We’ll never have perfect security. Secrets can always leak. Almost everyone’s one hack away from being blackmailable.
We can minimise the opportunity for blackmail in two ways: better security, and a more liberty-focused society — for example, you can’t be blackmailed for doing weed if nobody cares you did weed. (Same applies to many non-drug laws, but all this will vary from jurisdiction to jurisdiction).
3rd way: only store what is absolutely necessary, purge when not required anymore. (And if you are trying to sell me some webmail or photo gallery service, why do you need my shoe size anyway?)
Use SD cards. You can fit probably a petabyte of information in a typical storage cabinet. If the environment is controlled, I don't think you'd run into problems with data corruption or being unable to read data. And to hedge against that, you could just duplicate the data onto multiple SD cards, and store them in different areas - sort of like AWS AZ's.
This idea already applied in some companies in regards to limiting legal risk. I use to work for a backup company and one customer was a very large software company. This customer wanted to custom version retention that basically deleted previous version of files 2 weeks after it was deleted on the user's computer. Most other customers wanted the exact opposite. But you can provide documents to courts if they were removed under the standard policy.
Of course, once a lawsuit was underway, many backups were placed under legal hold and no longer pruned old versions.
You won't tell us your mother's maiden name or the street you grew up on any more, so now we're trying new questions. Have no fear, it's all for your security.
Yup. I think this is a case where “all of the above” is the best answer.
Store less data, store it better, and make loss of control of that data less important.
Although we can’t store nothing, and we can’t store anything perfectly, and we can’t make everything legal, we should try to maximise each of these objectives.
I dunno - I was at an organization that got booted off of the Internet for various reasons - and while it was a pain for some tasks, it didn't have quite the impact I expected it would have.
So yes, we have WAY too much shit on the Internet that has zero reason to be there - and we have way to many connections and content flowing between orgs without any kind of assessment as to what the content is, it's authenticity, etc.
The vast majority of ransomware incidents happen via spearfishing over email - pretty nuts that literally one erroneous click by a user can take down an entire network.
requires being at a single location in the world
single copy
in secured storage
in a secured building
filled with people who can shoot you legally
Online documents:
Can be done from anywhere in the world
infinite copies can be made easily
1 hack can un-secure the data
threatening to shoot a computer doesn't have the same impact
Its really a computer hacker versus traditional spycraft. Spycraft isn't impossible, but does require assistance and tech from nation-states, and is prone to a set of really bad negative eventualities if caught.
Right, but that's not the whole story. Some documents can be permanently offline and still do their job. The list of police informants might be an example. The officer controlling the information writes it down, but he also remembers it. No one else looks at it except, in rare situations like a police corruption investigation, that officer's commander, or an internal investigation unit.
Other documents, will need a whole process of retrieving information, copying it, adding info, sending it, checking it, sharing it with other people. Police officers' own personnel records might be an example. If you only store these on paper, informal access procedures might be developed. For example, the civilian secretary is used to certain people requesting copies of 6 or 7 files at a time, so they don't always keep track of what was asked for. Unofficial copies get made and kept in someone's desk drawer so they don't have to spend a morning going over to the main HQ. And so on.
Now you have the worst of both worlds - lax security, but also no hope of the traceability and fine-grained access control of an electronic system.
I feel like the added complexity of digital storage just means there are more ways to attack and there's more that can go wrong in general. Physical documents can only exist in one place at any given time and are probably much easier to protect.
How many people do you think have attempted to break into your home by trying to pick your door lock? If you set up an SSH instance on the public internet, how many times do you think your login will be tried?
Bingo.
Which is why the second factor in 2 factor authentication is "something you have".
It's also why SMS text messages do not meet the criteria for 2 factor authentication - it's trivial to social engineer phone companies into moving a phone number to a new phone - presumably one you would not have. Authentication apps are a PITA to move to new devices because having a way to move your keys around without some reliance on meatspace defeats the whole goal of "something you have".
> it's trivial to social engineer phone companies into moving a phone number to a new phone
Obligatory "if you're in the US, then yes - elsewhere, it depends". In the UK, obtaining a PAC code is a bit more complicated/non-trivial for the attacker. I'd consider it fairly safe to use SMS 2FA over here.
My login specifically? Probably a lot less than "admin" "root" or similar common things script kiddies run. But if it is on port 22, the dictionary will probably be attempted.
This seems tangential unless you have per-user permissions on your front door lock (which people may if they use NFC, etc) but even then, likely have a regular physical key as backup, which for all intents and purposes would be akin to the root account.
Cybercrime gangs are more interested in hitting another target that trying to get the most out of any particular one. If some data is offline, the gang can't know that exists. This assumes that they are simply scanning for vulnerable networks and seeing what they can find.
A threat actor intent on extracting the informant list of the DC police will have a completely different approach to the hack, probably involving advanced surveillance, infiltration, bribery, etc.
I'm pretty sure it's harder. We've known how to do physical security for a very long time, and humans are heck of a lot smarter at recognising strangers/intruders in a secure location where only familiar faces are permitted.
Outside of movies, how often do you hear about a police evidence building being raided and key evidence going missing as a result? I don't think it's ever happened in the U.S. at least. Meanwhile, the largest companies there are get hacked all the time with a new article each week seemingly.
The NRA was able to get this as the standard for gun sales records in the US. By law such records are on paper in an unsearchable format. I hadn't heard of any other type of info being treated in this way though.
There is a distinction between what is legal to do and what is socially acceptable to do. While black mail over illegal actions are the most common example used, a society that is very liberty focused in the law but who has strict standards on what is considered acceptable behavior can still lead to blackmail.
A society would need to be both liberty focused and tolerance focused to reduce the potential for someone to be blackmailed, but this runs counter to the notion that the fallout of blackmailable material being released is a just occurrence.
