Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel Security Scares Ransomware Script Kiddie Out of Business

Posted by samzenpus on from the get-out-while-the-gettings-good dept.

tdog17 writes: A criminal coder wrote a kit for ransomware that made it easy for others to encrypt victims' hard drives and then extort money from them in order to get the decryption keys. But when Intel Security wrote about the kit — called Tox — the author got cold feet. Now he or she is trying to sell the whole business. “Plan A was to stay quiet and hidden. It's been funny, I felt alive, more than ever, but I don't want to be a criminal. The situation is also getting too hot for me to handle, and (sorry to ruin your expectations) I'm not a team of hard core hackers. I’m just a teenager student,” the coder wrote on the Tox malware site.

23 of 117 comments (clear)

  1. Isnt' that beyond Script Kiddie? by damn_registrars · · Score: 5, Informative

    I thought Script Kiddies were defined as being people who ran scripts they downloaded off the internet that were already made for their purposes. The summary suggests this person wrote their own software. You could claim it is derived from other software, or perhaps even just a pipelined bundle of existing software, but it still sounds like it is a bit beyond just running a script.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:Isnt' that beyond Script Kiddie? by Aristos+Mazer · · Score: 5, Funny

      I think the term would be "script daddy", yes?

    2. Re:Isnt' that beyond Script Kiddie? by Anonymous Coward · · Score: 3, Insightful

      In the "oh look, wroted a program!" sense, arguable if you can establish that he's done original work. In the "knows what he's doing" sense, not so much. Just look at what he's doing: A me-too (aol! aol! aol!) enterprise with plenty of juvenile self-entitlement. "I don't want to be a criminal" is a line he crossed well before McAfee^Wintel security wrote about it. He didn't have to write it and when he did anyway he didn't have to release it and demand ransom for other people's data, much less offer what he wrote up for other people to buy and recoup their investment by extortion. It's terribly immature and he's running himself off someone else's script--he didn't think up this racket.

      I say "script kiddie" is a better term here than several others that usually get used. In fact you could argue he has been done a favour to be painted this way and not as a hardened "cyber" criminal. But moreover we are all better off for lack of abuse of the "hacker" term, which once was a merit badge for great technological achievement that was fundamentally creative and constructive, but these days usually gets abused, exactly by the security industry and like lackwits, for essentially destructive activities. Such as finding holes in other people's software, but also writing programs to hold other people's data for ransom.

      So the "script kiddie" term fits pretty well really. Especially since "coding" these days is supposed to be getting ever simpler, to the point that it's supposed to be teachable to middle school children. This could have been done by a child, and by what he says, it was.

    3. Re:Isnt' that beyond Script Kiddie? by Anonymous Coward · · Score: 5, Insightful

      Script Kiddie means (or used to mean) someone that runs scripts they cut and pasted from somewhere without an understanding of how they work or the underlying security mechanism they exploit. Someone else did ALL or most of the work for them, they are just using it for hacking, cracking, or for fun.

      Tech people like to overuse the term script kiddie. Why? No idea. Maybe they are afraid to admit that a teenager in high school is capable of writing his/her own code that can take down a lot of systems so they down play the impact or imply anyone could have did it but the only the "script kiddie" actually did.

  2. Saturday Night Specials by Anonymous Coward · · Score: 5, Insightful

    I used to build lots and lots of Saturday Night Specials and dozens of people died. It's been funny, I felt alive, more than ever, but I don't want to be a criminal. The situation is also getting too hot for me to "handle", as somebody from the police did notice all those dead people, and the way they were murdered. I'd like to sell my completely legitimate business plan now, ok?

    1. Re:Saturday Night Specials by AmiMoJo · · Score: 4, Interesting

      Incredibly a captured ISIS fighter was on the radio making pretty much that exact argument just yesterday (BBC Radio 4 PM programme IIRC).

      He claimed that he joined ISIS for the money as someone who planned and helped execute suicide bombings. He said he had been involved in 8 such bombings, but wasn't a murderer and would never kill anyone. It was the suicide bombers killing people. Therefore he shouldn't be punished too harshly. Seriously.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Saturday Night Specials by FireFury03 · · Score: 2

      Incredibly a captured ISIS fighter was on the radio making pretty much that exact argument just yesterday (BBC Radio 4 PM programme IIRC).

      He claimed that he joined ISIS for the money as someone who planned and helped execute suicide bombings. He said he had been involved in 8 such bombings, but wasn't a murderer and would never kill anyone. It was the suicide bombers killing people. Therefore he shouldn't be punished too harshly. Seriously.

