[HN Gopher] State Department to pay up to $10M for information o...
___________________________________________________________________
State Department to pay up to $10M for information on foreign
cyberattacks
Author : WaitWaitWha
Score : 114 points
Date : 2021-07-16 15:36 UTC (7 hours ago)
(HTM) web link (www.darkreading.com)
(TXT) w3m dump (www.darkreading.com)
| werljlekrjert wrote:
| How do I pronounce
|
| G
|
| R
|
| I
|
| F
|
| T
|
| /
|
| C
|
| O
|
| R
|
| R
|
| U
|
| P
|
| T
|
| I
|
| O
|
| N
|
| Fuck, I'll take a baseball to the Ukraine and get it done on the
| cheap.
| artursapek wrote:
| They should ask their buddies over at the CIA ;^D
| igorzx31 wrote:
| The CIA doesn't monitor cyber, that would be the NSA and US
| Cyber Command
| [deleted]
| paulpauper wrote:
| How about kidnapping them. Sorta like the bin laden raid. I don't
| think putin would do much or care.
| [deleted]
| asquabventured wrote:
| I think that's a really, really bad idea if they're on Russian
| territory. Would create a precedent for the Russians (and other
| adversaries) to do the same to US citizens.
| EveYoung wrote:
| I agree that it probably would be a bad idea. That said,
| Russia executes state enemies on foreign territories already.
| And Vietnam kidnapped an asylum-seeker in Berlin in 2018.
| Another example, are the recent kidnapping allegations
| against Iran (https://www.justice.gov/usao-sdny/pr/manhattan-
| us-attorney-a...).
| tareqak wrote:
| Same story from a different source (the Associated Press):
| https://apnews.com/article/technology-joe-biden-europe-busin...
| flowerlad wrote:
| The government should offer a similar reward for information on
| US corporations who run critical infrastructure, or hoard
| personal information on US citizens, and don't maintain proper
| security.
| ixacto wrote:
| So basically all the credit rating agencies and the government
| itself? Or does the OPM get sovereign immunity?
| https://www.lawfareblog.com/why-opm-hack-far-worse-you-imagi...
| cgb223 wrote:
| A government bug bounty program would be a huge step forward to
| our defense.
|
| Could even encourage would be hackers to go white hat
| flowerlad wrote:
| The payout should come from the company that has the
| vulnerability, not US taxpayers. So basically there needs to
| be a law that states that if you run critical infrastructure,
| or hoard personal information on US citizens then you are
| required to set aside X dollars to pay white hat hackers who
| find vulnerabilities.
| sircastor wrote:
| That might have the added benefit of incentivizing better
| security practices overall.
| devwastaken wrote:
| Why exactly do we have internet lines to enemy countries that
| were at war with by proxy? We can block their routing with the
| flick of a switch. The harm done by countries were at war with
| far outweighs the benefits.
| l33t2328 wrote:
| We are by no means at war with Russia.
| A4ET8a8uTh0 wrote:
| Does it really outweigh the benefits? It automatically
| splinters the internet into regional little nets. All those
| things that are currently possible, because internet exists in
| its current form cease to work.
|
| And what countries are we at war with? Please be specific. This
| is not a trick question.
| Animats wrote:
| _" Russia's most aggressive ransomware group disappeared. It's
| unclear who made that happen."_ - NYT.[1]
|
| Somehow, the problem seems to have been dealt with.
|
| [1] https://www.nytimes.com/2021/07/13/us/politics/russia-
| hackin...
| salimmadjd wrote:
| From the AP version (h/t @tareqak) [0], "identification of anyone
| engaged in foreign state-sanctioned malicious cyber activity".
| Key phrase, _state-sanctioned_.
|
| This has less to do with tracking down cybercriminals, and more
| with creating a case for foreign policy agenda.
|
| Remember it was WMD informant "Curveball" testimony to then
| Secretary of State Powell, that was used as one of the key
| pretexts to invade Iraq.
