Jump to content
Washington Football Team Logo
Extremeskins
Forum Rules and Guidelines

NBC: Colonial Pipeline blames ransomware for network shutdown

China

By China
in The Tailgate

 Share

Recommended Posts

tshile

tshile

Posted
Posted
55 minutes ago, Destino said:

We have the military assassinating hacker groups right now?

In a day where we’re talking about the criminal justice system the way we received, or

waterboarding/shining light/playing loud music to major terrorist leaders (even though it produced real intelligence)

drones in general - pick which one you want to talk about 

killing us citizens over seas that renounced  their citizenship and are leaders of terrorist organizations 

 

your grand plan is to send the military around unilaterally assassinating accused hackers in random, foreign countries?

 

I mean don’t get me wrong I’m all for it but it seems to run counter to basically everything over the last few years. 
 

rememebr I wanted to drone the ****ers taking over the Native American museum 

 

it was everyone else calling me a bad person 🤷‍♂️ 

 

Link to comment
Share on other sites
tshile

tshile

Posted
Posted
3 minutes ago, PleaseBlitz said:


Sorry Mr. Hacking Expert. :806:

I can’t help it your not aware of where these people are, the efforts put forth over the last 10 years to track them down and catch them and hold them accountable, and the difficulties with it. 
 

it’s all public knowledge. 
 

you think we can just make law making computer crimes severely punishable and important and that would somehow fix it all

 

(ps - we already did that you should know that you’re a lawyer)

1 minute ago, Spaceman Spiff said:

 

C'mon, you can't talk down to PleaseBlitz like that.  Don't you know who he is?  He'll be happy to tell you if you don't!

I know I can’t keep up with the elitist makers and coke crowd 

  • Haha 1
Link to comment
Share on other sites
The Evil Genius

The Evil Genius

Posted
Posted (edited)

Darkside (who allegedly supplied the malware in question) is thought to be Russian based though, right? Since they exclusively don't hack Russian businesses and have language tools to deter hacking any business with Russian language...or did I read that wrong?

Edited by The Evil Genius
Link to comment
Share on other sites
tshile

tshile

Posted
Posted
6 minutes ago, The Evil Genius said:

Darkside (who allegedly supplied the malware in question) is thought to be Russian based though, right? Since they exclusively don't hack Russian businesses and have language tools to deter hacking any business with Russian language...or did I read that wrong?

I haven’t read it yet because I’ve been busy watching 5 year olds suck at baseball

 

originally they didn’t supply the malware but it was one of their... sub-groups of their overall collective (for lack of a better description) that did it. And that’s how their press release read? Has that changed?

Link to comment
Share on other sites
PleaseBlitz

PleaseBlitz

Posted
Posted
4 minutes ago, tshile said:

I can’t help it your not aware of where these people are, the efforts put forth over the last 10 years to track them down and catch them and hold them accountable, and the difficulties with it. 
 

it’s all public knowledge. 
 

you think we can just make law making computer crimes severely punishable and important and that would somehow fix it all

 

(ps - we already did that you should know that you’re a lawyer)

 


My entire point, which you’ve evidently missed, is that we need to rethink the efforts and approach put forth over the last however long. Bad actors keep using asymmetric tactics to attack our country’s elections, infrastructure, etc. I’m sure the responses have been reasonable and proportional and well thought out. I’m saying the response should be less proportional and more punitive.  They should make the crime very not worth it.  That doesn’t have to mean invading or bombing a foreign country, but the US can put a hurting on countries like Russia in a lot of different ways if they insist on harboring criminals that have attacked us.  

  • Like 1
Link to comment
Share on other sites
tshile

tshile

Posted
Posted
1 hour ago, Renegade7 said:

Executive Order on Cybersecurity signed just now, looks like more of a response to supply chain attacks then on critical infrastructure.

 

https://www.washingtonpost.com/national-security/biden-executive-order-cybersecurity/2021/05/12/9269e932-acd5-11eb-acd3-24b44a57093a_story.html

 

 

Preface: without reading all 34 pages it’s probably a bit unfair to comment

but

 

this reads like more bs assessments I have to fill out

 

and don’t get me wrong there’s an advantage in the fact that it can force a company to implement something they otherwise wouldn’t, but in the big picture of stopping targeted attacks on critical infrastructure... *yawn*
 

yeah they stop bull****, drive by, random attacks. 
 

state-sponsored or major, targeted attacks by capable entities?


meh. 

4 minutes ago, The Evil Genius said:

I guess what I am alluding to is this should absolutely be treated as state sponsored since Russia allows DarkSide to operate carte blanche.

Oh. Definitely. 
 

im 100% on board. If Russia didn’t directly have a role, they’re at least guilty of being complicit in allowing it and they won’t do a damn thing about it 

 

remember when trump announced we were partnering with Russia on cyber crime 😂 

 

so I guess we’ll do some sanctions since Biden’s stern call with Putin didn’t seem to go anywhere 🙄

Link to comment
Share on other sites
tshile

tshile

Posted
Posted (edited)
11 minutes ago, PleaseBlitz said:


My entire point, which you’ve evidently missed, is that we need to rethink the efforts and approach put forth over the last however long. Bad actors keep using asymmetric tactics to attack our country’s elections, infrastructure, etc. I’m sure the responses have been reasonable and proportional and well thought out. I’m saying the response should be less proportional and more punitive.  They should make the crime very not worth it.  That doesn’t have to mean invading or bombing a foreign country, but the US can put a hurting on countries like Russia in a lot of different ways if they insist on harboring criminals that have attacked us.  

