ukraine in a list of "Kremlin
| friends", I just wanted to append to the parent comment to
| clarify for people that don't know all the eastern European
| countries and the relations.
| meepmorp wrote:
| Donetsk and Luhansk are in the Ukraine, if only geographically.
| slezyr wrote:
| > in ~the~ Ukraine[1]
|
| They are essentially dead cities and I hardly think that they
| allow using Ukrainian layout.
|
| 1: https://web.archive.org/web/20080725060956/http://www.ukrw
| ee...
| Glavnokoman wrote:
| Funny. Did they also convince Germans to stop using the
| article when referring to that territory?
| meepmorp wrote:
| I also say the Sudan and the Congo.
| tetromino_ wrote:
| Criminal gangs from Russia and Ukraine continue to collaborate
| regardless of today's politics - love knows no borders. Plus
| there are around 2 million Ukrainians living in Russia.
| not2b wrote:
| Since Ukraine has a large Russian-speaking, pro-Russian
| minority, it's complicated. But the Russian government might
| still see intervention in Ukraine as sensitive, since there's
| a war on, and might want tighter control over any attacks
| used there.
| marcodiego wrote:
| It is lacking "before this video gets banned!".
| IncRnd wrote:
| Learn the software secrets of Bill Gates and other rich people.
| Imagine never getting malware again. Others have done this
| simple trick to stop viruses cold. Now you can, too!
| yosito wrote:
| This reminds me of one weird trick I use to avoid getting foreign
| language websites served to me while traveling. I remove en-US in
| my OS and broswers, and replace it with en-CA, as well as the
| other languages I speak. A lot of websites and software will see
| en-US and assume it's "just a default" and then try to serve
| content in a language determined by your IP or geographical
| region. But en-CA appears to be an explicit preference, so
| websites will serve English content instead of defaulting to
| geographic language detection.
| dbavaria wrote:
| This is the digital version of "Flag-jacking" where a traveler
| pretends to be from another country. In it's offline form it's
| also usually US citizens pretending to be Canadian.
| karmakaze wrote:
| I heard that it got so bad that they had to start using
| UK/Aussie/Kiwi flags because they would be spotted as
| Americans sporting Canadian flags.
| justnotworthit wrote:
| Big caveat is that OP wants to be treated as en-US and people
| won't believe him. Maybe the analogy is travelers who say
| they're from the US (or rural farm area, etc) and the person
| responds "you? no! really?".
| ajcp wrote:
| I remember when this became a "thing" again after 2003-onward
| when animosity toward the US was running high. I travelled
| around Europe, the Middle East, and Africa pretty extensively
| then, staying in hostels or using Couch Surfing (both hosting
| and surfing).
|
| Never once ran into a fellow American traveler who flag-
| jacked, although we all would share jokes about doing so,
| with a wink and a nod. I saw the occasional Canadian flag on
| a backpack, but from my interactions they were all
| convincingly Canadian. More often I saw travelers from the
| world over with flags from all the places they visited on
| their bags.
|
| I always suspected those Americans who actually flag-jacked
| were of the breed that visited Western-European capitals via
| tour-bus, dressed like they were on safari, and loudly
| compared everything to how it existed "back in the States".
| Dah00n wrote:
| US citizens seem to often do so..
|
| Unrelated, I once on a trip to the US met a group of
| motorcyclists on modern bikes and with proper, modern safety
| gear (at Grand canyon I believe). Having never seen this
| before in the US (outside sports bikers doing it as much as a
| clothing statement as for safety) I went over and said hi and
| said this was the first time I had seen this. "We are
| Canadians" they laughing replied.
| kevin_thibedeau wrote:
| It's more that the organ donor freedom riders vastly
| outnumber those thinking about safety.
| karmakaze wrote:
| On my way to Nova Scotia I passed through New Hampshire and
| rode without my helmet for a number of minutes. It was more
| fun than driving without a seatbelt which offers no such
| novelty--which is more like being on a sportbike with
| sandals.
