Paying Hacker Extortion 412
An anonymous reader writes "A friend works as CIO at a medium sized publicly traded company. The company was contacted by a hacking group and told to pay $100,000 to prevent their company from being hacked/attacked. They actually paid the extortion (told authorities after). The authorities said the company could be charged with supporting Terrorists. Seeing that most publicly known hacks are costing companies this size nearly a million dollars, Is this supporting terrorists or supporting stockholders?"
everyone loses (Score:3)
Is this supporting terrorists or supporting stockholders?
1) Neither, it could be a 12 year old with hotmail sending threatening emails.
2) Both, it is another corporate goon protecting his stock options.
3) None, they were paid out in Botcoins.
Re:everyone loses (Score:5, Interesting)
Re:everyone loses (Score:5, Funny)
Or, more likely, they paid the 100,000 with the hopes that the hacker would be caught, then paid IBM 1 million dollars to secure their network.
IBM then pays an external contractor 200,000 to do it. They pay the hacker $100,000 to do it. Hacker walks away with 200k and a springboard to legitimate work.
Re:everyone loses (Score:4, Funny)
Re: (Score:2)
That sounds a bit like how a friend of mine has to donate an equal amount to the EFF for every game he buys from Blizzard.
Re: (Score:2)
Bah,
We see this in Eve online all the time.
- Dan.
Re: (Score:2)
Re:everyone loses (Score:5, Informative)
Re: (Score:2, Interesting)
Criminal, yes. The crimes in question have absolutely nothing to do with terrorism, though.
Doesn't that depend on other facts that we don't have?
Comment removed (Score:5, Insightful)
Re:everyone loses (Score:4, Informative)
If demands aren't made (generally in advance), then it's not terrorism, even if they blow something up. If they don't blow things up (or at least really conspire to do so), then it's not terrorism... it's just attempted extortion. Terrorism is generally something that threatens many people, not just a hostage... though I supposed you could call taking a political leader hostage to be a form of terrorism.
But the point is: broadly speaking, terrorism is a conspiracy to make political gains by means of threatening people en masse. It is pretty hard, though possible, for a single individual to qualify as an actual terrorist.
People seem to forget that in the 60s and early 70s, the US had a great many liberal political terrorists within its borders, who committed more bombings in the early 70s, in Washington DC alone, than all the "right-wing" terrorists since, combined.
Re: (Score:3)
Re: (Score:3)
Re: (Score:3, Insightful)
I'm sorry, but that's a retarded response. Even if I think the reaction to 9/11 was overblown, hacking a company is a completely different scale than wide-spread physical destruction and loss of life. To try and equate them means you're not an individual who should ever be included in a rational discussion about proportional response or morality. If I had to guess, I'd say you're probably one of the "nuke 'em all and fuck sorting them out" types, right?
Re:everyone loses (Score:5, Insightful)
Re: (Score:2, Insightful)
the united states invading iraq and afghanistan would also be considered terrorism in some circles
Re:everyone loses (Score:5, Insightful)
Quit diluting the meaning of the word "terror." Terror is fearing you might be blown into bloody pieces while standing in line at a sandwich shop. Terror is fearing your elementary school kid will die a fiery death in an exploding school bus. Terror is wondering whether the building you work in is going to be on the receiving end of a trans-continental jet liner moving 500 MPH. These things are terrifying.
We already have words for the sort of thing the article is talking about: extortion, blackmail, etc.
Re: (Score:2)
Re: (Score:2)
yes. also, he's an extortionist or a rapist-murderer.
Re: (Score:2)
yes. also, he's an extortionist or a rapist-murderer.
It's a "hacker" so what is he raping with, his e-peen?
Re:everyone loses (Score:5, Funny)
I guess he needs to go sit over there on the Group W bench
And now (Score:4, Insightful)
Re:And now (Score:5, Insightful)
They will get asked for money on a yearly basis.
Re: (Score:2)
I'm curious to see what that looks like in their bookkeeping accounts.
Whenever Verizon overcharges me, I put it under "Expenses | Prostitution", since whining at their customer support feels like phone sex. Probably could be just as illegal as supporting terrorists!
To this day, Verizon is the only company that I still pay bills to using paper checks... I refuse to enroll into any auto billing scheme that lets them dip into my accounts of their own free will.
Re: (Score:2)
Re:And now (Score:5, Interesting)
Re:And now (Score:4, Insightful)
> They will get asked for money on a yearly basis.
Which is why you never pay Danegeld. It never gets rid of the Dane.
