Slashdot Mirror

← Back to Stories (view on slashdot.org)

Paying Hacker Extortion

Posted by CmdrTaco on from the bad-place-to-be dept.

An anonymous reader writes "A friend works as CIO at a medium sized publicly traded company. The company was contacted by a hacking group and told to pay $100,000 to prevent their company from being hacked/attacked. They actually paid the extortion (told authorities after). The authorities said the company could be charged with supporting Terrorists. Seeing that most publicly known hacks are costing companies this size nearly a million dollars, Is this supporting terrorists or supporting stockholders?"

23 of 412 comments (clear)

  1. And now by The+MAZZTer · · Score: 3, Insightful

    They'll just be hacked anyway.

    1. Re:And now by odin84gk · · Score: 4, Insightful

      They will get asked for money on a yearly basis.

    2. Re:And now by jmorris42 · · Score: 3, Insightful

      > They will get asked for money on a yearly basis.

      Which is why you never pay Danegeld. It never gets rid of the Dane.

      Trillions for defense, not a penny in tribute is the only long term strategy for dealing with aggression. And these threats are aggression and weakness in the face of aggression always invites fresh demands. We should be tracking down these 'hacking' groups with the same vigor we go after other organized crime and terrorism. If that means dropping a Hellfire missile down on a few houses in countries where the local authorities won't take this stuff serious I'm not going to lose sleep over it. Can we bomb the spammer/phishers too while we are at it?

      --
      Democrat delenda est
    3. Re:And now by MaxBooger · · Score: 3, Insightful

      Oh... I didn't realize this was an article on norton/mccafee antivirus.

    4. Re:And now by dcollins · · Score: 4, Insightful

      He already said he wants to pay trillions. He preemptively out-crazied you by more than 6 orders of magnitude.

      --
      We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
    5. Re:And now by jmorris42 · · Score: 1, Insightful

      > Sounds great, until the news media hears about how somebody said "Fuck YOU!"
      > to those who demand random in e.g. Somalia (Real pirates there) and people get
      > actually killed because of it.

      Better to spend ten times the demand on mercenaries and attempt a rescue than pay ransom. Better still if to develop a reputation for disproportional reprisals.

      I.e. Do something like what the (possibly apocryphal story) Russians did in the M.E. back in the 80's when some of the fools wearing a diaper on their empty noggin didn't understand the difference between the US and the Soviet Union and kidnapped one of their people. Russian intelligence hunted down a relative of the leader of the terror group and mailed the terrorists the guy's nuts in a jar. Hostage was promptly released and the lesson was learned. Russians were not to be held for ransom.

      In the case of Somalia, if America still had a spine we would just tell the pirates the US Navy would be hunting them at sea on general principle but that if they were ever stupid enough to touch an American flag vessel or anyone bearing US papers that we would hurt them so bad they would be screaming "war crime" in Geneva. As in sink everything that looked like it COULD float, knock down any and every building that might possibly be related to the pirates, etc. on a first offense. If the warlords still didn't take the hint and police themselves go in on the ground and kill anyone armed on a second offense. Make a proper example once and the problem never recurs.

      --
      Democrat delenda est
  2. Short answer by Volante3192 · · Score: 2, Insightful

    Is this supporting terrorists or supporting stockholders?

    One in the same...

    1. Re:Short answer by Volante3192 · · Score: 3, Insightful

      do you have a 401K or a pension? You're likely a shareholder of something.

      Nope. Basically, I'm fucked come retirement...assuming I don't kill myself with cirrhosis first. I've made peace with that though.

  3. Here's a thought by Dunbal · · Score: 4, Insightful

    How about hiring someone who actually has some idea about security. THAT is supporting stockholders.

    --
    Seven puppies were harmed during the making of this post.
    1. Re:Here's a thought by interkin3tic · · Score: 4, Insightful

      It does seem like $100k spent on security would have longer benefits than one payoff. For that matter, maybe a $100k insurance policy would be a better investment.

