Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Fortune 500 Company Hires Ransomware Gang To Hack the Competition (vice.com) 65

It's no secret that ransomware hackers are in the business to make money. But a new business arrangement hitting the news today may surprise many. Vice's Motherboard, citing research and investigation (PDF) from security firm F-Secure, is reporting that a Fortune 500 company, the name of which hasn't been unveiled, hired a ransomware gang to hack its competitors. From the article: In an exchange with a security researcher pretending to be a victim, one ransomware agent claimed they were working for a Fortune 500 company. "We are hired by [a] corporation to cyber disrupt day-to-day business of their competition," the customer support agent of a ransomware known as Jigsaw said, according to a new report by security firm F-Secure. "The purpose was just to lock files to delay a corporation's production time to allow our clients to introduce a similar product into the market first."In a statement to Motherboard, Mikko Hypponen said, "If this indeed was a case where ransomware was used on purpose to disrupt a competitor's operation, it's the only case we know of." F-Secure adds that the consumer representative noted that "politicians, governments, husbands, wives -- people from all walks of life contract [them] to hack computers, cell phones."
This discussion has been archived. No new comments can be posted.

Fortune 500 Company Hires Ransomware Gang To Hack the Competition

Comments Filter:
  • by GrumpySteen ( 1250194 ) on Friday July 22, 2016 @01:05PM (#52561857)

    Someone working with a ransomware scammer might not be the most trustworthy source of information.

    • Either way, what about the story seems so implausible? Recent history should indicate that they could do much worse, like hire hitmen, or start wars. The sociopath is today's dominant "species" in this trade.

      • by Locke2005 ( 849178 ) on Friday July 22, 2016 @02:47PM (#52562537)
        Sociopaths make better CEOs. I believe that has been proven by research. Actually, Forbes thinks psychopaths make better CEOs: http://www.forbes.com/sites/je... [forbes.com] I would have just said sociopaths, myself.
      • Either way, what about the story seems so implausible?

        The part where someone working in customer support claimed to have knowledge about confidential deals that their management was making, for one.

        And the phrasing, too. "We've been hired for jobs by a very important company. We can't tell you which one, but trust us... you are impressed." Yeah, sure.

  • by sconeu ( 64226 ) on Friday July 22, 2016 @01:06PM (#52561865) Homepage Journal

    Assuming this is true...

    What should happen is that the "genius" who thought this up should be convicted and sent to prison for 30 years (or whatever they threatened Aaron Swartz with), for breaking the CFAA.

    What actually will happen is that $BIGCORP will get a trivial slap-on-the-wrist fine.

    • by geek ( 5680 ) on Friday July 22, 2016 @01:31PM (#52562023)

      Assuming this is true...

      What should happen is that the "genius" who thought this up should be convicted and sent to prison for 30 years (or whatever they threatened Aaron Swartz with), for breaking the CFAA.

      What actually will happen is that $BIGCORP will get a trivial slap-on-the-wrist fine.

      Punished for what? The article doesn't even describe a single attack, let alone a victim or perpetrator. This is like someone in high school saying "My cousins best friends brothers girlfriend heard that someone down the street smoked a joint 6 months ago"

  • If evidence exists that this event happened, the corporation that directed the attack needs to have all of their top executive imprisoned. The business world is fucked up enough as it is.
    • by JustAnotherOldGuy ( 4145623 ) on Friday July 22, 2016 @01:16PM (#52561945) Journal

      If evidence exists that this event happened, the corporation that directed the attack needs to have all of their top executive imprisoned.

      Either that, or they'll be punished with a huge bonus and limos stocked with underage hookers and blow.

      Guess which one is more likely to happen.

      • Hey, hey hey! Have some decency here! At least make sure the hookers are of age! (Don't you just _hate_ the inexperienced ones?)
        • At least make sure the hookers are of age! (Don't you just _hate_ the inexperienced ones?)

          Based on prior events my attorney has advised me to remain silent on the subject of underage hookers.

  • $SCARYRUMOR

    p.s. - Buy our security product.

  • by Zibodiz ( 2160038 ) on Friday July 22, 2016 @01:20PM (#52561961) Homepage
    There was a customer who walked into my shop to get his iPhone 4s fixed a month or so ago. While he was waiting, we made small talk, and he bragged about his pickup truck. He told me that it has a 'chip' that makes it produce 900HP. He used to have a 1000HP chip, but his grandfather saw him spinning his tires, so he told him to take it out.
    The truck was a rusty, 20-year-old Dodge, with a V8 that produces about 240HP from the factory.

    Did I smile and nod, occasionally saying 'Wow'? Of course. Did I believe him? Not in the least.