| azinman2 wrote:
| I'm not sure where you're from in the US but I can tell you
| many motorcyclists are big into safety gear. Yes it'll
| probably be associated with a sports bike because in
| general people driving hogs are doing that for the
| statement rather than anything else because the bikes
| aren't very good (slow, poor steering, etc). I've never
| known someone on a sports bike to be wearing good safety
| gear just for the fashion as it's almost always a worse
| look.
| [deleted]
| sfblah wrote:
| The article sort of implies this is geopolitical (i.e. the
| hackers are "attacking" certain countries). I kind of doubt that.
| My guess is they're just afraid (with good reason) of the Russian
| government.
| kgeist wrote:
| This. ExUSSR law enforcement isn't bothered about what happens
| on the other side of the globe: incompatible legal systems,
| language barrier, bureaucracy etc. However, if DarkSide are in
| Belarus and attack Russian companies, they can easily be
| extradited etc. Also there's decades-old solidarity among
| exUSSR developers like a lot of software has free or cheaper
| licences for exUSSR citizens due to lower purchasing power
| 1vuio0pswjnm7 wrote:
| Progressive45 the sole comment has it right.
| pavel_lishin wrote:
| Quoting it here to save a click:
|
| > _How about this trick - don't run your business on Windows
| software._
| rsync wrote:
| https://twitter.com/rsyncnet/status/1394304666175885321
| shadowgovt wrote:
| I think these problems are somewhat intertwined.
|
| One person's feature is another person's increase in the
| exploit surface. An OS with enough features to be the most
| popular one on the planet may always end up with the most
| security holes.
|
| I can, anecdotally, name at least one example where cross-
| platform had a feature that was trivial on Windows, and
| nearly impossible to implement on MacOSX (until Apple
| widened the graphics API to make it much easier because
| they needed the feature for QuickTime)... because it
| required one process to be able to render into the windows
| owned by another process. This enabled all kinds of cool
| features... Including the ability to spoof a dialog box in
| another app that made it look like it was asking for your
| credentials, while sending the data to an attacking app.
| pwdisswordfish0 wrote:
| > _Russian hackers are a diversion from the real problem:
| Microsoft Windows and a 25-year legacy of terrible security
| holes._
| 1vuio0pswjnm7 wrote:
| IMHO, for what it is (or was), Twitter overuses Javascript.
| twit rsyncnet |grep -o ".{71}5321.{563}" |sed -n 2p
|
| For twit, see https://news.ycombinator.com/item?id=27056734
|
| Output:
|
| "Mon May 17 14:51:52 +0000 2021","conversation_id_str":"139
| 4304666175885321","display_text_range":[0,205],"entities":{
| "user_mentions":[{"id_str":"74286565","name":"Microsoft","s
| creen_name":"Microsoft","indices":[56,66]}],"urls":[],"hash
| tags":[{"indices":[67,75],"text":"Windows"}],"symbols":[]},
| "favorite_count":2,"favorited":false,"full_text":"Russian
| hackers are a diversion from the real problem: @Microsoft
| #Windows and a 25 year legacy of terrible security holes.
| DECADES of getting owned by autorun.inf and LANMAN, etc.
| Whose fault is that ?","is_quote_status":false,"lang":"en",
| "quote_count":0,"reply_count":0,"retweet_count":1,
|
| It is amazing how Microsoft can escape all liability for
| the problems of "cybersecurity". Perhaps this is what
| happens when competition has been eliminated (not by
| superior product quality) and there are no alternatives.
| Quality control problems with the product must be lived
| with along with endless diversions/scapegoats.
| zoomablemind wrote:
| Let's not kid ourselves with a false sense of security from the
| keyboard "trick". The memories of Petya crypter
| https://en.m.wikipedia.org/wiki/Petya_(malware) are still fresh
| and supposedly have similar pedigree.
|
| It was readily running (targeting even) on Ukrainian PCs.
| juskrey wrote:
| The conclusion is BS. Real reason for filtering Russian and
| similar computers is "extrajudicial consultants" which are taking
| care with a problem when stepping on big company in exUSSR.
| caeril wrote:
| This is obviously correct, but bear in mind this is coming from
| Krebs, whose first and only instinct is _always_ to blame the
| GRU for literally everything.