  4. Supporting Criminals by Jaime2 · · Score: 3, Insightful

    Paying ransom is almost always a bad idea for the community as a whole. The authorities are simply trying to make the company do the right thing instead of the selfish thing. The biggest problem with security is that the incentives are rarely aligned with the responsibilities; this is a classic case of re-aligning those by pushing the societal cost back to the people who are in a position to make the decision.

    1. Re:Supporting Criminals by Anonymous Coward · · Score: 2, Insightful

      The authorities are simply trying to make the company do the right thing instead of the selfish thing.

      And threatening them with a crime is always a good way to encourage them to talk to the cops next time, because I'm sure the cops would have put that right at the top of their todo list before the money had traded hands.

      Right...

  5. Solution: Fire middle management. by copponex · · Score: 2, Insightful

    With the savings your friend could hire some real security experts to keep their systems online.

    As for the terrorism bit, it makes me wonder when we can sue members of Reagan Administration for arming the proto-Taliban, Saddam Hussein, and Iran. Clinton and Obama owe us a few bucks for Pakistan too, when they inevitably start arming terrorist in the near future. What's good for the goose is good for the gander, right?

  6. Re:How exactly did they pay them? by Anonymous Coward · · Score: 3, Insightful

    The same way that people have been transferring money illegally for decades: wire transfers to Caribbean banks with strict privacy laws and lax banking regulations.

  7. Neither by Rary · · Score: 3, Insightful

    Is this supporting terrorists or supporting stockholders?

    "Supporting terrorists" is a stupid description, and the idiot who said that needs a kick in the teeth. However, also stupid was paying these jackasses. Take every precaution you can, get the authorities involved as a backup, maybe even alert your shareholders to the threat, but do not pay extortionist script kiddies.

    --

    "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

  8. Re:How exactly did they pay them? by melikamp · · Score: 5, Insightful

    This is utter BS. I bet it was the execs themselves who stole the money, probably long before they were "contacted by hackers". If it looks and smells like The Big Lebowski...

  9. Re:False dichotomy by Hatta · · Score: 2, Insightful

    That's the whole point of "terrorism". You can label anything terrorism, and all of a sudden none of the old rules apply.

    --
    Give me Classic Slashdot or give me death!
  10. Re:everyone loses by Anonymous Coward · · Score: 2, Insightful

    the united states invading iraq and afghanistan would also be considered terrorism in some circles

  11. Re:everyone loses by houghi · · Score: 4, Insightful

    No, it doesn't. Even IF the money would go to Al Qaida itself, the act would have nothing to do with terrorism. It is blackmail.

    Do not confuse one crime with another. Copyright infringement is not theft. Blackmail is not terrorism.

    --
    Don't fight for your country, if your country does not fight for you.
  12. Re:everyone loses by Noelnonymous+Coward · · Score: 1, Insightful

    By paying taxes, you're supporting somebody's terrorists. Cue flames.

  13. Re:everyone loses by pclminion · · Score: 5, Insightful

    Quit diluting the meaning of the word "terror." Terror is fearing you might be blown into bloody pieces while standing in line at a sandwich shop. Terror is fearing your elementary school kid will die a fiery death in an exploding school bus. Terror is wondering whether the building you work in is going to be on the receiving end of a trans-continental jet liner moving 500 MPH. These things are terrifying.

    We already have words for the sort of thing the article is talking about: extortion, blackmail, etc.

  14. Re:everyone loses by twidarkling · · Score: 3, Insightful

    I'm sorry, but that's a retarded response. Even if I think the reaction to 9/11 was overblown, hacking a company is a completely different scale than wide-spread physical destruction and loss of life. To try and equate them means you're not an individual who should ever be included in a rational discussion about proportional response or morality. If I had to guess, I'd say you're probably one of the "nuke 'em all and fuck sorting them out" types, right?

    --
    Canada: The US's more awesome sibling.
  15. Re:everyone loses by digitig · · Score: 4, Insightful

    I think the response of the victims of the 9/11 attacks would likely have been terror. I've been working in a place where the IT department was dealing with a cracking attack, and nobody was screaming or throwing themselves from windows.

    --
    Quidnam Latine loqui modo coepi?