      That argument seems to work fine for government/military officials

      --
      http://blog.nexusuk.org
  3. Oh I didnt want to be a criminal by Osgeld · · Score: 2

    I just engaged in criminal conspiracy

    what a twatwaffle

    1. Re:Oh I didnt want to be a criminal by Oligonicella · · Score: 3, Interesting

      There's certainly a moral and ethical difference in engaging in it purposefully as opposed to breaking some obscure laws.

    2. Re:Oh I didnt want to be a criminal by penguinoid · · Score: 2

      Well he didn't say he didn't want to be immoral and unethical. Just that he didn't want to be a criminal. Like an investment banker.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  4. Dear Pukeface by fnj · · Score: 5, Insightful

    You don't want to be a criminal? Well, you ARE one, dearie. Should have thought of that. I hope you spend your entire life behind bars. It will give you time to think about your fail.

    1. Re:Dear Pukeface by Anonymous Coward · · Score: 4, Insightful

      Writing ransomware is not "facilitating" it, it's writing it.

      Oh yes, please tell me about all the other "legitimate uses" this software has.

      "No, officer, I wasn't planning to burgle anyone, I always walk through this neighbourhood at 2am wearing a balaclava and carrying a crowbar and a large duffel bag."

    2. Re:Dear Pukeface by ChrisMaple · · Score: 2

      "Fail" is a verb. The word you need is "failure".

      --
      Contribute to civilization: ari.aynrand.org/donate
  5. Re:No Sympathy by Anonymous Coward · · Score: 4, Insightful

    And yet trying to sell the business, not abandon it.

  6. Re:No Sympathy by Billly+Gates · · Score: 3, Insightful

    Get rich quick scheme didn't work out and now that they've been caught, they don't want to face the consequences.

    Besides all the rants and angry cries about H1B1 Visas the market for any skilled coders IS HOT!

    If you have any coding experience you can make $65,000 tomorrow! Sometimes without a college degree. Add 5 years and more buzzwords to your resume and a degree and you can start pulling close to 6 figures easily if your skills are up to the challenge.

    So why take that risk? It is the argument that most drug dealers make less than minimum wage and live with their momma according to Freakeconomics. Seriously, it is the only hope to get ahead by taking that risk if that is all you know. But if you know how to break into systems, corporate security, coding, encryption, networking then you have the skills to get rich by working which is 0 risk.

    I do not understand why someone would do this? Those that write these scare encyption malware are Russians who make much less than a western programmer.

    --
    http://saveie6.com/
  7. Just partner with Sourceforge by penguinoid · · Score: 4, Funny

    Partner with sourceforge, make it part of the EULA. "Not responsible for any damage caused by using this software, including possible loss of data."

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    1. Re:Just partner with Sourceforge by mwvdlee · · Score: 4, Funny

      And what do you think SourceForge would do with the scripts?
      Hijack the most popular projects and bundle them with malware?
      Oh wait...

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  8. Re:writing a kit by EEPROMS · · Score: 2

    Knowingly assisting a person or persons in any way to commit a criminal act is illegal, his software has no legal function so he can't even plea his case when caught.

  9. Re:Uhhh really? by Anonymous Coward · · Score: 2, Informative

    It wouldn't be surprising. A first year student could write a program to open all the files on a filesystem, encrypt them and write them out. Nothing about what the software does is particularly hard or technically complex, it's just a "good" idea that he made into a distributable form for money.

  10. Not much sympathy by Anonymous Coward · · Score: 4, Insightful

    I almost had a bit of sympathy there. A kid realising he's done wrong, wanting to get out of the business. Except that if he actually realised he'd done wrong the appropriate course of action would just be to destroy the software, remove the online presence he uses to sell it and generally just grow the hell up. Instead he's just trying to sell it on so that other people can use it.

    The only trace of sympathy I have is if he's done this in America, which locks up a greater proportion of its citizens than pretty much any other nation on earth, often for excessively long periods, and with minimal realistic chance of rehabilitation.

  11. He'll release the keys... by Viol8 · · Score: 4, Insightful

    "If nobody's going to buy the database, in one month I'm releasing the keys, and victims will have their files automatically unlocked.â

    Oh , how heart warmingly magnanimous of you! I can see how contrite and sorry you are about what you've done... well apart from still wanting some money for the DB.

    Tell you what you sorry little turd, how about you release them anyway and give these poor people their data back? @rsehole.

  12. Re:No Sympathy by tnk1 · · Score: 2

    Many of the poor are some of the most honest people out there. Obviously, some have troubles that cause them to steal, but I'm just as afraid of some asshole in Washington stealing my money as I would be of a burglar. At least being burglarized has been a rare event in my life, I'm getting ripped off in taxes on every paycheck.

  13. Re:Not a troll! by ChrisMaple · · Score: 2

    If you think females can't be sophisticated thieves, you've never heard of divorce.

    --
    Contribute to civilization: ari.aynrand.org/donate