Blackmail is a side effect of punishment, legal, social, or otherwise, and the only cases where I think the majority will agree to reduce punishment to reduce blackmail is cases where people already believe the punishment isn't deserved.
You seem to think blackmail is the issue here. The real problem is that drug gang informants risk being murdered.
Since drugs are a black market with lots of money on the line and no legal protections for the business, things get violent rather quickly. Gangs can also use the violence of the police against their rivals, in a deep twist of irony.
There is a long and nuanced discussion to be had that blackmail can actually serve a useful societal function and laws against it make things worse, but I don't want to get into that here.
Excellent point, I hadn’t even considered that. Anyone with write-access to an important system can corrupt it with whatever they like — invoices for nonexistent services or goods, falsely incriminating people for things they didn’t do, changing medical records in dangerous or profitable ways depending on motive… yeesh.
This is already happening. For example people steal medical records and use the data to get medical care for themselves and others, pretending to be the identity they have stolen. So false data gets into the medical record and can not by law be removed! So people are getting misdiagnosed due to false information in their medical records. It is very difficult to detect tampering in data, what is the objective truth you can compare to? In many circumstances the data itself is considered the basis of truth. So data tampering could already be widespread and the only time it is detected is when it causes someone problems and then it is likely considered a "computer error".
If you read the article, the data includes information on informants (which is probably a ton). I'd imagine there is Grand Jury information in there as well.
Plus, there is probably personal information (payroll). Not that it matters how much anyone makes (that's probably public record already), but ACH banking details and things like that.
Some of these things we can't really reduce, need to be kept online for significant time frames, and can't be made public.
That being said, I agree that we should plan on having less perfect security (and then design for that sort of world).
I actually think "defense can win", unlike with real war where thanks to nuclear weapons "offense wins".
C and Unix is absolute dark age crap. We know how to prove programs correct. We just don't want to pay for it. There still be social engineering, etc., but that is much harder to pull off.
I also think better programming techniques will eventually make programming more productive, as there is less to mentally worry about, and good libraries with lemmas exist. That means rather than being a expensive defense -- expensive offense escalation, it's a 1-time capital investment for defense vs permanent increased operational costs for offense.
This is a quite unpopular opinion with security people, I'll grant, but people are also not used to thinking about technology as demand-constrained not supply constrained in general, which is exactly what's going on here and in so many other ares.
A better understanding of economics and development not CS I think will be the thing that corrects this.
>There still be social engineering, etc., but that is much harder to pull off.
I think about this exactly the opposite from you, and this is why. Humans are the weakest link in most technical systems. The only secure device is one that's turned off and buried a mile deep, because if someone has to use it, they can always leak/allow someone else to use it by proxy.
Defense can win any single encounter, it cannot win every single encounter.
Perfect defense does not exist. Especially once we get down to people. Even in your scenario, those "good libraries with lemmas" are now the point of attack. Find a weakness in that and you find a weakness in thousands of systems.
And that does happen all the time. Commonly used libraries are found to have privilege escalation vulnerabilities. They get patched, then something else, somewhere else, is discovered. And sometimes the patches themselves open up other vulnerabilities.
As for social engineering being more difficult to pull off, that's not true at all. We're all looking to streamline the process, we're tired, we're sleepy, we're bored, we just don't care, we hate our boss, we just want to watch the world burn. Those are all ways we fail even the most airtight security measures.
Tell me the provably correct patch for willingly handing over my credentials to a malicious party.
We actually don’t know how to prove programs correct in any kind of large scale way. And in addition, and this is from my professor who specializes in formal methods for his entire career, proving a program correct does not prove a program right.
Not all things have this kind of solution though. Having an affair is always going to be something people prefer to keep secret. Changing society to accept freedoms is a long way away. For that matter, all sexual proclivities/orientation is something that even if all legislation says it is okay, society will still have its own opinions.
You used to not be able to get a security clearance if you were a homosexual because you could be blackmailed. That's stricture has been dropped and that specific thing is no longer an issue mostly.
Is it still an issue if you are married/carrying on like a heterosexual family and your homosexuality is a secret? That was the important part of your clearance eligibility before: that someone can get leverage on you.
Likely the homosexuality has changed because society's view towards it has changed.
>> It can be an issue if the person's family is unaware of it and they are actively engaging in extramartial relations.
That would be situational. It sounds like the old rule was that just being gay was a show stopper. What you describe has little to do with sexuality and everything to do with extramarital activity which could offer leverage to straight people too.
More broadly, it sounds to me like the general principle is "are you engaging in some activity which is a shameful secret for you, and which could thus be used to gain leverage over you by threatening to expose that secret?"
Part of the problem is that it sounds like there were baked-in "hard-checks" about things that were automatically assumed to be shameful secrets that could be used for leverage.
It comes down to never lie about anything when you are being interviewed for a clearance. They will always find out. If you hide things, then you could be blackmailed as you where unwilling to admit to them in the interview. Yes, there where hard checks based on social normals at the time. Being gay used to be an issue, as wrong as that was. But at the same time, drugs, being a drunk, hitting your wife (prone to violence) etc. were also items on the list. Anything that could cause public embarrassment that you could sell out to avoid.
>and a more liberty-focused society — for example, you can’t be blackmailed for doing weed
This just covers the current crop of behaviors we can imagine (e.g. your weed example). But, as long as you have a society, you'll have/need some laws, behavioral norms and a social contract. Violation of any of these would be blackmailable.
Showing that you were willing to pay but the price was too high seems like the worst way to handle ransomware. Comparatively, the hackers are running an excellent PR campaign, providing the police enough time to protect those at risk and providing early leaks of data likely to upset the public.
