Slashdot Mirror

← Back to Stories (view on slashdot.org)

British Crackers Demand Millions in Inforansom

Posted by ryuzaki0 on from the getting-to-be-a-trend dept.

RuntimeError writes "The Times of UK report that a group of British Cr/Hackers have broken into the computer systems of atleast 12 multinational companies, stolen confidential files, and are holding the companies to ransom." One of the companies is Visa, as in credit cards. I believe this has far more hysteria potential than the recent CDuniverse inforansom scandal. Expect the usual pundits to be all over this story within the next few days.

7 of 190 comments (clear)

  1. Re:Securing systems. by sjames · · Score: 4

    The sysadmins should have full access to everything, and know as much as possible, so that they can squash a bug if they find one, without delay.

    Not necessarily. For example, the sysadmin only needs to know where and how credit card numbers are stored, not the passphrase needed to decrypt them. Or the threat could be reduced by using a capabilities based system where most admin duties are performed with only a subset of root capabilities. Full root could require a valid login from two sysadmins. That wouldn't preclude insider fraud, but it would be less likely and harder to get away with.

  2. The reason you know it's rubbish... by Gerv · · Score: 4

    ... is the author. Jon Ungoed-Thomas has managed to embarrass himself several times in the past, once by e-mailing Earth First! pretending to be an anti-corporation activist called "Jo", trying to provoke them into letting him in on something illegal. He sent the e-mail from the address jonathan.ungoed-thomas@sunday-times.co.uk!

    More details at NTK - search for "Ungoed".
    Gerv

  3. We need a word for this. by Hobbex · · Score: 4

    I think the next thing we need a word for, after "benchcrafting", is "hacksationalism" (or maybe "cracksationalism" before people flame me) to cover all these media stories trying to spread panic about cracks amounting to nothing.

    I can't be bothered to look it up now, but I'm almost convinced that The Times has featured a number of stories like this before, all of which indeed did lead to end of civilisation as we knew it (or maybe not...)

    So what about this one, well:

    "The group is using very sophisticated techniques and has been exchanging information via e-mail and internet chat," said an investigator.

    Wow, malicous hackers that can use email and IRC! They have got to be a dangerous threat!

    It is understood the hackers stole computer "source codes" that are critical to programming, and threatened to crash the entire system.

    Now that is good journalism! Don't bother explaining that "code" has two meanings in computers, and that the "source code" has nothing to do with accessing the site (unless it was broken to begin with, but...) But then we do know how expensive it is when a hacker gets your source code, look at poor Sun who had to recode Solaris from scratch after Mitnick looked at its source (what? Didn't they? They must have since they claimed the entire cost of it in damages.)

    Also, in both this and the CDUniverse case, the hackers are (apparently) trying extortion as a way of making money off their cracks. Extortion is a really, really, really, bad way of committing crimes without getting caught. Unless you happen to have serious underworld money laundering connections, you are going to get caught when you try to get your hands on the money - for sure. If these guys think they can walk a way with a suitcase of "100 thousand quid in unmarked twenties" they have watched too many movies.

    -
    We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.

  4. Re:Inforansom... by konstant · · Score: 4

    Unfortunately, as long as companies keep storing customer's/client's valuable information in insecure places with insecure software, there will always be some cr/hacker that will find a way to nab it.
    Even more unfortunately, the media will skew and distort this to the point where the spoonfed masses won't see the real point (which is that better security is needed at these online companies). Such is life.


    DEFENDANT: Your honor, I only killed that man to demonstrate how extremely poor most people are at self defense! Consider it an act of charity to society at large.

    JUDGE: I never saw it that way! I will enroll in a Tai Jitsu Kata class immediately! Case dismissed!!!!

    ---

    ATTORNEY: And so you see ladies and gentlemen of the jury, my client did not rob the bank as an act of theft per se, but rather as valiant display of public zeal! How many of you slept easy last night entrusting your money to the poorly secured bank vaults of the neo-syndicalist dogs at First National Savings?!!?!

    JURY FOREMAN: This man is a hero! I am going to stuff my money into my mattress forthwith! Down with the WTO! Case dismissed!!!!

    ---

    JUDGE: For your crimes against society, I hereby sentence you to hang by the neck until dead!

    DEFENDANT: But your honor, by poisoning the water supply of the local KiddieCare Nuture Center, I indicated strikingly the need for higher quality water filtration. And by ransoming the life of 2 year old Phiddeas Quilch (whom I knew already to be dead) I displayed the ironic certainty that a society designed around monetary transactions is inherently debased with greed and treachery!

    JUDGE: You are a wonderful person!!! Thank you!!! Cased dismissed!!!

    -konstant
    Yes! We are all individuals! I'm not!

    --
    -konstant
    Yes! We are all individuals! I'm not!
  5. I wouldn't trust "The Times" with a bargepole by kojak · · Score: 4

    The Times was, a very long time ago, the paper of the elite in the UK. Then Murdoch bought it and took it downmarket in the search for sales after its traditional userbase migrated to the Telegraph / FT / Independent / Guardian.

    Hence they're a bit clueless now. This story has been going for a few days in the UK, but no details are apparent, no arrests have been made, no evidence shown. I'm sure somebody has made some threats, but then there's always somebody out there who'll make threats.

    Interestingly, the UK government has laws going through, as I'm sure everybody knows, that would allow law enforcement to demand encryption keys from anyone without the need for judicial oversight or reasonable grounds, and also to then require you not to tell anyone. I'm sure the promulgation of stories like this one is supported by the agencies that stand to benefit.

  6. Re:An old rule about demanding money: by aphor · · Score: 4

    You seem to be oblivious to the distributed dead-man switch of internet data release/publication.

    I die. I forget to log into any one of many "magic" accounts out there, or something. A script in several places on the net times out, and lets the cat out of the bag on Usenet.

    ask for *WAY* more than it would take to kill you professionally. *WE* of technologically endowed brain, beyond good and evil are the masters here.

    --
    --- Nothing clever here: move along now...
  7. Bring on the defenders of crime! by swordgeek · · Score: 4

    Well if past records are anything to go on, any second now someone will post here about how we should be thanking the crackers for forcing the companies to get their acts together. This will come despite the fact that the crackers are thieves, blackmailers, and dealers (of illegally obtained information).

    I wonder how culpable Visa really is in this. I suspect that they had good solid security in place, and that the criminals broke in through some actual code bugs. (i.e. some new buffer overflow, rather than something like poor/no password selection)

    I'm not sure what to make of the fact that Visa didn't tell the public, though. That's a bit disturbing.

    --

    "People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban