I’m reading the feds have tracked down and seized some of the Bitcoin ransom paid by the Colonial Pipeline. I thought one of the touted attractions of Bitcoin was that that sort of thing was supposed to be impossible.

The weak point of the system is in how you use it.

There have been several papers presented at the Blackhat Conference for the past few years that go into some detail about how to take advantage of novice extortionists' errors and send actual people with actual lead pipes to their physical location for further "decryption" efforts.

I'd say more, but... :-)

Here's a particularly helpful one if you want to get into this business:

https://elie.net/static/files/tracking-ransomware-end-to-end/tracking-ransomware-end-to-end.pdf

The weak point of the system is in how you use it.

There have been several papers presented at the Blackhat Conference for the past few years that go into some detail about how to take advantage of novice extortionists' errors and send actual people with actual lead pipes to their physical location for further "decryption" efforts.

I'd say more, but... :-)

Here's a particularly helpful one if you want to get into this business:

https://elie.net/static/files/tracking-ransomware-end-to-end/tracking-ransomware-end-to-end.pdf

Bae, it may well be a very informative paper but my eyes glazed over so will leave bitcoin to those that know more hoping and praying that there are some who will monitor wisely.

Bae, it may well be a very informative paper but my eyes glazed over so will leave bitcoin to those that know more hoping and praying that there are some who will monitor wisely.

The basic high-level observation is: You can have an incredibly secure system, but human beings use systems, and they almost always screw up in ways that allow you to compromise the system.

(Classic example is the secure password scrawled on the Post It note under the keyboard)

The basic high-level observation is: You can have an incredibly secure system, but human beings use systems, and they almost always screw up in ways that allow you to compromise the system.

(Classic example is the secure password scrawled on the Post It note under the keyboard)

The podcast Hunting Warhead which was absolutely fascinating to me centered on cyber crime of child porn which also of course encompassed real life abuse of children.


Law enforcement cyber experts sought out the ringleader. They found the webmaster in this way, despite his many layered levels of security to keep himself unidentified:

The software used by the child abuse webmaster had a minute and specific bug. When he did X, the software did Y to his website.

Law-enforcement cyber experts combed online support forums for this software, looking for people who asked for help with this particular bug. That is how they found him! He was using one of his standard email addresses, not a super secret one.

That collar was so cool.

And then, after they had him in jail, Law enforcement continued to operwte the website dor a while (an ethical issue for sure) and they had to perpetuate the safety system set up by the webmaster. He had told his subscribers that he would send a message once a month to assure them all he was out of the hands of law-enforcement. So, they had to study his way of digital speaking so that they could send out that monthly message to keep subscribers feeling safe so that they could snatch as many subscribers as they could get their hands on.

This was a ring of very very bad men. In order to get into the site they had to have produced their own child abuse content.They traded content for entry admission.

The basic high-level observation is: You can have an incredibly secure system, but human beings use systems, and they almost always screw up in ways that allow you to compromise the system.

(Classic example is the secure password scrawled on the Post It note under the keyboard)

And the most common example that results in my employer having to pay claims, people who believe a phishing email is legitimate and click the link and then use their login credentials on a fake website that is actually the criminal's website.

Remember Silk Road?

Remember Silk Road?I heard a podcast about the Silk Road guy. He might have been sentenced too harshly,according to this podcast anyway.

I hope this will serve as a deterrent to potential hackers, but I doubt it. One of my concerns is more that someone will shut down a critical supply and then just leave it down without any recourse for payment or some other motive besides money. I've read that hack programs are being sold by hackers and are readily available on the web.

Businesses should have a backup system in place to be able to restore everything. If they (or more accurately, their insurance company) pays the ransom it means they failed to adequately plan for the possibility of this happening.

The basic high-level observation is: You can have an incredibly secure system, but human beings use systems, and they almost always screw up in ways that allow you to compromise the system.

(Classic example is the secure password scrawled on the Post It note under the keyboard)

So you can have elaborate technical security in place, but if you allow a Private Manning into the room you might as well not have bothered?

So you can have elaborate technical security in place, but if you allow a Private Manning into the room you might as well not have bothered?

Yes. Hubster is in cybersecurity. He laughed when this hit the news.

Yes. Hubster is in cybersecurity. He laughed when this hit the news.

Back in my military years, they had something called the “human reliability program” that treated people as components of the systems they operated. It involved a lot of intrusive questions about your finances, sex life, family, mental health, etc.

IL, child porn is sickening and I am glad that they were able to take down some of the perpetrators.

So you can have elaborate technical security in place, but if you allow a Private Manning into the room you might as well not have bothered?

Yes, if you tell someone your secrets or give them access to them don’t be surprised if they become public knowledge. I’ve seen at least one cyber insurance claim where the claimant was a noted personality who went to the ER appearing intoxicated and someone working in the hospital shared that fact with people who had no reason to be told.

Yes, if you tell someone your secrets or give them access to them don’t be surprised if they become public knowledge. I’ve seen at least one cyber insurance claim where the claimant was a noted personality who went to the ER appearing intoxicated and someone working in the hospital shared that fact with people who had no reason to be told.

wait, what? What did the noted personality lose that insurance covered?

Looks like someone at the IRS had been leaking tax return info to Pro Publica lately.

wait, what? What did the noted personality lose that insurance covered?

Their privacy. HIPAA is a federal law that says that medical information can’t be shared unless the patient agrees to it being shared . The hospital had a duty to protect the info that someone was in their care.