I can't see how they're still protected really. If you're in organized crime in Washington DC then surely you get in contact with the ransomware gang and offer to pay for any relevant names.
Even if they pay the ransom those people are not 'safe'.
Paying for stolen data to be... returned? It's a real "you wouldn't download a car moment".
The only valid approach in my eyes is: Have backups, never pay, assume this data to be public now and act accordingly.
You could even argue that we should destroy the viability of the market for these scams by harshly fining anyone who pays ransom. Right now individual interests go against collective ones. (unlikely to happen because it looks like victim blaming if you squint... but something needs to be done at a system level)
I'm not sure that's a good solution, likely you'd just see people paying ransoms but keeping it quiet and not making these attacks public. Arguably, even more harmful.
They have been provided ample warning that their cover is about to be blown. Leaking the hacked data immediately or privately conducting negotiations would put those at risk in far more danger.
This is just conjecture and blue sky thinking, but privacy and security look like they might travel hand in hand. The issue is we have valuable data - and it is not protected as well as it should be.
Somewhere, somehow I think there is a data storage approach that encrypts data (lets say a pandas dataframe) and the authorisation is your ownership of relevant key. All data changes start to become eventually consistent, sharded and passed around as single atomic units....
>> the authorisation is your ownership of relevant key.
I tend to agree and go a step further. We need to eliminate "anonymity by default" and switch to communications where it is a default to verify the identity of whom you're connected to. No more spam emails, or at least you'd have a verifiable origin. Better still would be verification increase sender costs. Proof of work would be useful, and people on our whitelist could be given less work or no work. Just an idea.
If we have good identity verification, places like reddit or HN could strip that off to maintain anonymity but criminals attacking would have to offer up some identity.
Once strong identity handing is possible your encrypted data access become much simpler too.
I don't think this will happen because too many parties from ISPs to governments don't want it. Strong identity also makes end to end encryption easy.
> If we have good identity verification, places like reddit or HN could strip that off to maintain anonymity
Lol, why would reddit strip off identity? They might not display it to preserve the illusion, but they would store it forever. The same with every other surveillance-loving company, who right now are constrained to making their best guess and harassing you with CAPTCHAs etc. And the results of such leaks with real world identities would be that much worse.
Strong identity on a cross-jurisdictional network is a fallacy that would only bring increased corporate and government control over our lives. The problem is a lack of software security plus lackadaisical network administration, and adding mandatory identity to the "works as intended" path does nothing to address that.
(I'm new to this topic, so I apologize if this has been discussed to death elsewhere...)
Wouldn't it make sense for governments to make it crushingly illegal to pay a ransom? I would think that drastically changes the calculations of would-be ransomers.
I agree. Also better PR work. The article is based on information the criminals have released, it's pure speculation that negotiations have even happened in the first place. If it would be categorically illegal and if they would clearly communicate that it is so, there wouldn't be much of a discussion and people could focus on the main issue - the security breach.
But it’s sort of wishy-washy maybe-technically-but-never-once-been-enforced illegal. Not “actively enforced and we can send your CEO to jail” illegal (like export control or whatever), which companies would actually take seriously.
"Online vigilante Deric Lostutter helped expose the cover-up in the Steubenville rape case. Now he’s facing more jail time than the convicted rapists."
Yep, the rapists got 1 and 2 years for the rape, and the hacker got 2 years for that hack. Clearly shows what the society's priorities are.
> Yep, the rapists got 1 and 2 years for the rape, and the hacker got 2 years for that hack. Clearly shows what the society's priorities are.
That's one way to read it. The other way to read it is "The rapists, being minors, were convicted and sentenced under laws that apply to Juveniles. The vigilante, being an adult, is being tried under laws for adults."
I'm not sure how you would convince society to do away with separate rules for minors. It's very rare for a justice system to decide that a 16 year old should be tried as a 21 year old.
I don't see how it matters. In no world is the hacker doing something worse than the rapists no matter the age. This does quite clearly show what the people in the justice system think is worse: an adult hacker vigilante is worse than a 16 yo rapist. I doubt you would get the same result if civilians were asked.
>In no world is the hacker doing something worse than the rapists no matter the age.
You really want to go down that shaky rabbit hole? What if a hacker deliberately caused the collision of 2 subway trains, killing everyone on both trains? Is he still going to jail for only a year because he didn't actually physically harm someone?
And if you're going to say he didn't physically drive the trains into each other, how far does that rabbit hole go? Can anyone be held responsible for any action performed with a tool at that point? "Your honor, I just caused a collision of his head with this hammer, it was the hammer that killed him, not me." Oh, he swung the hammer, so that counts as "physical harm". What about guns? "I just caused a collision of his head with the bullet, the bullet killed him, not me." Yes, he would have pulled the trigger, but he didn't physically shove the bullet into the guy (by your definition). Or if pulling the trigger makes him liable, then the guy pressing the keys to run the programs blah blah blah that cause the trains to collide means he caused it.
In your case, he engineered the deaths of the people on those trains, he's liable for them. This ain't hard.
TLDR; We don't determine sentencing lengths based on the crime alone, we determine sentencing lengths based on the expected duration required to ensure that society is safe.
With kids we expect to rehabilitate them faster.
The long version:
You may no see how it matters, but the reasoning is sound:
If you are going to be lenient on juveniles because they are not fully mature enough mentally to contemplate the full effect of their actions, why make certain actions exempt from contemplation?
> This does quite clearly show what the people in the justice system think is worse: an adult hacker vigilante is worse than a 16 yo rapist.
The criminal justice system does not evaluate the actions of a criminal in isolation, they largely take into account the intention behind the action (Look up Mens Rea).
