Slashdot Mirror
Hackers Find Bugs, Extort Ransom, Call It a Public Service (threatpost.com)
Reader msm1267 shares a report on ThreatPost about an ongoing security trend: Crooks breaking into enterprise networks are holding data they steal for ransom under the guise they are doing the company a favor by exposing a flaw. The criminal act is described as bug poaching and is becoming a growing new threat to businesses vulnerable to attacks.
Hackers are extorting companies for as much as $30,000 in exchange for details on how hackers broke into their network and stole data. Researchers say once the intruders steal the data, there's no explicit threat that they will break in again or release data if companies don't pay. Instead, attackers release a simple statement demanding payment in exchange for details on how to fix the vulnerability
Typical bug poaching incidents start with criminals breaking into a network and stealing as much sensitive data as they can. Next, they post the data to a third-party cloud storage service. Lastly, the attackers email the company links to the data as proof the information was stolen and ask for a wire transfer of money in exchange for how the data was stolen.
During the attack, victims are not threatened with the public release of their data, instead attackers simply send a message that reads: "Please rest assured that the data is safe with me. It was extracted for proof only. Honestly, I do this job for a living, not for fun."
Hackers are extorting companies for as much as $30,000 in exchange for details on how hackers broke into their network and stole data. Researchers say once the intruders steal the data, there's no explicit threat that they will break in again or release data if companies don't pay. Instead, attackers release a simple statement demanding payment in exchange for details on how to fix the vulnerability
Typical bug poaching incidents start with criminals breaking into a network and stealing as much sensitive data as they can. Next, they post the data to a third-party cloud storage service. Lastly, the attackers email the company links to the data as proof the information was stolen and ask for a wire transfer of money in exchange for how the data was stolen.
During the attack, victims are not threatened with the public release of their data, instead attackers simply send a message that reads: "Please rest assured that the data is safe with me. It was extracted for proof only. Honestly, I do this job for a living, not for fun."
Bug bounty participants decide they want a raise.
It's also anti communist. The people that report bugs for free are being thrown into jail. Damn hippies!
“He’s not deformed, he’s just drunk!”
Like seriously anyone can possibly be expected to believe that?
If the person is willing to break the law and hack into somebody else's computer without permission, why the heck would they have any compunction about lying about not releasing the data? They've already showed willingness to ignore what the law requires them to do (or not do), so there is no reason to believe that they would not release the data.
File under 'M' for 'Manic ranting'
sounds like these blackhats just got their MBAs. ;)
Anons need not reply. Questions end with a question mark.
After decades of "We'll fix that as soon as possible (maybe 20 years)" or "How dare you threaten/embarrass us, you evil criminals!" as a response to disclosure of security vulnerabilities, I can sympathize with this course of action. After all, they're at about as much risk of legal action either way, in fact probably less this way.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways