Slashdot Mirror
Paying Hacker Extortion
An anonymous reader writes "A friend works as CIO at a medium sized publicly traded company. The company was contacted by a hacking group and told to pay $100,000 to prevent their company from being hacked/attacked. They actually paid the extortion (told authorities after). The authorities said the company could be charged with supporting Terrorists. Seeing that most publicly known hacks are costing companies this size nearly a million dollars, Is this supporting terrorists or supporting stockholders?"
They'll just be hacked anyway.
How about hiring someone who actually has some idea about security. THAT is supporting stockholders.
Seven puppies were harmed during the making of this post.
Western Union, obviously. The head of Fisrt National Trust Reserve Bank of Nigera, LLC, kindly offered to handle the whole matter in strictest confidence for them.
It seem's like it is making everyone happy these days.
News agencies are creaming their panties.
Companies get to sweep shit under the rug while their competitors crash and burn. (I bet you Microsoft was heart broken to hear the PSN got hacked.)
Hackers make some money and who knows might eventually get laid.
The Government gets to restrict our freedom's and buy bigger shiny new toys and has even more reasons to keep printing money until it costs more to print it than its worth.
I get the pleasure of changing my password every twenty minutes to something like LKJGDSKLeiojgtqpltjwe4jt]90iejaasdfHippofucknuggets
Everyone WINS!
Paying ransom is almost always a bad idea for the community as a whole. The authorities are simply trying to make the company do the right thing instead of the selfish thing. The biggest problem with security is that the incentives are rarely aligned with the responsibilities; this is a classic case of re-aligning those by pushing the societal cost back to the people who are in a position to make the decision.
Criminal, yes. The crimes in question have absolutely nothing to do with terrorism, though.
The same way that people have been transferring money illegally for decades: wire transfers to Caribbean banks with strict privacy laws and lax banking regulations.
Is this supporting terrorists or supporting stockholders?
"Supporting terrorists" is a stupid description, and the idiot who said that needs a kick in the teeth. However, also stupid was paying these jackasses. Take every precaution you can, get the authorities involved as a backup, maybe even alert your shareholders to the threat, but do not pay extortionist script kiddies.
"You cannot simultaneously prevent and prepare for war." -- Albert Einstein
For $100k they could have got an internal security person for a year, or possibly a decent external consultant. Either way, hacking in would be made a bit harder in the future (but not impossible). As it is, they've set themselves up as a future victim for the next round of extortion.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
What's the name of your friend's company?
Am I alone in finding this story incredibly sketchy? Either the company, the poster, and the police are stunning idiots, or it's just bullshit created to inflame a bunch of slashdotters.
If some kind of attribution can't be found, I call BS.
Three Squirrels
Dane-geld
(A.D. 980-1016)
IT IS always a temptation to an armed and agile nation,
To call upon a neighbour and to say:—
“We invaded you last night—we are quite prepared to fight,
Unless you pay us cash to go away.”
And that is called asking for Dane-geld,
And the people who ask it explain
That you’ve only to pay ’em the Dane-geld
And then you’ll get rid of the Dane!
It is always a temptation to a rich and lazy nation,
To puff and look important and to say:—
“Though we know we should defeat you, we have not the time to meet you.
We will therefore pay you cash to go away.”
And that is called paying the Dane-geld;
But we’ve proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane.
It is wrong to put temptation in the path of any nation,
For fear they should succumb and go astray,
So when you are requested to pay up or be molested,
You will find it better policy to says:—
“We never pay any one Dane-geld,
No matter how trifling the cost,
For the end of that game is oppression and shame,
And the nation that plays it is lost!”
"Are they made from real Girl Scouts?" ~Wednesday Addams
Or, more likely, they paid the 100,000 with the hopes that the hacker would be caught, then paid IBM 1 million dollars to secure their network.
IBM then pays an external contractor 200,000 to do it. They pay the hacker $100,000 to do it. Hacker walks away with 200k and a springboard to legitimate work.
The ______ Agenda
So you say a mid-sized company paid a $100,000 extortion? That money with 'poof', right? Untraceable, right? Call me the suspicious sort but are we sure this is extortion and not embezzlement?
Cheers,
Matt
Depressingly, your reading of the affair is possibly correct.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
This is utter BS. I bet it was the execs themselves who stole the money, probably long before they were "contacted by hackers". If it looks and smells like The Big Lebowski...
Quite frankly, I could care less. After all, it's not rocket surgery.
No, it doesn't. Even IF the money would go to Al Qaida itself, the act would have nothing to do with terrorism. It is blackmail.
Do not confuse one crime with another. Copyright infringement is not theft. Blackmail is not terrorism.
Don't fight for your country, if your country does not fight for you.
Agreed. People need to stop throwing this word around willy-nilly, and get it through their heads that terrorism is a specific kind of crime: do what we demand (politically) or we'll start blowing people and things up.
If demands aren't made (generally in advance), then it's not terrorism, even if they blow something up. If they don't blow things up (or at least really conspire to do so), then it's not terrorism... it's just attempted extortion. Terrorism is generally something that threatens many people, not just a hostage... though I supposed you could call taking a political leader hostage to be a form of terrorism.
But the point is: broadly speaking, terrorism is a conspiracy to make political gains by means of threatening people en masse. It is pretty hard, though possible, for a single individual to qualify as an actual terrorist.
People seem to forget that in the 60s and early 70s, the US had a great many liberal political terrorists within its borders, who committed more bombings in the early 70s, in Washington DC alone, than all the "right-wing" terrorists since, combined.
Quit diluting the meaning of the word "terror." Terror is fearing you might be blown into bloody pieces while standing in line at a sandwich shop. Terror is fearing your elementary school kid will die a fiery death in an exploding school bus. Terror is wondering whether the building you work in is going to be on the receiving end of a trans-continental jet liner moving 500 MPH. These things are terrifying.
We already have words for the sort of thing the article is talking about: extortion, blackmail, etc.
I guess he needs to go sit over there on the Group W bench
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
do you have a 401K or a pension? You're likely a shareholder of something.
Nope. Basically, I'm fucked come retirement...assuming I don't kill myself with cirrhosis first. I've made peace with that though.
I'm sorry, but that's a retarded response. Even if I think the reaction to 9/11 was overblown, hacking a company is a completely different scale than wide-spread physical destruction and loss of life. To try and equate them means you're not an individual who should ever be included in a rational discussion about proportional response or morality. If I had to guess, I'd say you're probably one of the "nuke 'em all and fuck sorting them out" types, right?
Canada: The US's more awesome sibling.
I think the response of the victims of the 9/11 attacks would likely have been terror. I've been working in a place where the IT department was dealing with a cracking attack, and nobody was screaming or throwing themselves from windows.
Quidnam Latine loqui modo coepi?