You are just putting two outcomes next to each other for comparison, while the reality is that the intention and maturity of the mind behind those actions are what decides the judgment.
Should someone with the mental capacity of a 5 year old commit some violent crime, do you still think we should judge them as we do with a normal adult?
The ultimate problem with your argument is that the justice system is not about getting revenge on criminals. It's about making society safer.
When someone commits a crime we remove them from society for the period we think it will take to rehabilitate them[1], and ensure that they aren't able to harm society further during the time they are not rehabilitated.
The reasoning for juveniles to get a lower sentence is because we, collectively, think that it will be faster to rehabilitate a minor than an adult.
> I doubt you would get the same result if civilians were asked.
You'd be surprised: leave gender out of it and ask about "violent crime" and most parents would agree that the court should be more lenient on kids. That's because, as parents (and former kids) we know that kids make incredibly poor decisions.
Phrasing the question as "would you prefer your kids rapist to get off with a slap on the wrist" would get the response you want.
[1] Whether or not this is successful is irrelevant as we cannot know the success at the time of sentencing.
>I'm not sure how you would convince society to do away with separate rules for minors. It's very rare for a justice system to decide that a 16 year old should be tried as a 21 year old.
the real situation is opposite - it is pretty exceptional to not charge 16 years olds as adults in a rape case.
Separate rules for minors is a right thing to do up to a reasonable limit - a 16 year old thinking it is ok to joyride somebody's car is one thing, whereis to murder or to rape - it is very different.
it's not rare in the US, and even mandatory for certain crimes in some states. on any given day there are 10k juveniles in adult US jails & prisons, & a lot of them haven't even been convicted of anything (pre-trial detention)
The football players were tried and convicted as juveniles (they were both 16[1]), and so the length of punishment was capped under state law. If they had been slightly older and could have been tried as adults, they could have been sentenced to up to 10 years in prison. (News article say that the two also probably would have to register as sex offenders once they turned 21, however, I didn't find any followup articles during my brief search.)
However, Deric played no role in exposing the rape itself. The article you cited even points out that Deric learned about the Steubenville rape case reading the NYT article about it. None of the evidence that Deric and the other members of Anon hacked and released were used at the juvenile court proceedings due to evidentiary and due process issues (and for that reason would similarly have been excluded if the defendants had been tried as adults), and (per the linked article) a lot of what they posted wasn't even relevant to the rape or the coverup; it was simply intended to embarrass and harass. At least one of the (adult) hacking victims was not involved with the coverup; they simply had the misfortune to be mentioned in the news articles as being involved with the case, and if it satisfies your moral umbrage, that is why Deric was sentenced to 2 years.
[1] https://corriganlawohio.com/felonies-in-juvenile-court. Generally, for a rape charge, in Ohio the youth defendant must have aggravating circumstances to be tried as an adult, such as a previous violent juvie commitment or the use of a firearm in the commission of the crime, which did not apply to this case. Note that these laws were passed as a response to juvenile defendants being treated as adults, on the premise that juvenile defendants are less in control of their actions and therefore should face less punishment than adults.
And it does make sense of the difference in sentencing. Deric's crime was related to the rape case, but nothing they did affected it. They didn't garner any new indictments or convictions, they just stirred the shit.
>Note that these laws were passed as a response to juvenile defendants being treated as adults, on the premise that juvenile defendants are less in control of their actions and therefore should face less punishment than adults.
We know for a fact that young men's brains aren't developed as fast as young women's brains. Either the passed law wasn't passed because "juvenile are less in control of their actions" or it is a clear case of not looking at the science they cite since 50 % of juveniles are less in control than the other 50%. I'm personally sure this is all about society being angry about juveniles being punished too harshly and the justice system seeing this as a way out instead of actually ruling as they should: on an individual basic. As it is now they cite a scientific basic and don't actually follow it at all.
Also IMO it does also show that the justice system is out of touch. If you asked civilians I'm convinced that close to 100% would say rape should be punished harsher than the hacking and the hackers punishment is the one that is too hard.
That is a ridiculous sentiment. The rapist potentially could rape thousands of people. He should not be convicted for potential victims, but for actual victims.
One thing I am still confused about is how the blockchain is supposed to make such ransom payments easily traceable. That apparently must not be the case if organizations keep falling victim to these attacks.
If you can trace the payment to Russia, and Russia refuses to do anything with the criminals, they are safe. The advantage of blockchain payment is that no-one can reverse the transaction once they found out it was illegal. No-one can block the transaction, or prevent it either.
It depends on which blockchain it is. For example, on the Monero blockchain every transaction is signed by at least 11 keys and there's no way to figure out which key actually authorized the transfer.
I'm familiar with how ring signatures work, but haven't looked into how the rest of the Monero anonymity works. In order to expand the search space, presumably some of those keys used in the ring signature need to be from people completely unknown to the signer.
I take it that a person just finds a few random strangers' public keys with previous history, and gives them signing power over the coin. Those strangers just have no way of knowing they have signing power because the ring is represented in the unspent coin by its hash. Is that correct? In order to spend a coin, however, the ring needs to be revealed. How is the race condition resolved where those strangers could see there's a pending transaction for a coin they could spend. Can't those strangers just see the transaction and pay a huge mining fee to jump the queue and spend the coin first?
> I take it that a person just finds a few random strangers' public keys with previous history.
The ring signatures are used when spending an output. For minting an output you essentially just spend to a single public key.
When spending an output, you pick 10 other outputs (at random from an age-based distribution so the age of a ring-member does not say much) and you produce a ring-signature saying "I have the key to one of these 11 outputs". They combine this with Pedersen commitments to ensure that you are not spending more than you are minting, without ever revealing the total amount of the transaction.
