Monday, May 15, 2017
That’s not fear, just preparation.
Computer security experts fear second wave of ‘biggest ransomware attack ever’
The malicious “ransomware” attacks that seized computers worldwide Friday and held those systems hostage are likely to worsen this week as millions of people return to work — forcing them to discover the hard way whether they have been affected, security analysts said.
… By drawing attention to the shortcomings of legacy computer systems, WannaCry could indirectly drive more demand to companies such as Google and Microsoft that have built massive cloud computing businesses, said Stewart Baker, a former general counsel at the National Security Agency.
“This may well force a lot of legacy systems finally into the cloud, is my guess,” Baker said, “which is probably where they’re going in the long run — but they’ll get there faster [now] because the idea of continuing to run XP is not credible.”
Hackers who infected 200,000 machines have only made $50,000 worth of bitcoin
… James Smith, CEO of Elliptic, a London-based start-up that helps law enforcement agencies track criminals using the cryptocurrency, said his company had uncovered that since Friday, around $50,000 worth of bitcoin payments have been made to the hackers by 7 a.m. ET on Monday.
… After 72 hours from when the attack started on Friday, the hackers said the fine would double to $600, and after seven days, the files would be permanently locked.
… At the same time, researchers have seen no evidence that paying the cybercriminals necessarily unlocks your files.
"Unlike its competitors in the ransomware market, WannaCry doesn't seem to have a way of associating a payment to the person making it. Most ransomware … generate a unique ID and bitcoin wallet for each victim and thus know who to send the decryption keys to. WannaCry, on the other hand, only asks you to make a payment, and then … wait."
Small extortion is not worth fighting? How about high volume small extortion? (See the articles above)
Tatiana Siegel reports that there have been “at least a half-dozen extortion attempts against Hollywood firms over the past six months alone, say sources in the cybersecurity industry.” And things are so bad, it seems, that:
The frequency of the attacks has overwhelmed the FBI’s Los Angeles field office, which has been unable to properly investigate all of them. The FBI’s surprising advice, according to industry sources: Pay the ransom. After all, the hackers aren’t asking much more than a Cannes hotel tab. In all of the Hollywood extortion cases, the hackers demanded less than $80,000. A law enforcement source says that in California, losses would need to exceed $50,000 for the U.S. Attorney’s office to prosecute, thus keeping the FBI from pursuing most of these cases.
But an FBI spokesperson in the L.A. office denied that the agency is telling companies to cough up the bitcoins in cases of ransomware.
Read more on Hollywood Reporter. Then look at how the Daily Mail leads with the claim that the FBI is advising studios to pay the ransom demands.
But this is all interesting, especially since TheDarkOverlord went pretty quiet again in terms of dumping Hollywood-related material. Could they be in ongoing negotiations? Have they been paid off? Hmmm….
They cross pollinate. Technical tools are the same in both worlds.
The Thinning Line Between Commercial and Government Surveillance
… As part of the Princeton Web Transparency and Accountability Project, we’ve been studying who tracks you online and how they do it. Here’s why we think the fight over browsing histories is vital to civil liberties and to a functioning democracy.
… Web tracking today is breathtaking in its scope and sophistication. There are hundreds of entities in the business of following you from site to site, and popular websites embed about 50 trackers on average that enable such tracking. We’ve also found that just about every new feature that’s introduced in web browsers gets abused in creative ways to “fingerprint” your computer or mobile device. Even identical looking devices tend to behave in subtly different ways, such as by supporting different sets of fonts. It’s as if each device has its own personality. This means that even if you clear your cookies or log out of a website, your device fingerprint can still give away who you are.
Worse, the distinction between commercial tracking and government surveillance is thin and getting thinner. […] The Snowden leaks revealed that the NSA piggybacks on advertising cookies, and in a technical paper we showed that this can be devastatingly effective. Hacks and data breaches of commercial systems have also become a major part of the strategies of nation-state actors.
A peek at the value of information about companies rather than people.
Moody's to pay $3.3 billion to buy Dutch business intelligence company Bureau van Dijk
… "Bureau van Dijk is a high growth information aggregator and distributor [Similar to a data broker? Bob]
Grace Hopper was telling us that COBOL was obsolete back in the 1970’s. Governments don’t listen to experts.
COBOL Is Everywhere. Who Will Maintain It?
Think COBOL is dead? About 95 percent of ATM swipes use COBOL code, Reuters reported in April, and the 58-year-old language even powers 80 percent of in-person transactions. In fact, Reuters calculates that there’s still 220 billion lines of COBOL code currently being used in production today, and that every day, COBOL systems handle $3 trillion in commerce.
For my niece and nephew. Big spenders on iTunes.
Programming in a defense against the Terminator!