|
| Essentially if an administration comes with an agenda to start a
| new war, they put the right people inside the State Department
| and then those guys just need to comb for anything (validated or
| not) to find "informants" to make the case for cyber attack.
| Followed by making the case in media that cyber attack is
| military attack and it requires military retaliation.
|
| This will bypass the entire US intelligence system to validate
| the source of threat. It just needs one person to claim they were
| involve in cyber attack against US and it was sponsored by the
| government of Iraq, Iran, Venezuela, or any other country we want
| to go after.
|
| I highly recommend watching this portion of the town hall with
| former US Congressman Dennis Kucinich talking about how non
| disclosure rules prevented the Congress from speaking out against
| US State Department spreading false information to American
| public [1].
|
| [0] https://apnews.com/article/technology-joe-biden-europe-
| busin...
|
| [1] https://youtu.be/s-W9b-_K_Xo?t=2433
| jonnybgood wrote:
| > Essentially if an administration comes with an agenda to
| start a new war, they put the right people inside the State
| Department and then those guys just need to comb for anything
| (validated or not) to find "informants" to make the case for
| cyber attack. Followed by making the case in media that cyber
| attack is military attack and it requires military retaliation.
| This will bypass the entire US intelligence system to validate
| the source of threat. It just needs one person to claim they
| were involve in cyber attack against US and it was sponsored by
| the government of Iraq, Iran, Venezuela, or any other country
| we want to go after.
|
| That's a very oversimplified odd narrative. Unlike Iraq and
| mysterious nuclear related material objects, cyber attacks are
| happening. And it's quite evident US is lacking in this area.
| The US doesn't need "one person" when there are clear
| signatures and traces that are substantiated not only by the US
| intelligence system but also by non-government entities.
| nyokodo wrote:
| > The US doesn't need "one person" when there are clear
| signatures and traces
|
| How clear are they really? How hard is it to pin an attack on
| another group or country?
| jnosCo wrote:
| I think this could be a very effective countermeasure. It reduces
| trust between members of a crew, and between crews themselves. If
| you're constantly suspicious of Ivan the mail campaign guy
| ratting you out for a payday, it makes the whole business focus
| more on opsec and less on offense. Though sole operators can do
| plenty of damage on their own, they probably are less likely to
| be state-backed.
| trhway wrote:
| Does it come with Green Card for Ivan?
|
| >it makes the whole business focus more on opsec
|
| and that is bad?
| neatze wrote:
| You need only to invest 500K (that passes AML) in US to get a
| green card.
| anter wrote:
| No longer the case. EB5 requires $1,800,000 that can be
| reduced to $900,000 if it's in the Targeted Employment
| Area.
| trhway wrote:
| with known criminal background? That is my point - without
| State Department waiving such requirement and issuing
| GC/witness protection the Ivan would be easy reachable for
| FSB in any other country.
| lisper wrote:
| With $10M in the bank there are surely many countries that
| would welcome him with open arms.
| DaniloDias wrote:
| Wow. Wonder what Alan Einstein is advising the leadership on the
| effectiveness of this approach. You should work hard to minimize
| all of your taxes if this is how they are going to waste it.
| exabrial wrote:
| Oh I got this: A bunch of US IT Firms left the front doors
| unlocked and got mad when someone walked in and took their stuff.
|
| Now that I've root caused it, I prefer next-day ACH if possible.
| PM for my bank details, thank you!
| giantg2 wrote:
| But wouldn't the methods needed to obtain that information
| generally carry a high risk of prosecution for illegal acts? I
| dont even want to go into specific chat rooms or browse the dark
| web for fear of being swept up in some overzealous prosecutor's
| net. Even if your innocent it can cost thousands of dollars and
| years of your life to prove it.