In older versions of Monero, you would pick a few (rings were smaller then) outputs of the same amount, and the amounts were hidden.
Zero-knowledge proofs/cryptographic accumulators are used to verify each coin is spent at most once. Any of 11 coins could have been spent, each owned by a different single key.
For some reason, I thought Monero was basically ZCash plus using ring signatures to make traffic analysis much more difficult even if the zk proof system were broken. I was completely mistaken.
Edit 2: Sorry droffel, I wasn't fast enough editing away my old understanding of how it worked and asking what I was missing. Thanks for the explanation.
The piece you are missing is called the Key Image. The key image can be thought of as a fingerprint/hash (one way function) of the true spender, and is always produced when the true spender signs the transaction. Signing the transaction with any of the decoy keys will not produce a valid key image, and therefore they are not able to spend the funds (or see their amount). This key image is also used to verify that transactions aren't being spent twice - despite not knowing which input in a ring is actually being spent, a transaction with a key image that has never been used before guarantees that it hasn't been spent in the past.
Yes but there is no existing way to poison illegitimately gained bitcoins as not eligible for use with legitimate purchases even though it's totally possible to trace each and every bitcoin used to pay a ransom.
In addition there is no 3rd party verification of the wallet owners so in practice there is plenty of ways to whitewash dirty bitcoin into clean currency, especially in economies with an large black/gray sector.
Add to that that any international investigation into cyber crime becomes an instant political hot potato due to the prevalent political rhetoric around state sponsored actors and you have an environment where the treat of actual capture/punishment is extremely low.
> Yes but there is no existing way to poison illegitimately gained bitcoins as not eligible for use with legitimate purchases
I am curious about this. If Uncle Sam serves Coinbase notice that it considers the contents of XYZ wallet to be stolen goods, then haven't they created lower-value coloured coins, and won't other exchanges start creating lists of those pretty quickly?
No criminals involved in this kind of nefarious activities use Coinbase. The blockchain is all over the world and you can setup an exchange in your back yard if you wish, in middle of nowhere in Africa, for example. Good luck having Uncle Sam go there.
Sure, but they're still going to want to _spend_ those coins at some point, and coins that can't be redeemed in the US are worth less than ones that can.
Any USD retrieved from TotallyLegitExchangeLLC up in Belarus could still be marked as tainted if most of its blockchain transfers volume originate from illegal activity, so I feel in practice you would be limited to a narrow band of exchanges popular enough to have legitimate traffic and yet still unknown enough that they're still under the radar of their parents countries and/or the US' financial institutions.
Yes, but it's not happening yet. It takes a while for things to progress from protocol-as-designed to protocol-as-exploitable. But the lack of fungibility is a serious design flaw in Bitcoin, and eventually it's going to have to change to a completely different protocol, or there will be no such thing as a Bitcoin.
This points to the heart of the issue. A single BTC key is not fungible in the proper sense as it can be tracked.
There are ways around this on BTC that do not require protocol changes. For example, you can use a coin mixing service like whirlpool to essentially `wash` your BTC. However, this solution is incomplete unless everyone agrees to use it and in doing so `taint` their own BTC supply.
> "If we are all using stolen BTC then none of us are."
The proper way to fix this is with a protocol change as mindslight said. This already exists in a half-way form called ZChash. This is a fork of the BTC blockchain that updates to protocol to allow for `shielded` transactions. These protect anonymity and, I believe, transaction amount as well.
However, ZChash only gives the option to perform a `shielded` transaction. Most transactions on the ZCash blockchain do not utilize this function since it is slower than a standard BTC transaction.
The actual proper implementation of `shielded` transactions that I know of is called PirateChain.
This always fascinates me. If you have wallets you know are bad, and wallets you know are good, how can you launder anything if you can trace every transaction down?
You cannot fully trace every transaction. Transactions can happen off-chain, and transactions can be mixed.
If I have an output of 1 BTC, and I want to send you 0.3 BTC, then that 1 BTC gets split up in 0.3 and 0.7BTC the 0.3 goes to your address, the 0.7 goes to a new address belonging to me.
If that 1 BTC was "known bad" is the 0.3 BTC now also "known bad"? Also, for the outside it is a guess whether the 0.3BTC or the 0.7BTC transaction was my "change".
You cannot fully trace every transaction. You can just find every other transaction it was linked to. That list grows somewhat big.
It is relatively easy to obfuscate the origin of your Bitcoin with multiple interpretations. The term to search for this is "CoinJoin" [1].
"CoinJoin requires multiple parties to jointly sign a digital smart contract to mix their coins in a new Bitcoin transaction, where the output of the transaction leaves the participants with the same number of coins, but the addresses have been mixed to make external tracking difficult."
For example, the service Whirpool [2] cycles users' Bitcoin numerous times; the end result is one which can be interpreted 1,496 different ways.
This is negated the moment someone generates a reasonable double entry accounting visualization. I wouldn't recommend on something that degenerates to a UI/UX or data presentation problem to ensure your own security and ongoing freedom from prosecution, especially when the evidence trail is everywhere and forever for all to see.
> where the output of the transaction leaves the participants with the same number of coins, but the addresses have been mixed to make external tracking difficult
Wouldn’t the simple solution be tagging coins that exited such a tumbler?
Pretty much. Bitcoin wasn't made for anonymity. The logical approach to handling this is that exchanges consider coins from those wallets as invalid, creating a secondary class of coins.
And assuming all tumbled coins were tainted? Perhaps you could, but then I can imagine tumblers paying "innocent" people (out-of-band) to tumble their coins, while charging money launderers to do the same. If you could get a big fraction of all the active coins/wallets to be "tainted" then people are much less likely to refuse to transact with them.