| thenoblesunfish wrote:
| The article sort of implies that Romania is on the list of
| countries being excluded, but note the chart which says "Romanian
| (Moldova)" - the Romanian language is indeed spoken there.
| ed25519FUUU wrote:
| This is really fun inside baseball for these groups.
| Unfortunately, once the cat is out of the bag how long will the
| "fix" work? Especially if it's being posted on Krebs.
|
| Plenty of other places to check, such as TZ date, or IP
| geolocation.
| bluGill wrote:
| Those tricks are dangerous though. The whole goal is to ensure
| the Russian authorities don't care what you do. Attack someone
| not in Russia and they don't care, but if you make a mistake
| and the Russian police will come knocking.
| fnord77 wrote:
| > They simply will not install on a Microsoft Windows computer
| that already has one of many types of virtual keyboards installed
| -- such as Russian or Ukrainian
|
| does this ransomware software run on macos or linux?
| krebsonsecurity wrote:
| Actually, yes the DarkSide ransomware has a Linux version. See:
| https://krebsonsecurity.com/wp-content/uploads/2021/05/darks...
| Glavnokoman wrote:
| " Who are we NOT looking for?
|
| ------------------------------
|
| English-speaking individuals. "
|
| That made me laugh. Now I really wonder if those ransomware
| groups are that stupid or Krebs himself.
| owl57 wrote:
| Why, looking for partners of the same cultural background
| and specifically excluding another cultural background
| (presumably correlated with being a CIA agent or whatever?)
| sound like things criminals would do. The only strange
| part: why would this be written in English?
| nominated1 wrote:
| From your link under the Linux section:
|
| Support of main versions of ESXI [5.1 - 7.0].
|
| Support of NAS (Synology, OMV, etc. (TBA)).
|
| It doesn't surprise me to see those listed but I don't see
| support for traditional Linux (Redhat, Debian, etc.). Am I
| missing something here?
| boomboomsubban wrote:
| I doubt much ransomware is developed to be cross platform,
| having three different programs seems more logical. It might
| launch under wine?
| toyg wrote:
| "Much" no, but I'm sure I've seen report of python-based
| ransomware.
| beermonster wrote:
| https://uk.news.yahoo.com/java-based-ransomware-targets-
| wind...
| Shadonototro wrote:
| how do they know it's the russians? they see an IP from russia
| and they assume they are russians?
| jmt_ wrote:
| "...virtually all ransomware strains have a built-in failsafe
| designed to cover the backsides of the malware purveyors: They
| simply will not install on a Microsoft Windows computer that
| already has one of many types of virtual keyboards installed --
| such as Russian or Ukrainian."
| barbazoo wrote:
| Realistically though, this is hardly evidence, is it? I'm not
| saying it's not originating from that area obviously.
| bluGill wrote:
| I think the major governments of the world have more
| evidence they are not sharing. Russia is one of the few
| countries in the world that you can't get a wanted criminal
| out of makes it very likely they are the ones as otherwise
| there have been enough high profile attacks that something
| would have been done.
|
| If Afghanistan was harboring criminals like this the US
| would invoke NATO and send the military. However Russia is
| a bit too big for the US to be willing to tangle with.
| ghawr wrote:
| Correct, they don't know for sure but circumstantial
| evidence points in that direction.
|
| https://qz.com/2007399/the-darkside-hackers-are-state-
| sancti...
| [deleted]
| ghawr wrote:
| In this case, it is private criminal enterprises originating in
| Russia or former soviet satellite state. They're not state
| sponsored so much as they are state sanctioned as they turn a
| blind eye to it so long as they don't target any homeland
| targets.
| cure wrote:
| It's kind of funny that Krebs doesn't mention the other obvious
| "one weird trick", which has been around for decades now: do not
| run your critical systems on Windows.
| Someone1234 wrote:
| Or Linux:
|
| https://en.wikipedia.org/wiki/Linux.Encoder
|
| Or MacOS:
|
| https://en.wikipedia.org/wiki/MacOS_malware#Ransomware
|
| The reality is that this problem is 90% systemic/organizational
| and 10% technological. You can definitely run _only_ Linux,
| make the same mistakes as these Windows shops made, and get
| destroyed by ransomware.
