Has the war started here?

Just another lack in security... I worked for a small company a couple years ago and 1st thing I said was "that's all you have to do to get into the servers?" They were confident security was fine, has been for years... 3 months later - ransomeware attach and they were very lucky the source code was backed up offline but 3 terabytes of historical data and the setup files to create an executable version of the software were zapped.
 
Mellow said:
Just another lack in security... I worked for a small company a couple years ago and 1st thing I said was "that's all you have to do to get into the servers?" They were confident security was fine, has been for years... 3 months later - ransomeware attach and they were very lucky the source code was backed up offline but 3 terabytes of historical data and the setup files to create an executable version of the software were zapped.
Click to expand...
My son was a cyber security analyst for the AF. The stuff that goes on blows my mind.
 
One of the insurers I did work for got held for ransom last year, cost them a pretty penny I understand. You would think a sophisticated company would have adequate safeguards. Not sure if it was lack of adequate security as per Mellow's example, or if the hackers were just that good. Neither is a palatable option.
 
I cannot count the times a client has said to me that "we're not spending big $$ on something that MIGHT happen". Just crazy. The sheer volume of attacks (most of them unsophisticated) is mind boggling....I always point out that it just takes 1 successful attack to wreck you, folks get mad. I had a VP at a client DARE me to break into their laptop. I sat at their desk, looked at their pictures, then asked what their dogs name was...."nugget" was their password...for everything. It is just that easy.
 
Weaselinsuit said:
One of the insurers I did work for got held for ransom last year, cost them a pretty penny I understand. You would think a sophisticated company would have adequate safeguards. Not sure if it was lack of adequate security as per Mellow's example, or if the hackers were just that good. Neither is a palatable option.
Click to expand...
In the case I commented on.. the offending file was placed on a lap top where the virus software wasn't updated and it propagated to the servers and sat there for over a year before it executed, pretty sneaky.. paying the ransom isn't a good solution because they could come back asking for more or take the money and run... not sure if ransom keys are every provided if the ransom is paid.
 
Weaselinsuit said:
Not sure if it was lack of adequate security as per Mellow's example, or if the hackers were just that good.
Click to expand...
Everybody including banks, government, financial institutions, insurance companies, employers, etc., all promise that our data is safe and secure as they use the most sophisticated up-to-date encrypted blah, blah, blah, ......
This is no different than when things were secured by physical means. No matter how good the security someone will find a way to breach it. The difference with this is that it is all done remotely from far away locations so the risk to the offenders is pretty close to nil, unlike the physical world where there was of a natural restraint to attempting to breach a secure facility due to the fear of the possibility that you might get your head shot off during the attempt.

Any security measure that can be implemented can be subverted with enough time and effort. Our data is safe, until it isn't.
 
GhenghisKen said:
I sat at their desk, looked at their pictures, then asked what their dogs name was...."nugget" was their password...for everything. It is just that easy.
Click to expand...
This reminds of something that is worth mentioning. While perusing the internet we have all come across these surveys that promise some small reward for answering the survey. They include questions like what is the name of your dog, what year did you graduate, etc.. They all seem to be rather generic questions that don't seem to be of a particularly dangerous nature. In reality many of these surveys are harvesting information that people often use in their passwords such as pet names, Father's birthday, year of high school graduation, etc.. A little while later you might discover that your bank account has been hacked. Don't ever answer any online surveys, no matter who they are from or what useless trinket they offer you for participating.
 
Better than inflicting the death penalty is holding CEOs etc responsible for not using adequate security measures for protecting their and our data. There have been tons of data breaches and we find out about them months or more likely years later.

Hacking for data and ransomeware won't just go away on their own. There's a data breach and when we're finally notified we get a year of credit monitoring for free. There is no accountability. Corporations amass data and become targets for hacking or ransomeware. Suddenly no one but the criminal has any culpability. I'm "victim" blaming and rightly so. Failure to implement countermeasures should come at a price.
 
When I was in the AF (92-96) myself and a good friend sat down to see how many of our coworkers passwords we could figure out. We were able to get most of them. All the typical passwords. I get it I hate having to come up with new passwords. An IT guy gave me a simple thought process for creating them though. Say for your Home Depot account you would make it something like 2x4sforHouse, he said to relate it to the website. I started this and it seems to work for me. I'll also use dates, but they are never birthdays, anniversaries or the such.
 
Andrew Shadow said:
This reminds of something that is worth mentioning. While perusing the internet we have all come across these surveys that promise some small reward for answering the survey. They include questions like what is the name of your dog, what year did you graduate, etc.. They all seem to be rather generic questions that don't seem to be of a particularly dangerous nature. In reality many of these surveys are harvesting information that people often use in their passwords such as pet names, Father's birthday, year of high school graduation, etc.. A little while later you might discover that your bank account has been hacked. Don't ever answer any online surveys, no matter who they are from or what useless trinket they offer you for participating.
Click to expand...

This is something I remind my wife about, constantly. Prize or no, "this looks cute." She chooses to remain as non-techie as she can, while still enjoying some of the cool things her smart phone lets her do.

The black hat / white hat hackers are much the same as coders who create computer and phone viruses, while they and the anti-virus companies leap-frog the other and exchange temporary advantages.

Everything anyone ever does will ultimately boil down to the two greatest motivators for human behavior, namely, fear and greed.
 
According to a 2024 PLOS ONE study, a small number of countries are responsible for the majority of cybercrime, with Russia at the top of the list:
Russia, Ukraine, China, United States, Nigeria, Romania, and United Kingdom.

Again please tell me why we give money to Ukraine?
 
Al st1100 said:
According to a 2024 PLOS ONE study, a small number of countries are responsible for the majority of cybercrime, with Russia at the top of the list:
Russia, Ukraine, China, United States, Nigeria, Romania, and United Kingdom.

Again please tell me why we give money to Ukraine?
Click to expand...
I would disagree with you there, you left out China, India, Pakistan, Bangladesh and Thailand
 
Al st1100 said:
Again please tell me why we give money to Ukraine?
Click to expand...

For the back story on this, simply consider the plight of Julian Assange. Think what you will of his actions, but he also exposed the hawks in the USA (and elsewhere) who benefit from these "endless wars."

Iraq, Afghanistan and Ukraine have more in common than meets the eye.

Anyway, it's "only money", and the government can always print more of it. Rough count, around $185 billion of "the government's money" to date, disappearing into Ukraine.
 
They hacked the company I work for several years ago. Worldwide. Wanted a half a billion ransom, CEO said bite me....took us several weeks to get back going thanks to some old servers. Worldwide IDK the ending damage. Since then we have separated all process control from the net and are working on single point access for other applications.
 
Al st1100 said:
According to a 2024 PLOS ONE study, a small number of countries are responsible for the majority of cybercrime, with Russia at the top of the list:
Russia, Ukraine, China, United States, Nigeria, Romania, and United Kingdom.

Again please tell me why we give money to Ukraine?
Click to expand...
Don't forget N Korea, they pulled of the biggest heist ever and I mean ever, billions $$$ in cyber currency! Its not getting better any time soon, state actors are incredibly determined and why wouldn't they be the rewards are huge
 
Last edited:
We live in an era now where you could go home one night and without even leaving your living room, find yourself bankrupt the next morning. The scams, online gambling, everything that gets into our social media accounts, is far more pervasive than the risks [and I used to wake up downtown with my pants down around my ankles and not remember where I'd been] we used to take... Maybe I should have left that part out...
 
You must log in or register to reply here.
Back
Top Bottom