> can imagine tumblers paying "innocent" people (out-of-band) to tumble their coins, while charging money launderers to do the same
Perhaps. But the legal precedent is for laundered money to be tainted per se. The laundering itself taints the cash independent of any preceding criminality.
Yes, but then you have a problem of "tainted" bitcoins. So in theory you arrive in a situation where some bitcoins aren't equal others - they can't be spent in a normal way because at some point in the past they went through a tumbler, so payment providers won't touch them "just in case".
Yes, that's kind of the whole point - from the government or law enforcement perspective, having a class of "tainted" coins would not be a problem but the intended outcome, and if a side-effect of that is a serious disincentive to use tumbling/laundering services (since that would effectively taint/destroy your funds, no matter if they were originally clean), that would be considered as a bonus, not as a flaw.
The way it one of the ways it work is that Vlad the blackmailer buys a bunch of digital artwork from Irina the artist using bitcoin, who then convert the bitcoin to cash in order to purchase something for her husband Vlad the legitimate businessman.
And because none of the wallets aren't accurately linked to real persons all tree actors in the above transaction could be the same entity with 3 distinct fictional personas.
Add to that that the former soviet block is littered with regions where nobody really agrees on who the legitimate government is and where the entire economy happens using foreign currency, there is plenty of ways to deliberately block investigations from simply following the money trail.
Seems like the US government could force the Bitcoin devs to lock down any transactions to and from the illicit addresses with a code change to the client. If they don't comply, make crypto illegal and topple the mining rigs.
The US government can compel nearly every financial institution in the world to stop trading crypto coins for fiat, overnight, as an executive action.
Yes crypto is theoretically decentralized, but in practical terms it is remarkably centralized - very similar to the Internet’s supposed decentralization.
There would be a limited black market but the value of crypto coins would fall to nearly zero. Certainly crypto would be much less attractive as a means of transferring illicit money.
Humans want what they cannot have and the government saying you can't have crypto would be the ultimate sign you need crypto. See India and China "bans" on crypto.
I have a feeling it was something like an email with an attachment called important_tax_info.docx.exe. People are much easier to exploit than software.
When I worked at a hospital there would be a phishing attempt like this to emails like once a month. Luckily IT was set up pretty well to expect these events so nothing major happened. I'm sure orgs are constantly being phished.
Exactly. I think people need to read or reread The Art of Deception. The best tool to gain access to sensitive information isn't a laptop, it's a Hershey's bar.
I doubt it. Because governments, just like big corporations are susceptible to important but small things like software updates falling through the cracks. The incentives aren't right so it is allowed to happen.
It's been a week or more since this story first broke. I'm surprised the hackers haven't released all the info as a warning about what happens if you don't pay up in a timely manner.
Blackmail is a gun with one bullet that can only shoot one target. Once you release the information, you can never get paid. Any leverage you had is gone.
So if the goal is to get paid, releasing the information is actually counter-productive.
People are not _always_ rational nor _never_ rational.
We probably fundamentally agree: in my opinion one should not concede to a blackmail, in order to destroy blackmailing. However the associated cost, for the victim, may be very high, roughly a sacrifice.
Such blackmailing works because there are known cases of ransoms paid, leading to recovery without any known after-shock (in 2020, as far as I understand: Tillamook and also Delaware County, Florence, Utah Univ, CWT...).
Not sticking to this behavior would be a threat to the ransomware "business", and people gaining from it are probably rational to the point of trying to preserve it. Most, even quite dumb, don't kill the goose that lays golden eggs.
Moreover in some cases the victim lost access to at least part of data vital to its operations, and pays in order to survive.
Releasing data stolen to a victim plainly refusing to pay or even simply trying to play for time sends a powerful signal to future victims.
(from Babuk) "The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers, you can download this archive, the password will be released tomorrow. if during tomorrow they do not raise the price, we will release all the data."
The password AND link to a 161MB rar file is present and working.
What are some thoughts about the government or corps posting a bounty on the blockchain for any tips or leads that lead to the identification of these perpetrators? Why not fight fire with fire?
As far as fighting fire with fire, I'd advise the FSB (or whatever relevant law enforcement body) that if you do not ably deter cybercriminals in your jurisdiction we will not enforce cyber crime laws against criminals targeting Russian individuals and companies. Could American hacker groups cause sufficient problems for Russia that it would become worthwhile for Russia to enforce laws against its criminals?
> Could American hacker groups cause sufficient problems for Russia that it would become worthwhile for Russia to enforce laws against its criminals?
You don't need to do much to Russia. You just need to let some "hackers" empty the foreign bank accounts of some oligarchs a couple of times. Those are probably much easier to wipe out and it would send the appropriate message--clean up or stay home--indefinitely.
Let's turn it around (with a real example): A US diplomats wife ran someone down in the UK while drunk driving and then ran home to the US. The US refuse to let justice run its course. Should everyone else then be just as dirty as the US and let every criminal do whatever they want and just laugh at the US when they want justice?
It's a very steep and slippery slope. One cannot both be angry that Russia doesn't jump when we say jump and then not jump ourselves when it is the other way around.
There are degrees. When someone is shooting at you and won't stop, eventually you have to shoot back.
And the fact that you have to choose an individual case where the US is wrong (and that it is exceptional) and compare it to entities blackmailing dozens to hundreds of people who will wind up with some of them dead and who have done it repeatedly demonstrates that.
Or perhaps we can talk about the beatings at the Erdogan protests?
Back to internet, even with the best security, how many entities could really stand up to a concerted attack? What everybody asking for OpSec that can stand up to this is really asking for is complete loss of sharing and trust in any group entity. I'm not sure people really grasp that solid security implies lack of sharing. Do you really want HR to require an ID with every interaction? Do you really want the line slowdown while every Karen fishes out her Target fob from her purse before she can check out?
