Bit of a risk for a few bitcoins

I am reading from various reports that the Wannacry ransomware attack that has laid bare the deficiencies in the IT security of the NHS has also affected many Russian companies, not least Sberbank and the Russian railways.

Sberbank is a state-owned company. A lot of the most skilled and prolific hackers and IT security experts are Russian, many of whom will be living in Russia. Depending on whose toes have been trodden on at Sberbank or the other affected companies, some nasty people might well be deploying considerable resources in trying to find out the origins of this software. If so, don’t be surprised if those responsible are found. And then found again, some months later, badly decomposed in a shallow grave in a forest.

I doubt anyone will have much sympathy.

Share

8 thoughts on “Bit of a risk for a few bitcoins

  1. At least they may have had a business case of sorts, not like this goose below.

    It appears that the power needed to mine for Bitcoins on a supercomputer is greater than the power required to mine for gold, Mr Satoshi Nakamoto has a lot to answer for.

    US Government Bans Professor for Mining Bitcoin with A Supercomputer

    “In a day, Sequoia could mine about 40 dollars worth of bitcoin, but it consumes about the same amount of electricity as 4,000 homes: 8 megawatts. They would pay more money in electricity costs each day than they would earn.”

    We received reports describing a researcher’s abuse of NSF-funded supercomputing resources at two universities to conduct bitcoin mining activities. Bitcoin is a virtual currency that is independent of national currencies, but it can be converted into traditional currencies through exchange markets. It is generated or “mined” through a process that is by design computationally intensive.

    The researcher misused over $150,000 in NSF-supported computer usage at two universities to generate bitcoins valued between $8,000 and $10,000. Both universities determined that this was an unauthorized use of their IT systems. The researcher asserted that he was conducting tests on the computers, but neither university had authorized him to conduct such tests — both university reports noted that the researcher accessed the computer systems remotely and may have taken steps to conceal his activities, including accessing one supercomputer through a mirror site in Europe.

    The researcher’s access to all NSF-funded supercomputer resources was terminated. In response to our recommendation, NSF suspended the researcher government-wide.

    https://bitcoinmagazine.com/articles/government-bans-professor-mining-bitcoin-supercomputer-1402002877/

  2. I admit it has always struck me as odd that there is any tolerance of computer hacking by governments and their agencies. It somehow smacks of the idea of home computers merely being “fun” and no one higher up the state ladder understanding how vital computers and digital information are to the welfare of a nation and its resources. If terrorism is bad it is bad in any form and only the end of those causing it (and I don’t mean fines and cautions) has to be the sole solution. It wouldn’t surprise me either if nerdy hackers are eliminated the same way that bearded AK-47 users have been.

    One might pause using the ‘send’ button if you knew the response could be a drone strike to one’s bedroom,

    In related news: a relative of mine was telling me he attended a conference of computer people and one of the talks was about a company’s ‘red hat’ hackers finding ways of exploiting their own company’s security weaknesses. It was fascinating stuff, but interestingly involved a lot of being prepared to say sorry, mr guard, I seem to have forgotten my pass card and ‘tailgating’ someone through otherwise locked doors, as well as asking if one could borrow their password. Put more simply, even the best cyber defences can be outflanked by people being people and doing unthinking (and unsecure) people things.

  3. @Watcher: ‘ Put more simply, even the best cyber defences can be outflanked by people being people and doing unthinking (and unsecure) people things.’

    Oh, THIS! So much this.

  4. Neal Stephenson’s novel REAMDE starts with almost this exact scenario. Computers holding data belonging to a Russian mafia syndicate get infected with ransomware, and the Russians then get *very angry* and attempt to identify, chase down, and horribly kill the hackers responsible (who in the novel turn out to be Chinese).

  5. Deep blue
    The Mechanical Turk
    etc
    All these AI thingies we’ve been promised every year for 20 years that are only 20 years away…
    I think I’l let my great grandchildren worry about this. These hackers have no interest in blowing up the world, as their bedrooms would get incinerated too.

  6. Neal Stephenson’s novel REAMDE starts with almost this exact scenario.

    Interesting! But yes, I’d have thought that would be at the forefront of the minds of every hacker of this nature: what if I upset the wrong people. They’d better hope they’ve covered their tracks well, but if they expect to get paid…well, nothing is foolproof especially when the guy you asked to help write the code is now tied up in a basement with a blowtorch to his feet.

  7. Put more simply, even the best cyber defences can be outflanked by people being people and doing unthinking (and unsecure) people things.

    Hackers call this ‘social engineering’; it is a truth universally acknowledged among same that people are much, much easier to crack than computers.

Comments are closed.