Trillions for defense, not a penny in tribute is the only long term strategy for dealing with aggression. And these threats are aggression and weakness in the face of aggression always invites fresh demands. We should be tracking down these 'hacking' groups with the same vigor we go after other organized crime and terrorism. If that means dropping a Hellfire missile down on a few houses in countries where the local authorities won't take this stuff serious I'm not going to lose sleep over it. Can we bomb the spammer/phishers too while we are at it?
Re: (Score:2)
My thought exactly. Not only that, there's nothing to stop this "hacker" from raising his demands until he bankrupts the company. Or, if he's clever and the company's stock is openly traded, invest the money they pay him in their stock until he owns it.
Re: (Score:2)
Re: (Score:3)
Make a proper example once and the problem never recurs.
Funny thing: that specific brand of vengeance-fueled morality never seems to work for long. Russians did that to Chechnya, and all they did was breed a whole new generation of pissed-off Caucasian Muslims swearing blood feud against the Rodina for all eternity. Didn't stop the mujahadeen from scalping the Russians (with our help) for a decade in Afghanistan either.
The only way your proposal DOES work is if you engage in active, wholesale genocide and you do not stop until the entire offending culture is w
Re: (Score:2)
Re:And now (Score:5, Insightful)
He already said he wants to pay trillions. He preemptively out-crazied you by more than 6 orders of magnitude.
Re: (Score:3)
Clearly it would be better for potential victims as a whole if you don't pay. But clearly it would be better for you to pay.
Re:And now (Score:5, Funny)
> Trillions for defense, not a penny in tribute is the only
> long term strategy for dealing with aggression.
Sounds great, but there are always details.
In the case of the US, we wanted to get rid of a Bear, so we spent billions raising bees. The Bear grudgingly backed off, so we started trying to drive the bees away, and they attacked us. So now we spend trillions on cruise missiles to get the bees, we strip-search each other for signs of honey, and we look over our shoulder for aggressive Pandas.
Maybe there's another way.
Re:And now (Score:4, Informative)
I would modify that strategy if necessary. Example:
In the dark ages, the German King Henry I did have a problem with Hungarians who were in the habit of to looting and pillaging southern Germany. He paid them tribute for a few years, while building castles and city walls and raising militias. When he felt he was ready, he unilaterally reduced the yearly tribute to one (1) dead dog.
http://en.wikipedia.org/wiki/Riade [wikipedia.org]
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
Why not hire the hackers for 100K (Score:2)
hackers are paid
companies security hole is plugged
Short answer (Score:2, Insightful)
Is this supporting terrorists or supporting stockholders?
One in the same...
Re: (Score:3)
Or, are you making the lazy assumption that shareholders are bad people and labeling them terrorists? I got news for you: do you have a 401K or a pension? You're likely a shareholder of something. That probably doesn't make you a bad person, and certainly not a terrorist.
Re:Short answer (Score:4, Insightful)
do you have a 401K or a pension? You're likely a shareholder of something.
Nope. Basically, I'm fucked come retirement...assuming I don't kill myself with cirrhosis first. I've made peace with that though.
Re:One AND the same... (Score:4, Funny)
Re: (Score:2)
How exactly did they pay them? (Score:3)
Re:How exactly did they pay them? (Score:4, Funny)
Re: (Score:3, Insightful)
The same way that people have been transferring money illegally for decades: wire transfers to Caribbean banks with strict privacy laws and lax banking regulations.
Re: (Score:3)
Some way that trackable, I suppose? Wired transfer with fractional pennies as a watermark?
Re:How exactly did they pay them? (Score:5, Insightful)
Here's a thought (Score:5, Insightful)
Re: (Score:3)
How about hiring someone who actually has some idea about security. THAT is supporting stockholders.
Short term, he might have a crapload of work to do to implement best practices, clear out infected machines, train users on password complexity all while being attacked and losing business due to unavailability. Shareholders would not appreciate that, nor would any sensible security consultant promise they can dig you out of an attack as it is occurring.
It might be best to pay them for short term protection and using that breathing space to harden up so the next time they ask, you are prepared.
Re: (Score:2)
Insurance isn't something you buy the day before you need it. Either you have good practices, or you don't. If their practices were so weak that they would even consider this, then they deserve what they get, and the management needs replacing.
Re:Here's a thought (Score:5, Insightful)
They did! (Score:3)
They bought something for that $100k, namely the hacker document his hack. I'm sure she even did a contentious job for a coked up Belorussian teenager who's english does not extend beyond text speak.