At base, you need at least a minimum level of trust between entities to operate. If someone is preventing even that, you will eventually have to do something drastic to them.
What you are describing is essentially an act of war. You know that, right? State-sanctioned attacks on a foreign nation is kind of the definition of war.
And it's not like Russia is opposed to the idea. That's been their schtick for a while now. They've been baiting direct action for years now. The U.S. government has so far avoided responding directly even to actions that could also be seen as acts of war. Because war with Russia does not serve the U.S.'s interest as much as it would serve Russia's.
Why would it be an act of war if what Russia is currently doing is not an act of war? We won't enforce criminal penalties against people who commit crimes against people who do not enforce criminal penalties against people who commit crimes against us. Admittedly, it's a mouthful to say - but it's a simple symmetric proposition.
Did you miss the part where I said the U.S. government was ignoring actions that could be seen as acts of war? War with Russia is not in the interests of the U.S.
We can't really enforce penalties against citizens of other countries. We don't have the authority to do so.
How would you do that transaction though? Police won't pay for bogus tips, and if they already get a valid tip, what's the incentive to pay for it? What recourse would the tip giver have if they didn't pay?
Any thoughts on why this continues to be such an issue? Is it a case of companies not heeding the warnings or are the attacks just becoming more sophisticated?
“ A day after the initial threat was posted, the gang tried to spur payment by leaking personal information of some police officers taken from background checks, including details of officers’ past drug use, finances and — in at least one incident — of past sexual abuse.”
I’m all for leaking this data. It would be a heroic act to let the people know how bad our police really are.
Does drug use and poor financial decisions, regardless of age, context, and scale, make you a fundamentally bad police officer? I'm not sure that's a bandwagon I can blindly jump on.
Locking people up for doing drugs is a moral travesty. Locking people up for doing drugs while you also do drugs is... just like, entirely beyond the pale.
Extorting people for money is also bad, and I hope that the extortionists don't get paid, and just release this shit. Police misconduct is the worst sort of misconduct.
Having done drugs in the past is not "police misconduct". Enforcing bad drug laws is also not "police misconduct". Conflating these things is not going to help you fix any of them.
Locking up people for doing exactly what you're doing is pure hypocrisy, no arguments there. But unless I misread the article, these were background checks of police. They were also background checks of serving police which hopefully infers something about how bad the incidents were. It didn't say whether they were from last week, last year, or last decade. I'm all for transparency, but this is sensationalism with so few details available.
>Locking people up for doing drugs is a moral travesty. Locking people up for doing drugs while you also do drugs is... just like, entirely beyond the pale.
We've had multiple recent presidents and vice presidents who have used illegal drugs.
That seems far more "beyond the pale" because the president has more power than anyone to ending the drug war
Let me introduce you to the current VP of the United States...
We also do not know if the officers that did drugs also locked up people for doing drugs. There are police officers that try to be lenient and use discretion.
This is why the background checks exist though, right? The police clearly got the job regardless of what was in the check so either we're suggesting the police as an entity are fundamentally corrupt and either didn't care/wanted these compromised people to serve or they didn't feel they were compromised.
If anything, that this stuff is on the background check makes me feel more comfortable. It means that whatever happened has been owned up to which makes you somewhat difficult to blackmail.
Typically drug use and poor financial decisions are disqualifying for things like security clearances, signature-level financial authority, or say, the legal ability to kill people and enforce laws, not because they're inherently bad, but because addiction and debt make you subject to extortion and bribery.
I'm of the opinion that certain positions in society demand a moral character that rises above. That's not to say they should be perfect, that's ridiculous. But they should be upstanding. This should absolutely pertain to people who make instantaneous life or death decisions regarding the rest of us.
If it was only police conduct reports was in the leak, who cares. But its not.
Part of the leak also contains all confidential informants TO the police. This, in the hands of criminal enterprise, is a hitlist.
And given how the police operate, I think it would be safe to say that not all the informants are willing (think- "we look the other way over your drug garbage for juicy data")
In the article they talk about leaking the identities of informants and the background files of police officers (possibly saying where they live). I think this would be less of a "police reform" thing and more of a "a few criminal informants getting killed" thing.
Basically more American people will see more evidence that Officer Friendly on their side of town is Judge Dredd on the other side of town and that there is a chronic abuse of low accountability which can be corrected in more holistic ways
It's far too easy to drown out coverage of police misconduct with "third informant killed after police leak." Ideally, they'd release the information to a wikileaks like organization that could redact the potentially dangerous records.
The proportion of the population that will pay a ransom with a positive expected valuation will never be 0 unless you can guarantee that it is impossible to make a ransom offer which yields a positive expected valuation to the victim.
In effect this means that refusing to pay a ransom with a positive expected valuation subsidizes outcomes for those that do pay the ransom.
or, really, what I mean to say is, there is no way to stop everyone from paying ransoms when we assume they are rational or even pseudo-rational actors, except by making it impossible for them to be presented with the choice of paying a ransom which makes sense to them to pay from their perspective
for example, if someone is going to die based on the information, then we would have to be ready to kill that person anyway to make a point, and apparently have perfect information about everything except how to stop this tragedy from happening, in any case the person being ransomed is essentially morally bound to pay the ransom, with the only difference in the vindictive justice case being the tangentially but not necessarily meaningfully involved party is guaranteed to die, and that doesn't seem like the outcome we're looking for here really
>there is no way to stop everyone from paying ransoms when we assume they are rational or even pseudo-rational actors
I guess it depends on what the definition of rational is. Is it rational to give money to charity? People do that all the time because they feel it's the morally right thing to do.