| 3pt14159 wrote:
| You'd think that, but no, not really. If you talk to a lawyer
| first and he registers what you're doing with the police first
| and you don't actually break the law, you'll be fine. Lots of
| bounty hunters and private investigators are in the same game.
| Going to the police saying "I want to earn this $10m reward by
| finding those horrid blokes and here is why I'm qualified"
| isn't going to completely blow their mind.
|
| But it could get you hacked or worse.
| giantg2 wrote:
| Most states require bounty hunters and private investigators
| to have a license.
|
| Usually notifyingthe police is something they would do for
| physical situations. It could get tricky on the internet when
| dealing with jurisdiction. You would likely have to file
| something with the local police, state police, and DOJ/FBI/?.
| Honestly, the level of competence is not stellar. You could
| still be searched/raided/arrested and inconvenienced for days
| to years. Just look at how long Crosby was in prison with an
| all-star level legal team and protective agreement with the
| DA...
| nubb wrote:
| Totally agree. Some shitty prosecutor will 1000% make some
| Americans life miserable just to add a conviction to their
| belt. The risk is probably not worth the reward.
| eloff wrote:
| Here's a crazy idea of dubious ethical value:
|
| The problem with Russian hackers is the law there doesn't give a
| damn, so they're untouchable.
|
| Why not ignore the law then? Put a price on their heads and use
| the same Russian criminal elements to take them out. Do that a
| few times and the problem will magically vanish. Nobody will be
| willing to work for these gangs.
|
| It also makes the Russian courts have to consider whether they'd
| rather handle this inside the law or deal with consequences of it
| happening outside the law.
| [deleted]
| beermonster wrote:
| > The problem with Russian hackers is the law there doesn't
| give a damn, so they're untouchable.
|
| Is it not the case that no Russian criminal offence has taken
| place?
|
| Not that I'm saying that's great, but that might be the excuse
| needed to look the other way whilst carnage ensues ?
| seppin wrote:
| > The problem with Russian hackers is the law there doesn't
| give a damn, so they're untouchable.
|
| Not if they get sick of Sochi and decide to holiday in Thailand
| one day.
| Applejinx wrote:
| In a sense that's what this is. It's sort of going, Russian
| oligarchs are impossibly wealthy and can pay to do anything
| they like and run their government and are/are like the Russian
| mob?
|
| Fine. The United States as a country is also impossibly
| wealthy, Texas alone is worth more than the country of Russia
| GDP-wise. Therefore, go on with your oligarch selves and you
| can just compete with the State Department, bribe against
| bribe, payoff against payoff. Have fun.
|
| Seems clever and practical to me. If you're up against folks
| who can put a price on anything, outbid 'em and you're fighting
| with their weapons on their terms.
| runnerup wrote:
| This would normalize extraterritorial direct action on both
| sides. Yes, Russia assassinates people in the UK with nerve
| agents. But if the USA follows the suggestion you proposed
| above, Russia will respond with regular direct action on
| American soil to target people they're interested in.
|
| Plus the USA has enough control over global financial systems
| and extraditions from third party countries that the US
| government can make life difficult for individuals if they ever
| want to travel outside of Russia, spend/store money outside of
| Russia, or buy things directly from companies that are outside
| of Russia.
|
| USA can do these things without inviting potential
| assassinations within its borders.
| foolinaround wrote:
| I am guessing the US does this as well, but is just not
| reported?
| nuclearnice1 wrote:
| Given the lack of reporting, what information informs the
| guess?
| Applejinx wrote:
| Russia responding with direct action on American soil will
| play very poorly. I'm not convinced that, politically, they
| can do any such thing. They depend very heavily on motivating
| genuine Americans to do their direct action for them.
| staticassertion wrote:
| Or we just get US companies to step up their security. US infra
| is a ridiculous soft target.
| teawrecks wrote:
| Ooo solutions that include a magic step are very attractive to
| me...
___________________________________________________________________
(page generated 2021-07-16 23:01 UTC)