Slashdot Mirror
Digital Thieves Use Ex-Employees Accounts
prostoalex writes "The New York Times is running an article about a new generation of digital thugs. Using unsecured wireless networks, free e-mail accounts, a wealth of security knowledge, and, most important - employee passwords, thieves are getting access to valuable company databases. Once they're in, they start extorting the companies to pay up for them to leave. Otherwise phony e-mails to customers and sensitive information published publicly will lead to an embarrassment."
it seems like mostly smaller and medium-sized businesses would be vulnerable to this, not larger corporations, or perhaps a small division of a larger corp, because access to big cash usually requires the blackmailee to go through some kind of board of directors who are going to refuse to yield, while a more tightly-knit mom and pop shop is going to have no one to turn to. A big company could have all sorts of resources immediately available for damage control (e.g. warning customers of fraudulent information, quick access to high-level law enforcement, à la FBI). Sigh, and all because of wireless networks. When is Cisco, D-Link, Netgear, going to learn to turn on encryption by default? Microsoft learned the hard way; users are too damn stupid to secure anything on their own, and that includes business. That's what it comes down to, stupidity.
Take off every sig. For great justice.
But you do exactly one thing with a vehicle: you move stuff in it. It's an assembly of a few simple systems, including, usually, locks, AC, stereo, and the vehicle itself. Your car doesn't serve arbitrary media, facilitate content creation, and enable you to search the Internet and talk to your friends, as well as monitor itself, all with one complex system.
Sure, a computer isn't a single system, but it's a set of systems with a single interface, and your actions are rather more separated from effects than driving a car.
So if you want to have a computer that's configured so it'll 'just work', you need someone else to tell you what you're going to use it for. That's the only way to streamline the interface so people can maintain their laziness or stupidity, or not spend time they don't have to learn a complex interface.
Corporations, on the other hand, have special needs that a reduced interface would break. But they have the resources to hire people who do understand computers. Just like UPS hires mechanics to service its vehicles. There are two issues:
- Corporations don't want to spend more time and lose more money in implementing and testing secure systems--they want something that 'just works', not something that works well.
- The people being hired by corporations are probably incompetent or else uncaring, at least in the case of all those recent incidents such as the CardSystems breakin. Both factors are influenced by budgeting: corporations aren't spending enough to hire good IT people, and they aren't spending enough to pay their IT people to do a good job.
And I agree about Booth--he was a true champion of states' rights.
I think the main problem for the wannabe hacker is the getting paid bit. How the heck do they remain anonymous and get paid?
It's all very well to do that to a company, but you aren't exactly going to hand out your own bank details to the company in order to get paid.. heh.
- paul
http://pmp.deviantart.com/
Pmp @ DeviantArt
Nothing will change until a large attack steals congressional credit card numbers, blacks-out the entire East Coast for two weeks, diverts Taco Bell supply trucks to Canada, or shuts down all the free porn sites. We are a reactionary society. Even when tools like encryption and AV are practically free, 99.9% of the population won't use them until something really bad happends or they are forced. Security WILL be forced upon us after a "Digital Pearl Harbor" touches us all. It's not a matter of if, but when.
This is MUCH more effective... ...site that's already running "beneath the radar"
I don't know, I think there are plenty of companies that operate 'above the radar' that would be horrified at the thought of customers being able to see what's really going on in the back room. Getting the FBI involved can be thought of as riskier than just paying up. If they are detected while going to the authorities, the psycho that's threatening them can release all the secrets and just disappear. Screw the money, you're just plain going DOWN now. Just as kidnappers can threaten (and make good on that threat) that they will harm or kill their captive if you go to the cops. And, just because your business is legitimate on paper doesn't mean it's actually operating that way either.
There seems to be a lot of comment about the case, considering that he asked to have the cheque made out his own name.
This line even appears in court documents (pdf).
.. paranoid crackpot leftover from the days of Amiga.
You're probably thinking of Dr. Sam Vaknin's, Narcissistic Leaders. My favorite topical quote;
Sound familiar?
"I've got more toys than Teruhisa Kitahara."