>except by making it impossible for them to be presented with the choice of paying a ransom which makes sense to them to pay from their perspective
Yep, making it illegal to pay the ransom is a good way to stop people from having that choice. If police themselves are paying a ransom, that might make it hard to make it illegal.
>The proportion of the population that will pay a ransom with a positive expected valuation will never be 0 unless...
You don't need to get the proportion to 0 to help people. Reducing the proportion is helpful. If you reduce the amount of people paying (say you convince half the population that it's immoral to pay), the ransomware gangs will be less profitable, and will invest less money in ransomware and thus less people will be attacked.
Some fraction of every ransom paid is reinvested into making better ransomware and attacking more people.
> Yep, making it illegal to pay the ransom is a good way to stop people from having that choice. If police themselves are paying a ransom, that might make it hard to make it illegal.
Ransoming itself is already illegal and yet people still have the choice to do it.
Why would making paying the ransom illegal remove the choice to do it?
> You don't need to get the proportion to 0 to help people. Reducing the proportion is helpful. If you reduce the amount of people paying (say you convince half the population that it's immoral to pay), the ransomware gangs will be less profitable, and will invest less money in ransomware and thus less people will be attacked.
It's something that's trivial to automate which produces positive cash flow, which makes it something approaching a thermodynamic impossibility to prevent from happening.
We made spamming illegal. Most of what is spammed is already illegal. So there's no spam anymore, right?
The policy suggested produces obviously absurd outcomes when applied to plausible scenarios.
It does more harm than good, and is an emotional knee jerk which does not survive rational analysis.
>Ransoming itself is already illegal and yet people still have the choice to do it.
You mean the attackers? They're not in the US, so US law doesn't matter to them.
>Why would making paying the ransom illegal remove the choice to do it?
The attackers don't care about the law. For 2 reasons: (1) they live in countries without much enforcement, (2) they use online anonymity tools. Most US businesses care about following the law to a reasonable degree so they don't get in trouble. They are in the US where there is better law enforcement and since they're legitimate businesses with known addresses and employees, they cannot be anonymous.
>It's something that's trivial to automate which produces positive cash flow, which makes it something approaching a thermodynamic impossibility to prevent from happening.
There are many aspects that need human effort. People actively communicating for spear phishing and vishing. Negotiators to negotiate the amount. Customer support to help with payments. Customer support to help with decryption. Constantly updating the malware to avoid new detections from antivirus. Constantly updating the malware to take advantage of new vulnerabilities.
>We made spamming illegal. Most of what is spammed is already illegal. So there's no spam anymore, right?
I never said making ransomware illegal would make it disappear.
The same reason all police misconduct should be investigated. It seems suspicious in this case the name of the officer involved is suppressed, but not in other high profile police shootings.
Understanding the word is getting diluted recently, generally terrorism is meant to indicate violent acts intended to coerce behaviour for political / ideological purposes.
It seems most ransom ware is used for fairly explicit and immediate commercial gain.
We already have a word for "bad thing", "crime". If we start using terrorism for every bad thing it becomes meaningless.
Mind you, irregardless is becoming a word and literally now has two opposing meanings, so it's likely based on current USA usage terrorism will become a catch all phrase as well if it hasn't already. I am curious however what use it then becomes calling something terrorism. Today there's implicit notion it is a higher threat demanding higher response but even that I think is diluted.
Arguably it is political. These ransomware attacks are not state-sponsored, but they are state-condoned, like British privateers of the past. They serve to harm the society and way of life of a country Putin sees as a political rival.
Arguably it is violent. The threat in this case, should the ransom not be met, is to release information that will lead to violence.
Fair argument; but for what I think are desired purposes and effects, I think declaring it something like 'National Security Threat' is more productive and less ambiguous/debatable.
Lol no. Terrorism is "The calculated use of unlawful violence or threat of unlawful violence to inculcate fear; intended to coerce or to intimidate governments or societies in the pursuit of goals that are generally political, religious, or ideological"
I don't think we should start calling everything we don't like terrorism. Nestle? Not terrorists. Dirty roommate that doesn't clean up? Most likely not a terrorist.
Releasing data on informants really is a threat of unlawful violence (although indirect). The ideological/political angle comes in when you consider that Russia has no interest in fighting this threat because the victim is its main political rival.
This is not an either or situation, both government and private business get hacked and data stolen.
BUT: Only the government has the force of law to aid in their data collection.
Theoretically: if you wanted to avoid Google/Facebook web tracking, you could never use their services, block all cookies and domains. You might not have the best web experience but you could still browse the web.
If the government made a WebID to help people stop the tracking/prevent certain ads from being served to minors/think of the children/... then you would have a nice juicy target of information on a whole bunch of people.
The same with gun control arguments, if there is a gun registry then it is a target. Now there can be a debate on if the trade off of having that target helps prevent other more serious crimes.
Another example might be library system membership. Libraries membership lists have but they are not all linked, this is inconvenient if you want to take out books from different systems but might help protect the data more.
Ransomware btc are so tainted as to be worthless. I cannot imagine that these criminals are able to cashout easily, if at all. To cash out tainted btc you need a buyer. At some point there will be leaks and major arrests of these ppl. Just being in Russia is not safe enough. IN certain cases, the US government does do kidnappings.
Kidnapping a Russian national on Russian soil might be doable, but I doubt we would risk the potential political fallout in 99.9% of ransomware cases. If the pipeline attack doesn't provoke it then I don't know what it will take
We’ll never have perfect security. Secrets can always leak. Almost everyone’s one hack away from being blackmailable.
We can minimise the opportunity for blackmail in two ways: better security, and a more liberty-focused society — for example, you can’t be blackmailed for doing weed if nobody cares you did weed. (Same applies to many non-drug laws, but all this will vary from jurisdiction to jurisdiction).