Bots flooding GC

[cheerfulgreek]

Quote:

Originally Posted by John

One example is the Colonial Pipeline crypto ransomware attack in 2021. That cyber attack had an almost immediate significant impact, but the company was able to resolve fairly quickly. When that pipeline was shut down it impacted most of the US East Coast and several States declared States of Emergency due to it. The day after that cyber attack the company paid $5 million in ransom and luckily the hackers provided the fix after getting their ransom.

There have been many companies and different levels of government that have had to pay ransom to hackers to recover essential systems. I recall reading of a number of companies that went bankrupt after not being able to recover from cyber attacks..

I remember that. Ok, so I read this post a few days ago and I began to wonder since it’s like nearly impossible to catch these criminals who do this, why don’t they just keep doing it and requiring ransom money? It’s not like they can get caught. I remember when that happened and I wondered the same thing when it happened.

[John]

Quote:

Originally Posted by cheerfulgreek

I remember that. Ok, so I read this post a few days ago and I began to wonder since it’s like nearly impossible to catch these criminals who do this,

Around a year ago I watched an interview of a guy who was part of some FBI task force for investigating high profile / most wanted hackers, or something like that. He said that we will never catch them and the only ones who do get caught are usually because they made some sort of tiny mistake. There's a documentary about the silk road hacker who was basically caught this way, made a little mistake.

Quote:

Originally Posted by cheerfulgreek

why don’t they just keep doing it and requiring ransom money? It’s not like they can get caught. I remember when that happened and I wondered the same thing when it happened.

I read something about this a while back. Seems to be that if the hackers get a reputation for not honoring their ransoms then people / companies / governments will probably stop paying future ransoms.

[cheerfulgreek]

Quote:

Originally Posted by John

Around a year ago I watched an interview of a guy who was part of some FBI task force for investigating high profile / most wanted hackers, or something like that. He said that we will never catch them and the only ones who do get caught are usually because they made some sort of tiny mistake. There's a documentary about the silk road hacker who was basically caught this way, made a little mistake.

I’m going to look for that documentary. I’d like to really see that.

Quote:

Originally Posted by John

I read something about this a while back. Seems to be that if the hackers get a reputation for not honoring their ransoms then people / companies / governments will probably stop paying future ransoms.

I meant if they continue to do it the same way they’re doing it now. So, honor their ransoms by fixing what they screwed up, after they get ransom money. What I’m saying is why not keep doing what they’re doing repeatedly, keep honoring the ransom, then do it again. It seems like they just get the ransom and stop. Why not keep doing it since it’s very difficult to get caught.

[AGDee]

Quote:

Originally Posted by cheerfulgreek

I’m going to look for that documentary. I’d like to really see that.

I meant if they continue to do it the same way they’re doing it now. So, honor their ransoms by fixing what they screwed up, after they get ransom money. What I’m saying is why not keep doing what they’re doing repeatedly, keep honoring the ransom, then do it again. It seems like they just get the ransom and stop. Why not keep doing it since it’s very difficult to get caught.

They continue upping the ante. In the last briefing I attended with someone from the NSA, they were talking about how it has changed. Originally, ransomware just encrypted all the data and then they had you pay to get the decryption key. But people started doing better backups and could just restore their systems so they stopped doing it that way.

Then they began extortion scams- so they'd say to pay the ransom to get your data back AND to prevent them from exposing the data they had on the dark web.

It's difficult to get indicted/convicted because most of this is happening from outside the US. And a lot of it is nation state.

NOW they have gone a step further and offering protection services from other scammers if a company will pay them monthly- very much like organized crime rings operate. We'll give you your data back, we'll keep it off the dark web and we'll give you protection.

This is why I have job security...

[cheerfulgreek]

Quote:

Originally Posted by AGDee

They continue upping the ante. In the last briefing I attended with someone from the NSA, they were talking about how it has changed. Originally, ransomware just encrypted all the data and then they had you pay to get the decryption key. But people started doing better backups and could just restore their systems so they stopped doing it that way.

Then they began extortion scams- so they'd say to pay the ransom to get your data back AND to prevent them from exposing the data they had on the dark web.

It's difficult to get indicted/convicted because most of this is happening from outside the US. And a lot of it is nation state.

NOW they have gone a step further and offering protection services from other scammers if a company will pay them monthly- very much like organized crime rings operate. We'll give you your data back, we'll keep it off the dark web and we'll give you protection.

This is why I have job security...

So, then this happens all the time? Seems like it. That would make me so mad. They seem like they have an easy job and an easy way of stealing money, literally without getting caught. I wonder why they haven’t gone after any banks, unless they have and it just didn’t reach the news.

[AGDee]

Quote:

Originally Posted by cheerfulgreek

So, then this happens all the time? Seems like it. That would make me so mad. They seem like they have an easy job and an easy way of stealing money, literally without getting caught. I wonder why they haven’t gone after any banks, unless they have and it just didn’t reach the news.

They go after the banks in different ways. Distributed Denial of Service attacks were rampant in 2019 and 2020, trying to disrupt online banking. A banking security officer was saying that the chief information security offers from the banks/financial industry have a call every morning to discuss attacks they are seeing. They collaborate really well and warn each other so they can better defend it. It's constant though. Job security for people in cyber security- no shortage of work for us, truly.

[cheerfulgreek]

⬆️ John, this is really crazy. The video is long but still worth watching. I wonder if there’s ever a single hacker. I mean, someone that doesn’t work with a group of hackers. If I was a thief, I’d just do it once and live off of the first millions of dollars, and be done, lol.

But seriously, if I was that computer literate, I would just find a really high paying tech job. I don’t know why they just won’t do that, instead of risking their freedom. Being that intelligent, you could really negotiate what you want.

Have you ever seen the move “The Core”? There was a hacker in the movie who got caught, but then the government forced him to work for them or go to prison. It was kind of a cheesy movie, but some parts were ok.

Quote:

Originally Posted by AGDee

They go after the banks in different ways. Distributed Denial of Service attacks were rampant in 2019 and 2020, trying to disrupt online banking. A banking security officer was saying that the chief information security offers from the banks/financial industry have a call every morning to discuss attacks they are seeing. They collaborate really well and warn each other so they can better defend it. It's constant though. Job security for people in cyber security- no shortage of work for us, truly.

That’s gotta be really stressful, though.