|
| A lot of this problem is getting the fundamentals wrong (flat
| network layout/design, no/bad backup strategy, shared
| credentials across different _classes_ of equipment, and too
| liberal inter-access). Much of which is wrong for
| organizational _convenience_ and sometimes cost savings.
|
| I can look at an org without even knowing what OS they run and
| tell them if they're vulnerable or not, because the assumption
| you _must_ make is that entry _will_ occur at some point, and
| then evaluate how or to what extent it can propagate and what
| the costs /consequences will be.
|
| Ransomware _will_ continue until organizations and their
| management are held accountable for their own incompetence
| /apathy/cost-cutting, that let the ransomware cripple the
| company. If I was on a company board I'd ask for the CEOs job
| if backups didn't exist or company operations shut down for
| multiple days/weeks, but that isn't happening.
| yjftsjthsd-h wrote:
| That malware exists for multiple platforms does not mean that
| it occurs with similar frequency across platforms. I strongly
| suspect that, all other things held equal, an org running all
| Linux would statistically fare better than one running all
| Windows. Even if that's true it doesn't justify ignoring
| other measures just because of your OS, but I seriously doubt
| that it doesn't help.
| mumblemumble wrote:
| This is one of those tricks you don't want to publicize if
| your goal is to increase your own security. Linux being
| less of an attack vector than Windows has little to do with
| its inherent security (I wouldn't be surprised if Windows
| has Linux solidly beat in this department nowadays) than it
| does with how many and what kinds of computers run Linux.
|
| If a company's Linux boxes mostly run production servers
| that are generally stateless and/or covered by a
| comprehensive disaster recovery policy, then there's a good
| chance that their response to your ransomware attack will
| be to laugh in your face and push the "recover" button.
|
| On the other hand, there's a decent chance that at least
| some of the company's Windows computers contain some
| critical spreadsheet that holds together some essential
| business process and isn't being regularly backed up.
|
| The thing is, that balance only works as long as there
| aren't a whole lot of organizations running all Linux.
| Because, if there were, then you'd start to see more of
| those critical irreplaceable files living on people's Linux
| desktops.
| yjftsjthsd-h wrote:
| It is not obvious to me how to compare the fundamental
| security of NT and Linux, although I give some credence
| to the traditional answer that >90% of servers are on
| Linux (i.e. there's no shortage of valuable targets) so
| if it were really that easy to attack people would do it.
| However, even assuming comparable inherent security of
| the OS, it is trivially true that more malware exists for
| NT than Linux, so for non-targeted attacks Linux is
| probably safer. And, of course, if you're worrying about
| targeted attacks (such that people knowing what you run
| is a problem), then OS is almost irrelevant because you
| need to do some serious hardening regardless.
| inetsee wrote:
| Serious question: If you are really paranoid about getting
| hacked, or you're operating in an environment that requires
| hardcore security, wouldn't your first choice of operating
| system be OpenBSD?
|
| I have often read about how secure OpenBSD is, but I've also
| thought that you give up a lot of convenience in using it. I
| don't think my circumstances would justify switching to
| OpenBSD.
| WrtCdEvrydy wrote:
| I'd honestly say Qubes now... just virtualize everything :D
| bluGill wrote:
| Until someone figures out how to attack virtual machine.
| sodality2 wrote:
| I think the issue is that if you use linux you are usually
| smart enough to not get infected, windows users are the
| majority and thus get hit more. What is the term for this
| phenomenon? I know I read the wikipedia page for this
| phenomenon in the last year.
| robjan wrote:
| I'd hazard a guess that more of us have done this than
| haven't:
|
| curl https://raw.github.com/innocent/script.sh | sudo sh
| sodality2 wrote:
| I'd hazard a guess that a far LESS percentage of linux
| users do so, than Windows users who would open an exe if
| their browser told them to and fall for other types of
| ransomware.
| tablespoon wrote:
| > I think the issue is that if you use linux you are
| usually smart enough to not get infected, windows users are
| the majority and thus get hit more.
|
| It's been a long time since "using linux" meant you're
| "smart enough to..." Probably around the time corporate IT
| departments everywhere realized Linux on x86 was cheaper
| than Solaris and could still get the job done.
