Computer security experts fear second wave of ‘biggest
ransomware attack ever’
The malicious “ransomware” attacks that seized computers
worldwide Friday and held those systems hostage are likely to worsen this week
as millions of people return to work — forcing them to discover the hard way
whether they have been affected, security analysts said.
… By drawing
attention to the shortcomings of legacy computer systems, WannaCry could
indirectly drive more demand to companies such as Google and Microsoft that
have built massive cloud computing businesses, said Stewart Baker, a former
general counsel at the National Security Agency.
“This may well force a lot of legacy systems finally into
the cloud, is my guess,” Baker said, “which is probably where they’re going in
the long run — but they’ll get there faster [now] because the idea of
continuing to run XP is not credible.”
(Related).
Hackers who infected 200,000 machines have only made $50,000
worth of bitcoin
… James Smith, CEO
of Elliptic, a London-based start-up that helps law enforcement agencies track
criminals using the cryptocurrency, said his company had uncovered that since
Friday, around $50,000 worth of bitcoin payments have been made to the hackers
by 7 a.m. ET on Monday.
… After 72 hours
from when the attack started on Friday, the hackers said the fine would double
to $600, and after seven days, the files would be permanently locked.
… At the same
time, researchers have seen no evidence that paying the cybercriminals
necessarily unlocks your files.
"Unlike its competitors in the ransomware market, WannaCry doesn't seem to have a way of associating a
payment to the person making it. Most ransomware … generate a unique ID and
bitcoin wallet for each victim and thus know who to send the decryption keys
to. WannaCry, on the other hand, only
asks you to make a payment, and then … wait."
Small extortion is not worth fighting? How about high volume small extortion? (See the articles above)
Tatiana Siegel reports that there have been “at least a
half-dozen extortion attempts against Hollywood firms over the past six months
alone, say sources in the cybersecurity industry.” And things are so bad, it seems, that:
The frequency of the attacks has
overwhelmed the FBI’s Los Angeles field office, which has been unable to
properly investigate all of them. The
FBI’s surprising advice, according to industry sources: Pay the ransom. After all, the hackers aren’t asking much more
than a Cannes hotel tab. In all
of the Hollywood extortion cases, the hackers demanded less than $80,000. A law enforcement source says that in
California, losses would need to exceed $50,000 for the U.S. Attorney’s office
to prosecute, thus keeping the FBI from pursuing most of these cases.
But an FBI spokesperson in the
L.A. office denied that the agency is telling companies to cough up the
bitcoins in cases of ransomware.
Read more on Hollywood
Reporter. Then look at how the Daily
Mail leads with the claim that the FBI is advising studios to pay the
ransom demands.
But this is all interesting, especially since
TheDarkOverlord went pretty quiet again in terms of dumping Hollywood-related
material. Could they be in ongoing
negotiations? Have they been paid off? Hmmm….
They cross pollinate.
Technical tools are the same in both worlds.
The Thinning Line Between Commercial and Government
Surveillance
… As part of the Princeton Web Transparency
and Accountability Project, we’ve been studying who tracks you online and
how they do it. Here’s why we think the
fight over browsing histories is vital to civil liberties and to a functioning
democracy.
… Web tracking
today is breathtaking in its scope and sophistication. There are hundreds of entities in the business
of following you from site to site, and popular websites embed about 50
trackers on average that enable such tracking. We’ve also found that just about
every new feature that’s introduced in web browsers gets abused in creative
ways to “fingerprint” your computer or mobile device. Even identical looking devices tend to behave
in subtly different ways, such as by supporting different sets of fonts. It’s as if each device has its own
personality. This means that even if you
clear your cookies or log out of a website, your device fingerprint can still
give away who you are.
Worse, the distinction between commercial tracking and
government surveillance is thin and getting thinner. […] The Snowden leaks revealed that the NSA
piggybacks on advertising cookies, and in a technical paper we showed that this can be
devastatingly effective. Hacks and data
breaches of commercial systems have also become a major part of the strategies
of nation-state actors.
A peek at the value of information about companies rather
than people.
Moody's to pay $3.3 billion to buy Dutch business
intelligence company Bureau van Dijk
… "Bureau van
Dijk is a high growth information aggregator and distributor [Similar to a data broker? Bob]
Grace Hopper was telling us that COBOL was obsolete back
in the 1970’s. Governments don’t listen
to experts.
COBOL Is Everywhere. Who Will Maintain It?
Think COBOL is dead? About 95 percent of ATM swipes use
COBOL code, Reuters reported
in April, and the 58-year-old language even powers 80 percent of in-person transactions.
In fact, Reuters calculates that there’s
still 220 billion lines of COBOL code currently being used in
production today, and that every day, COBOL systems handle $3 trillion in
commerce.
For my niece and nephew.
Big spenders on iTunes.
Programming in a defense against the Terminator!
No comments:
Post a Comment