Slashdot Mirror
$1M Reward Offered To Nab Data Breach Extortionist
alphadogg writes with this excerpt from NetworkWorld:
"Express Scripts, the pharmacy benefits management company which recently disclosed an extortionist is demanding money by threatening to expose millions of patient records the company holds, Wednesday said it has decided to offer $1 million to nab the perpetrator. 'We're going on the offense with this reward,' an Express Scripts spokesman said. The $1 million will be paid to anyone who provides information leading to the capture and conviction of the extortionist who sent a letter to Express Scripts in early October that contained personal information on 75 people, considered members, who use the company's pharmacy-benefits services. The extortionist claims to have information on millions more Express Scripts members and wants money to not reveal it."
Terrorize the slimebag instead. Make him wonder which one of his buddies that he bragged to will turn him in.
I think there may be a small problem with that. Didn't the USA offer a reward similar to this for Osama Bin Laden?
The trouble with being a friend of this extortionist is that all your sins are likely to be discovered if you turn them in, even if you do get the money.
I'd like to see the reward work, but am not holding my breath for it.
Support NYCountryLawyer RIAA vs People
isn't there a way to track the bank account that the payment is transferred to? how do those DDoS extortion rings collect the money that they demand from online businesses? i mean, if the criminals are asking that the money be wired to a specific account, couldn't the bank determine what bank that account belongs to (how else would they wire the money)? if the bank is located in a country that has an extradition treaty with the U.S. then they could just wire the money and catch the crooks when they try to access the account.
on a separate note, my father recently had some inexplicable PayPayl "instant transfers" show up on his checking account statement. however, he hasn't used PayPal or purchased anything from PayPal merchants in over 2-3 years. does anyone know if there is a common identify-theft or banking fraud technique involving the use of PayPal and checking accounts? or could this perhaps just be a computer error? i'm just wondering because if this is a sign of identity-theft then i need to have my dad cancel his checks and credit cards. and so far Washington Mutual has been very unhelpful regarding this situation.
I think some minimum security requirements are needed by law before people will start securing personal data like this. I think one thing preventing this is the wide deployments of Windows out there that could never meet strict security requirement. (That is just my bias talking) The web server www.express-scripts.com is reported by nmap as running freebsd, but it also shows a few ports in the 8000 range "closed" but otherwise detected. I have to wonder what that's about... nmap identifies one of them as an apple-iphoto service port of some kind. I am sure that can't be right.
IT has always been a wild-west environment where anyone can claim to be an expert. People set things up with no standards. It doesn't help that executives with no understanding of technologies or risks insist on things being done in spite of risks they are presented with. Even as there are problems all around with important data being lost, stolen, misplaced or exposed, people fail to look to the cause and prevention aspects of these problems. I cannot imagine this changing until people are threatened with massive fines or imprisonment. The fines that many businesses suffer in other areas are insufficient deterrent and become factored into business budget plans... the fines must be MASSIVE.
And if he's too smart for that? Might just piss him off and he might release the names regardless of payment.
If i was the guy, i bet i worked alone and would call their bluff and laugh at them.
---- Booth was a patriot ----
Instead of having an article entitled "Millions of identities stolen" with text like "massive compromise" we have a revenge story.
That's why corporate officers get paid the big bucks. They screw you and you feel good about it.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
::notices you apparently don't have any idea who William Gibson or Johnny Mnemonic are::
This is your official confirmation that you're not geekworthy enough to post here.
Please cancel your account.
hint
RTFA, they have upped their security since the letter was sent to them. and since no one knows how exactly the records were stolen, i think you're just talking out of your ass claiming it as "complete stupidity on their part."
at least the company is smart enough to realize that there's no such thing as perfect security (which apparently is more than can be said about you). however, having found themselves in a situation in which their customer records have been stolen, they are taking all precautionary measures the minimize the damage.
they were honest about the breach and came out publicly about it rather than trying to suppress the information. they contacted the FBI, who have launched an ongoing criminal investigation. the company has also hired data security & computer forensics experts to launch their own independent investigation into the matter. additionally, they have contracted a risk-consulting firm to provide free identity restoration services to affected customers in order to mitigate potential damages. they seem to have done everything in their power to redress the situation. what else were they supposed to do? give in to the extortionists' demands and try to sweep this under the rug?
The subsequent criminal investigation — capture and conviction are the conditions for the reward — is likely to reveal the truth anyway. Slipping somebody a gun, or bag of cocaine, or stolen (hey, at least, we aren't arguing about the applicability of the term here!) data does make the person a suspect, but not a convict — unless a policeman is doing it, for judges tend to trust those people...
The court will have to hear a credible explanation of how the accused got it, and the attention is likely to shift to the one claiming reward.
In Soviet Washington the swamp drains you.
The smart ones don't.
---- Booth was a patriot ----
I think that it is sad that people are such cowards that having their prescription histories made public would worry them.
It isn't about cowardice.
It's about not wanting your employer to maybe fire you because you have an AZT prescription or are on chemotherapy or are on medicine for ADD/ADHD and have a job working with million dollar custom surface-mount circuitry or are a neurosurgeon.
"Bah!" - Dogbert
> what else were they supposed to do? give in to the extortionists' demands and try to sweep this under the rug?
Well, that's the most popular option for financial firms, because the financial industry the largest confidence game ever created. I'm not saying this sarcastically -- the entire market is based on the trust and confidence between buyers and sellers; There is no truly "safe bet" in the industry. They went public because there was no way they could do damage control on several million accounts and not have their customers break the story. If it were a few hundred, or even a few thousand, they could spin the press around about what the actual numbers were and downplay the risk. Sure, there'd be lawsuits, and people talking, but only the company would know the full scale of the breach. In this case, they know it's too big and so from a risk analysis standpoint... It's better to take the hit to their reputation and consolidate the risk into a few controllable areas -- which is to say, not in a courtroom.
As far as "minimizing the damage"... That's a lot like sweeping the front entryway out after they've bombed the building flat. The damage is already done, at this point, they're just trying to control collateral damage.
#fuckbeta #iamslashdot #dicemustdie
You cant compare theft to drug use.
Smart people do commit crimes ( morals have nothing to do with intelligence ). The dumb ones get caught and serve time.
---- Booth was a patriot ----