| sodality2 wrote:
| For sure, there are dumb linux users and smart windows
| users. But the percentage is skewed since you generally
| don't use linux unless you have a minimum amount of
| skill; especially on desktop there are WAY more non
| proficient windows users than non proficient linux users
| + windows is preinstalled on basically every consumer
| device.
| kelnos wrote:
| Also on the desktop the prevailing method of malware
| infection is probably from downloading .exe files from
| sketchy sites (or email attachments) and running them. Or
| from websites exploiting browser bugs to do OS-specific
| things (though I imagine these sorts of vulns are hard to
| come by these days).
|
| The vast majority of these are going to be Windows
| executables and Windows-specific things. Your random
| malicious website is much more likely to target Windows
| desktop users than Linux desktop users.
| tclancy wrote:
| That's what everyone else said up until they did.
| sodality2 wrote:
| Sure, still happens to less Linux users as a percentage
| compared to windows users...
| tw04 wrote:
| >I think the issue is that if you use linux you are usually
| smart enough to not get infected
|
| I think that's an extremely poor assumption. How many
| people on HN run containers with "docker run"? How many of
| those users actually went and personally audited those
| containers before doing a docker run vs. just trusting
| someone else checked first? I can tell you first hand I've
| seen dozens of customers do a docker run with a public
| image on a system attached to an internal network without
| giving it a second thought.
| sodality2 wrote:
| > How many people on HN run containers with "docker run"?
|
| I'd hazard a guess that a far LESS percentage of linux
| users do so, than Windows users who would open an exe if
| their browser told them to and fall for other types of
| ransomware.
| miguelmota wrote:
| It might reduce attacks but no operating system is bulletproof
| and attackers devote more resources to the operating system
| with more market share. If all infrastructure running on
| windows changed to linux, then linux would be the new target.
| jascii wrote:
| Linux has an over 90% market share on critical infrastructure
| like servers and cloud resources which I would consider prime
| targets for ransomware. Who cares about an infected
| workstation, reinstall and move on.
| breakfastduck wrote:
| Impossible for most organisations
| ramraj07 wrote:
| Or the actual fix - real tested backups. Stop blaming a
| reasonable secure OS when almost no competitor is noticeably
| more secure and only happens to not be hacked much because of
| obscurity.
| xbar wrote:
| The hacker couldn't stop the pcap capture. You won't believe what
| they got!
| shanecleveland wrote:
| This made me think of the bike manufacturer that printed images
| of flat-screen TVs on the outside of their boxes to reduce damage
| during shipping. It worked better than actually printing warnings
| like "Fragile" or "Handle with Care."
|
| Just a more creative solution to a problem instead of a more
| technical one.
| max_hammer wrote:
| Interesting. Could you please share source for this.
|
| AFAIK bikes imported as CBU are placed in special crate.
| ineedasername wrote:
| If I ordered a bike from Amazon and got a box like that, I
| might just figure "oh crap, they sent me the wrong thing" and
| process a return without even opening it. And then be highly
| confused when it happened again with the replacement.
| shanecleveland wrote:
| I hadn't thought about that aspect. I don't believe they sold
| through Amazon, and I am not sure what the return address
| would have said, but I assume that wasn't a major issue for
| them if it was worth the effort.
| bellyfullofbac wrote:
| If they're clever, it's a picture of a TV with a screengrab
| of the bike in action. The delivery guy would think "It's a
| TV". And you, expecting a bike, would think "Hah, weird box
| art, but that's the bike I ordered indeed"
| shanecleveland wrote:
| Close. Check the image in this article:
| https://www.bicycling.com/news/a20027122/vanmoof-tv-on-
| box-d...
| drummer wrote:
| >Our goal is to make money, and not creating problems for
| society," the DarkSide criminals wrote last week.
|
| What? Srsly, what?
| otar wrote:
| Note: CIS map is outdated, country of Georgia had withdrawn from
| the organization as a result of a 2008 Russo-Georgian war.
| [deleted]
___________________________________________________________________
(page generated 2021-05-17 23:01 UTC)