Yeah, sure $100k sounds steep for simply documenting a handful of security bugs, but they were the bugs that might've bitten you for $1M. And surely you saved way more by building your site using cheap ass Visual Basic developers, right?
Anyways, anyone who views hacking as terrorism is a moron, especially the
Re: (Score:2)
Can't it support both? (Score:5, Funny)
It seem's like it is making everyone happy these days.
News agencies are creaming their panties.
Companies get to sweep shit under the rug while their competitors crash and burn. (I bet you Microsoft was heart broken to hear the PSN got hacked.)
Hackers make some money and who knows might eventually get laid.
The Government gets to restrict our freedom's and buy bigger shiny new toys and has even more reasons to keep printing money until it costs more to print it than its worth.
I get the pleasure of changing my password every twenty minutes to something like LKJGDSKLeiojgtqpltjwe4jt]90iejaasdfHippofucknuggets
Everyone WINS!
That's amazing. (Score:2)
Re: (Score:2)
Yea sorry about that. Next time I'll hire someone to proof read my post for me. Maybe one of my old english teachers that recently got laid off.
That'll teech that knowitz all bitch about stressin me on my grammer lessins.
Re: (Score:2)
Re: (Score:2)
Supporting Criminals (Score:4, Insightful)
Re: (Score:2, Insightful)
And threatening them with a crime is always a good way to encourage them to talk to the cops next time, because I'm sure the cops would have put that right at the top of their todo list before the money had traded hands.
Right...
Solution: Fire middle management. (Score:3, Insightful)
With the savings your friend could hire some real security experts to keep their systems online.
As for the terrorism bit, it makes me wonder when we can sue members of Reagan Administration for arming the proto-Taliban, Saddam Hussein, and Iran. Clinton and Obama owe us a few bucks for Pakistan too, when they inevitably start arming terrorist in the near future. What's good for the goose is good for the gander, right?
Re: (Score:2)
Doesn't gander mean a group of geese?
Re: (Score:3)
A gander is a male goose. A group of geese is called a gaggle if they're on the ground, a skein if they're in the air, or the group can be referred to as a flock regardless of context.
Re: (Score:2)
Doesn't gander mean a group of geese?
No, a gander is a male goose.
--
JimFive
Re: (Score:2)
Nah, a gander is a male goose. A group of geese is a gaggle.
Re: (Score:2)
Nope. Male goose (of which the female is also, for some reason, called "goose.")
WOOOSH MOTHERFUCKERS. (Score:2)
Damn that was easy.
Re: (Score:2)
Neither (Score:4, Insightful)
Is this supporting terrorists or supporting stockholders?
"Supporting terrorists" is a stupid description, and the idiot who said that needs a kick in the teeth. However, also stupid was paying these jackasses. Take every precaution you can, get the authorities involved as a backup, maybe even alert your shareholders to the threat, but do not pay extortionist script kiddies.
Re: (Score:3)
In an unrelated question... (Score:3, Funny)
What's the name of your friend's company?
Dubious? (Score:5, Interesting)
If some kind of attribution can't be found, I call BS.
Re: (Score:2)
Re: (Score:2)
They actually paid the extortion (told authorities after). The authorities said the company could be charged with supporting Terrorists.
So "the authorities" can prove that the criminals are in fact terrorists, and that the money made it to them, right? But they can't catch them, is that also right?
Yeah, it sounds a little fishy.
Re: (Score:2)
That was my reaction too. Sounds like an urban legend.
The thing that sounded most bogus to me was the $100,000 ransom. Unless it was in cash, it'd be traceable. If it *were* cash, taking that much cash out would trigger a money laundering investigation.
Re: (Score:3)
Very dubious. Slashdot often posts BS stories simply because doing so engages their readers. It is not a requirement of the editors that a story has integrity; only that a certain percentage of the stories have integrity. That's enough to keep people coming back with hope that their time isn't going to be wasted.
This time, we're losers. And, yes, to me, it is mildly humiliating to be a participant in this.
Slashdot. Not journalism. Infotainment. Hi BS quotient.
(And that's why I read and respond less and l
Danegeld by Rudyard Kipling (Score:5, Informative)
Dane-geld
(A.D. 980-1016)
IT IS always a temptation to an armed and agile nation,
To call upon a neighbour and to say:—
“We invaded you last night—we are quite prepared to fight,
Unless you pay us cash to go away.”
And that is called asking for Dane-geld,
And the people who ask it explain
That you’ve only to pay ’em the Dane-geld
And then you’ll get rid of the Dane!