    This also reminds me of a story from one of the Gawker blogs, where a writer interviewed taxi drivers. The question she asked was: "Have you ever been propositioned by a passenger?" Most said "No", a couple said "Once", and one guy claimed that it happened every night, and that he had women falling all over him.
    The part of this story that makes it a little unbelievable is the range of customers he claimed to have. 'Husbands and wives'; do they have a website where we can go and order some hacking? If not, how are these average citizens finding them? 'Governments'? I should expect that most interested governments would instead invest into their own cyber-military, rather than hiring a 2-bit scammer. This just doesn't smell right.
    • by cdrudge ( 68377 )

      He told me that it has a 'chip' that makes it produce 900HP. He used to have a 1000HP chip, but his grandfather saw him spinning his tires, so he told him to take it out.
      The truck was a rusty, 20-year-old Dodge, with a V8 that produces about 240HP from the factory.

      The engine produces 240HP. He has 4 wheels (or more specifically, 4 sets of brakes) That's 960 brake horsepower! You just didn't understand how these technical specs are measured.

  • by Anonymous Coward

    This is what my tabletop gaming group's current Shadowrun job is. Granted, it's much more involved in the game because the objective is ensure that a live product demo fails spectacularly so that the corporation gets no new clients and goes to a competitor (our employer) instead, but the spirit of the run is essentially the same.
     
    Each day we inch closer to the fictional cyberpunk dystopia of yesterday.

  • by Nermal ( 7573 ) on Friday July 22, 2016 @01:49PM (#52562149) Homepage

    ...to "Super-sketchy slimeball makes vague, unsubstantiated claim of having been hired by a Fortune 500 company".

    Motherboard's headline at least acknowledges that all it's reporting is "ransomware gang claims that...", and the other report cited by the post says
    """
    F-Secure’s security advisor Sean Sullivan doesn’t think the story sounds plausible. “It’s probably a young gun, just trying to make a hundred bucks. 95% chance he’s spinning a yarn,”
    """

    I'm not saying it can't be true, but seriously, but why does /.'s headline upgrade crooks to people whose statements should be taken at face value?

    • Hey, it's not like super-sketchy slimeballs have any incentive to LIE for financial gain, right?
  • by nomad63 ( 686331 ) on Friday July 22, 2016 @02:11PM (#52562287)
    I take Hypponen as a credible security expert but I thing he went to the deep end to keep his name in the news. First off, if this fortune 500 company is not one of the new inductees to the list from mainland China or some equivalent 3rd world country, I do not believe, they would risk anything like that. Right behind that reasoning, I can see the cryptolocker pirates wanting to make a name for themselves and announce that they are doing this on behalf of this or that corporation. It sure gives them some clout but at the end, it is just their BS. Nothing more. Unless Hypponen has a smoking gun and wants to come out and let the world know this is actually the case, I will keep my skeptic hat on.
    • ... First off, if this fortune 500 company is not one of the new inductees to the list from mainland China or some equivalent 3rd world country, I do not believe, they would risk anything like that.

      To be fair there have been *many* major scandals by major companies that in hindsight seem spectacularly foolish. The most recent example is probably VW but FIFA getting charged under RICO, Olympic commission being so openly bribed that Rio & Sochi were deemed good sites for games, accounting scandals too numerous to name. Remember that Enron was at one time a fortune 500 company. I'd say that large organizations do dumb things all the time.

    • by dbIII ( 701233 )
      Probably complete bullshit this time but remember that Enron got up to all kinds of immoral shit not that long ago. Being a "fortune 500 company" in the US does not always mean acting in a way where it's going to be on that list in more than the short term.
  • You taking us for suckers, or what?

  • VP's CEO's need to due hard time and not hide under a system of contractors / sub contractors / independent contractors / staffing firms. Where they can pass the blame but control them them like they are there W2 pay roll.

    • On the contrary. Civil asset forfeiture, as evil as it is, would have a much greater effect. In fact, this is exactly the kind of thing it is supposed to be used for. Tattooing "I am a thief" on their foreheads would be a nice supplementary measure to make sure that nobody forgets. Let's save the prison space for the button men and truly violent people who present a real danger to the public.

      • On the contrary. Civil asset forfeiture, as evil as it is, would have a much greater effect. In fact, this is exactly the kind of thing it is supposed to be used for. Tattooing "I am a thief" on their foreheads would be a nice supplementary measure to make sure that nobody forgets. Let's save the prison space for the button men and truly violent people who present a real danger to the public.

        Most cops seem to think civil asset forfeiture is for taking small change from out of town folks driving through in their cars!

        • by Agripa ( 139780 )

          Most cops seem to think civil asset forfeiture is for taking small change from out of town folks driving through in their cars!

          And most politicians. And most judges. And most lawyers. And both parties.

          The only people who do not support civil assets forfeiture do not matter.

  • Isn't that illegal? Meaning, wouldn't getting caught hiring people to commit computer trespass have penalties far greater than what could be gained by successfully hacking your competitors?
  • For decades security and IT consultants have been asked by their clients about possibilities of attacking the competition. I am just surprised it took so long before they found a bunch of crackers to actually do it at a level where it became news. Regards, Khawar Nehal http://atrc.net.pk/ [atrc.net.pk]

You know you've landed gear-up when it takes full power to taxi.

Working...