Rewarding Hackers and Ransomware Crime

Things that are not part of politics happening presently and how we approach or address it as Anabaptists.
Biblical Anabaptist
Posts: 400
Joined: Wed Oct 19, 2016 4:33 pm
Location: South Central PA
Affiliation: Unaffiliated Menno

Re: Rewarding Hackers and Ransomware Crime

Post by Biblical Anabaptist »

Maybe not

https://en.wikipedia.org/wiki/Hive_(ransomware)
In January 2023, following a joint US–German investigation involving 13 law enforcement agencies, the United States announced that the FBI had "hacked the hackers" over several months, resulting in seizure of the Hive ransomware group's servers, effectively shuttering the criminal enterprise. The Hive ransomware group had extorted over $100 million from about 1,500 victims in more than 80 countries when dismantled by law enforcement.The investigation continues, with the US State Department adding a $US10 million bounty for information linking Hive ransomware to any foreign government.
Last edited by Biblical Anabaptist on Fri Feb 09, 2024 9:12 pm, edited 1 time in total.
0 x
Ken
Posts: 16917
Joined: Thu Jun 13, 2019 12:02 am
Location: Washington State
Affiliation: former MCUSA

Re: Rewarding Hackers and Ransomware Crime

Post by Ken »

Josh wrote: Fri Feb 09, 2024 8:40 pm I think y'all are saying "DOS" when what you mean is a "text based user interface", which are still quite common and run on the most modern of computer systems.

DOS was an operating system that was contemporary in the 1980s and could have either a text based user interface, but also could host graphical user interfaces, the most well known one of them being Windows.
I had a supervisor once in the government who still insisted on running his PC on DOS. This was back in the early 2000s I think. He only knew how to use Wordperfect 5.0 in DOS or some such and so wouldn't let the IT upgrade his computer. Although he did have a 20" monitor which made his screen really pixilated with the big white text on the big blue screen.

I don't think he did much actual work on the computer except maybe email. He mostly just read and signed paper documents that people put in front of him.
0 x
A fool can throw out more questions than a wise man can answer. -RZehr
User avatar
Pelerin
Posts: 511
Joined: Sat Apr 07, 2018 9:48 pm
Affiliation:

Re: Rewarding Hackers and Ransomware Crime

Post by Pelerin »

Ken wrote: Fri Feb 09, 2024 6:20 pm
  • Maybe this is because government often doesn't pay as much as the private sector and the best tech people don't want to work for government agencies.
This isn’t it. State-level actors are widely known to deploy the most sophisticated and novel attacks. Although maybe it’s that anyone in government who shows promise is recruited over into the NSA.

  • Maybe this is because government budgets don't provide enough money to keep their systems modern and updated. I have walked into some offices before and it looked like they were still using Windows 95. Sometimes even running DOS programs.
  • Maybe it is because tech people aren't highly ranked within government agencies. All the bosses and administrators are completely non-techie types and tech people are sort of at the bottom of the totem pole. That is definitely how it is at school districts. A tech person is never going to be made a top administrator at any school district. It will be some random EdD person. Even though education is becoming increasingly technology based. But I don't expect that is the case at places like Google or Apple where the top people, and especially mid level people tend to be tech engineers. And of course actual tech companies don't tend to get taken down by ransomware either.
Probably it is a combination of all three. I'm sure Josh has opinions.
I think these are a bit closer. One reason governments are slow to change is because they have critical things running that can’t be allowed to break because people rely on them. Maybe even some of them must be available by law. When something can’t break then you just don’t touch it if you don’t have to. (To be fair any large codebase probably has some parts “we just don’t touch.”)

Developing a replacement to meet that standard costs a lot more than just regular software. An example of this is that the computer chips in NASA’s satellites are very expensive for very little processing power—you should be able to buy something equivalent for a few dollars or less. However they also have to have a ridiculously low crash rate because when it’s fifty million miles from Earth your options for recovering from a problem are pretty limited. I wish I could find the article I read this in but here’s a different one that touches on some similar things.

Another factor is that older things are often more secure simply by virtue of their age. If the weaknesses have been probed for twenty-five years and held up it’s often better to go with what’s old and tested rather than the new thing which might have a catastrophic weakness that no one has discovered yet—or no one except a hostile state that’s keeping it in their back pocket. Which would you trust the nuclear codes to?

Using old tech also has an additional advantage. I recently saw an article about a malware attack that failed because the system it tried to attack were so old some of the things the attackers were counting on just weren’t available.
0 x
Ken
Posts: 16917
Joined: Thu Jun 13, 2019 12:02 am
Location: Washington State
Affiliation: former MCUSA

Re: Rewarding Hackers and Ransomware Crime

Post by Ken »

Pelerin wrote: Sun Feb 11, 2024 8:11 pm
Ken wrote: Fri Feb 09, 2024 6:20 pm
  • Maybe this is because government often doesn't pay as much as the private sector and the best tech people don't want to work for government agencies.
This isn’t it. State-level actors are widely known to deploy the most sophisticated and novel attacks. Although maybe it’s that anyone in government who shows promise is recruited over into the NSA.
State-level actors in Russia and China perhaps. But I'm talking about the US. And not the NSA or other black agencies. Who knows what kind of talent they have and how much they pay.

I'm talking about ordinary government agencies like HHS processing Medicaid claims, or DOE managing student loans. Or the myriad of state and local agencies running things like property tax rolls or school district web sites.

Those sorts of government agencies tend to pay tech people very poorly and tech jobs tend to be classified pretty low in the hierarchy. So if you are a bright techie, do you want to spend 30 years slaving away at an agency like HHS for wages that are the equivalent of the secretarial pool with the chance of earning a meager pension if you put in a lot of years? Or do you go work for a tech startup and get stock options? Or even anywhere else in the private sector?

At my school district the tech support people get paid way less than teachers. Probably more like bus drivers or teacher's aids. Is it any wonder those jobs are a revolving door and perhaps someone forgets to immediately update some server to the latest version to prevent a ransomware attack?
0 x
A fool can throw out more questions than a wise man can answer. -RZehr
User avatar
Josh
Posts: 24927
Joined: Wed Oct 19, 2016 6:23 pm
Location: 1000' ASL
Affiliation: The church of God

Re: Rewarding Hackers and Ransomware Crime

Post by Josh »

I’ll speak as I have actual experience with cybersecurity in state and local governments.

Government bureaucracies seem to be loaded up with administrators and they also seem to move very slowly and make decisions slowly. By the time they finally chose to buy and implement the software my employer at the time sold, years had gone by - and the original plan was already obsolete. So we had to go back to the drawing board with a new plan.

Governments tend to outsource all their IT to a big consulting shop, which is expensive and tends not to work well either. Government would really do a lot better if they hired and paid the same way private tech sector does (I.e., ignore college credentials; pay mostly on experience; quickly fire underperformers). We all know that’s never going to happen…
0 x
Post Reply