It is always a temptation to a rich and lazy nation,
To puff and look important and to say:—
“Though we know we should defeat you, we have not the time to meet you.
We will therefore pay you cash to go away.”
And that is called paying the Dane-geld;
But we’ve proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane.
It is wrong to put temptation in the path of any nation,
For fear they should succumb and go astray,
So when you are requested to pay up or be molested,
You will find it better policy to says:—
“We never pay any one Dane-geld,
No matter how trifling the cost,
For the end of that game is oppression and shame,
And the nation that plays it is lost!”
Re: (Score:2)
Re:Danegeld by Rudyard Kipling (Score:5, Informative)
Supporting terrorists or stockholders? Both. (Score:2)
Re: (Score:2)
No it's not. Willingly and knowingly giving them money is; something this would not qualify as sine they where coerced
Re: (Score:2)
Yes, and the sad fact is if this was all real, and they hadn't paid, and the hacker(s) did do what they claimed, the company could now have a whole mess of broken regulations and such depending on what type of information they were dealing in and what was taken (which may have cost more than $100,000 in fines, lost customers, damage control and repair costs, etc)...
And I still think this story is bogus, or someone is such an incompetent fool and shouldn't be working for that company.
Sound Like a Money Laundering Scheme? (Score:5, Interesting)
So you say a mid-sized company paid a $100,000 extortion? That money with 'poof', right? Untraceable, right? Call me the suspicious sort but are we sure this is extortion and not embezzlement?
Cheers,
Matt
The police are probably right (Score:2)
I think you will find it is illegal to pay extortion money to criminal groups in most parts of the world. Your friend's employer will also now be on a sucker's list of people they will try to get increasingly larger amounts of money out of, so no, this is not supporting the stockholders.
Serious Answer: Yes (Score:2)
Don't Pay Ransoms (Score:2)
Re: (Score:2)
OTOH, you could not may and have your business grind to a halt, people could die. It's always about risk.
As much as the media likes to use it as a plot device, it's not simply don't pay and it won't happen.
And the exchange of money isn't the end game.
Re: (Score:2)
So... if some guy that is clearly bigger and stronger than you are holds up a knife to you and says "gimme your wallet", do you still say no?
Just sayin'... if something's important enough to you, you will pay whatever you can afford to keep it safe.
Extortion is not terrorism (Score:2)
Otherwise a bank teller that gives money to a robber that's pointing a gun at them is supporting terrorism.
Re: (Score:2)
No. one is a threat of immediate death, the other is having IT shut down outside access.
Both have their costs, but they are not the same.
Not likely (Score:2)
"The authorities said the company could be charged with supporting Terrorists."
Not likely, and it would ever fly in court unless it could be moved it was intentional set up to launder money.
It's authorities being pissy they weren't called first.
Stupidity. (Score:3)
a) i wonder which idio put his/her signature under such a transfer. I presume there was no life in danger, which is the only reason one could think about supporting criminals. Fuck these guys (the crackers and the company). For 100000 dollar i can invest enough time to hack (presumably by social engineering and really simple attacks) into at least 10 companies; and i am not a professional, neither white-hat, nor black-hat.
b) From the formal viewpoint, this looks like corruption. You pay people without any proof that they did something for you for a lot of money. Who keeps some employee from sharing his secrets and getting something back from some friends? Would be too easy!
c) If they have been hacked already and just pay the blackmail money not to see their customer details in the newspaper, then it would be better to be completely honest about it.
d) I dont think it should be considered to be "supporting terrorists", but it could be funding well organized crime.
What's the difference? (Score:2)
How Ironic (Score:2)
The cops, who are supposed to protect the victims here, decide to threaten them instead. Who's the terrorist now?
Bad Policy (Score:2)
You have no guarantee other than the word of a criminal and extortionist that they won't do it anyhow, or jack you for more cash next month.
Terrorism?!?! Not unless your system runs life support systems or something. It's amazing what some bozos call terrorism... No, I take that back, they tend to call everything they don't like terrorism, even unpopular ice cream flavors.
Protecting the stockholders. Only in the
Both? (Score:2)
Why do you think that supporting stockholders isn't also supporting terrorists? I mean, why not pay em $200,000 for them to take down a rival? It's a free market, man.
Re: (Score:3, Insightful)
That's the whole point of "terrorism". You can label anything terrorism, and all of a sudden none of the old rules apply.
Re: (Score:2)
Yes I'm kind of amazed that they paid. How on earth would you expense that?