I guess I’m just dubious of how effective this will be. 
 

im not against doing it. But between our dysfunctional government (isn’t there a poll showing a significant portion of republicans actually like Putin now?) and the fact that I don’t think Russia gives a ****

 

and the fact that I don’t think many of these countries that harbor this give a ****

 

or that even the ones that do, they lack the capability to actually assist...

 

it’s not like we haven’t been trying. It’s all over the news specific to the scene. It’s just not main steam news. 
 

this has been a thing for 10 years.  The guy that was recently the director of cyber whatever (krebbs) made his entire career covering his and I’ve personally read a ton of his work. 
 

yes. Make things more punitive. 
 

im just saying I don’t think the results will be what you are hoping for. 
 

And I can’t say i recall any expert in the field suggesting your ideas as the best way to meaningfully do things. 

Edited by tshile
Link to comment
Share on other sites
PleaseBlitz

PleaseBlitz

Posted
Posted (edited)
6 minutes ago, tshile said:

yes. Make things more punitive. 
 

im just saying I don’t think the results will be what you are hoping for. 
 

And I can’t say i recall any expert in the field suggesting your ideas as the best way to meaningfully do things. 


I don’t see anyone suggesting any other solutions that aren’t already failures. 
 

I believe someone in this thread said the entire system is ****ed and it’s going to take a long time to un-**** it but if you can come up with the answer you can write a white paper on it and never work another day in your life. That doesn’t sound promising. 

Edited by PleaseBlitz
Link to comment
Share on other sites
tshile

tshile

Posted
Posted (edited)
1 minute ago, PleaseBlitz said:


I don’t see anyone suggesting any other solutions that aren’t already failures. 
 

I believe someone in this thread said the entire system is ****ed and it’s going to take a long time to un-**** it but if you can come up with the answer you can write a white paper on it and never work another day in your life. 


Yup. 
 

Good luck with your idea. We’ll all be better off if it works. 
 

(I’m recognizing the realities of the situation )

Edited by tshile
  • Like 1
Link to comment
Share on other sites
Renegade7

Renegade7

Posted
Posted
13 minutes ago, PleaseBlitz said:


I don’t see anyone suggesting any other solutions that aren’t already failures. 
 

I believe someone in this thread said the entire system is ****ed and it’s going to take a long time to un-**** it but if you can come up with the answer you can write a white paper on it and never work another day in your life. That doesn’t sound promising. 

 

We never tried nuclear treaty type agreements concerning cyberweapons from nation states.

 

I recommend a movie like Zero Days for part of the reason this is so hard, it grew from the espionage community, who likes to deny stuff exists before agreeing to stop.

  • Like 1
Link to comment
Share on other sites
CousinsCowgirl84

CousinsCowgirl84

Posted
Posted
3 hours ago, tshile said:

and I still think banning insurance and making a few companies crumble because they didn’t take it seriously enough is needed. 

 

have you considered the negative impacts of this? 
 

Additionally, unless you make people personally responsible I don’t think it will make a huge difference. Seems unfair to allow a company with several hundred employees go under and those employees  loose their job because Jim got phished.....

 

1 minute ago, Renegade7 said:

 

We never tried nuclear treaty type agreements concerning cyberweapons from nation states.

 

I recommend a movie like Zero Days for part of the reason this is so hard, it grew from the espionage community, who likes to deny stuff exists before agreeing to stop.


That’s because an agreement is only as good as the people who make it. Russia kills people and pretends it wasn’t them, I’m not trusting them to not attack us on them internets.

 

Mitigation if the consequences of getting hacked has got to be the best strategy, anything else I think is just attrition.

Link to comment
Share on other sites
Renegade7

Renegade7

Posted
Posted

@CousinsCowgirl84

 

Underestimating how badly infiltrated some networks already are.  We are talking about a couple different things here, because yes, its complex.

 

The executive order targeted supply chain hacks like SolarWinds, not what happened to this pipeline. What happened to the pipeline is not the same as how deeply we've ingrained ourselves in Iran's networks in case we go to war and want to shut down their country.  That we need to be on the same page about, we shouldn't be doing that, and hard to have this convo unless we stop doing that.

 

Specific to the pipeline attack, I need to see what vulnerability was exploited by the ransomeware.  If its not a zero day and they jus got lazy patching the billing system, they are an ideal candidate for being taken to the woodshed with fines from the government at minimum.

Link to comment
Share on other sites
tshile

tshile

Posted
Posted (edited)
15 minutes ago, CousinsCowgirl84 said:

have you considered the negative impacts of this? 
 

Additionally, unless you make people personally responsible I don’t think it will make a huge difference. Seems unfair to allow a company with several hundred employees go under and those employees  loose their job because Jim got phished.....


yes I have. 
 

I’ve also worked personally with a lot of decision makers and am very familiar with how many people make decisions on this

 

and I’m confident if they start seeing companies go under, and people placed in jail for not taking the responsibility to safeguard the data they make money off of, and security will quickly rise up the list of priorities. 
 

And presumably the company otherwise existed because there was a market for it. Just because they get shut down for being reckless in the pursuit of money, doesn’t mean a bunch of people are out fo work permanently. They’ll find new jobs at competing companies - ones that watch this company go down and start taking it more seriously 

 

we have allowed business owners to skate by with an insurance premium add-on and saying “oh shucks” while they make money collecting and holding data of other people and then giving them “credit monitoring”. 
 

is it any wonder it’s a hard sell to get people to invest in safe guarding the data they collect to make money?

 

seems pretty ****ing obvious to me. 
 

we gave them a cheap out. They took it. Why is that surprising?

Edited by tshile
  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...