I’m reading the feds have tracked down and seized some of the Bitcoin ransom paid by the Colonial Pipeline. I thought one of the touted attractions of Bitcoin was that that sort of thing was supposed to be impossible.
I’m reading the feds have tracked down and seized some of the Bitcoin ransom paid by the Colonial Pipeline. I thought one of the touted attractions of Bitcoin was that that sort of thing was supposed to be impossible.
The weak point of the system is in how you use it.
There have been several papers presented at the Blackhat Conference for the past few years that go into some detail about how to take advantage of novice extortionists' errors and send actual people with actual lead pipes to their physical location for further "decryption" efforts.
I'd say more, but... :-)
Here's a particularly helpful one if you want to get into this business:
https://elie.net/static/files/tracki...end-to-end.pdf
Bae, it may well be a very informative paper but my eyes glazed over so will leave bitcoin to those that know more hoping and praying that there are some who will monitor wisely.Originally Posted by bae
As Cicero said, “Gratitude is not only the greatest of virtues, but the parent of all the others.”
The basic high-level observation is: You can have an incredibly secure system, but human beings use systems, and they almost always screw up in ways that allow you to compromise the system.
(Classic example is the secure password scrawled on the Post It note under the keyboard)
The podcast Hunting Warhead which was absolutely fascinating to me centered on cyber crime of child porn which also of course encompassed real life abuse of children.
Law enforcement cyber experts sought out the ringleader. They found the webmaster in this way, despite his many layered levels of security to keep himself unidentified:
The software used by the child abuse webmaster had a minute and specific bug. When he did X, the software did Y to his website.
Law-enforcement cyber experts combed online support forums for this software, looking for people who asked for help with this particular bug. That is how they found him! He was using one of his standard email addresses, not a super secret one.
That collar was so cool.
And then, after they had him in jail, Law enforcement continued to operwte the website dor a while (an ethical issue for sure) and they had to perpetuate the safety system set up by the webmaster. He had told his subscribers that he would send a message once a month to assure them all he was out of the hands of law-enforcement. So, they had to study his way of digital speaking so that they could send out that monthly message to keep subscribers feeling safe so that they could snatch as many subscribers as they could get their hands on.
This was a ring of very very bad men. In order to get into the site they had to have produced their own child abuse content.They traded content for entry admission.
And the most common example that results in my employer having to pay claims, people who believe a phishing email is legitimate and click the link and then use their login credentials on a fake website that is actually the criminal's website.
Remember Silk Road?
I heard a podcast about the Silk Road guy. He might have been sentenced too harshly,according to this podcast anyway.
I hope this will serve as a deterrent to potential hackers, but I doubt it. One of my concerns is more that someone will shut down a critical supply and then just leave it down without any recourse for payment or some other motive besides money. I've read that hack programs are being sold by hackers and are readily available on the web.
Businesses should have a backup system in place to be able to restore everything. If they (or more accurately, their insurance company) pays the ransom it means they failed to adequately plan for the possibility of this happening.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote