This doesn’t surprise me. I work for a company that hires a substantial headcount from TCS, probably one of their biggest clients, and the quality of the work is astonishingly bad.
I’d recommend avoiding at all costs but we all know these companies are brought in by non-technical people.
> In 3 of 4 calls, the service desk reset passwords and re-enrolled MFA with zero resistance. The caller simply gave a name – no validation, no callback, no check. On the 4th call, the attacker requested access to a privileged group. The TCS agent asked for an employee ID. The ID given didn’t even match our company’s format; and yet, the access was granted anyway.
In a proper capitalistic system, those who build low quality e-commerce services, including hackable ones, should go out of business and replace more competent companies. This includes buying services from bad suppliers.
This Reddit post hints that many shortcuts were taken, security not taken seriously when they should have, and now they reap what they sow.
There has been no reaping. MKS shares were largely unimpacted (despite this costing at least £300m). Management have tried to deflect, said this was a highly sophisticated attack, said that other firms had been hacked but just didn't report it, endless amounts of lying.
The reality is that decreasing costs is a far easier lever to pull than increasing revenue so managers will be heavily incentivised to do this if you give them profit-based incentives. This happens every few years with listed companies in the UK now, no-one ever changes their behaviour (retail, in particular, is ground zero for bluffers in the UK, managers are exceptionally bad, and even worse are comp committees that set targets that cannot be achieved without damaging long-term value).
There is no efficient market here. It is as simple as managers understanding the world we now live in, and that is unlikely because all these companies view IT as a cost and their managers are people who rotate through executive roles and politics despite leaving a flaming wreck in their wake. Things will stay the same.
> In a proper capitalistic system, those who build low quality e-commerce services, including hackable ones, should go out of business
If the impact is large enough, they do.
This not a case where binary thinking works for most situations, though. The costs associated with the attack will hurt them by damaging their balance sheets a little bit, taking capital away from more productive opportunities, and distracting their employees from more fruitful tasks.
There’s always a public thirst for immediate blood in these situations, but the damage is more subtle and manifests more as opportunity cost than a sudden collapse of the company. The demand for sudden stock market collapse of companies is ironic, given all of the criticisms thrown at companies for putting too much emphasis on short term stock results.
They do. Security is about risk management. It’s all very actuarial. If the damages from an attack are severe enough (ie. a company makes it go bankrupt), that’s capitalism working.
"proper capitalist system" aka fantasy capitalism, an utopic capitalism that lacks operations/tasks where deceiving is cheaper than doing things correctly, yes I am one of those that don't believe that such thing is compatible with human nature.
That's a very naive view of capitalism, there is nothing inherently preventing companies from being negligent in infosec no matter how "proper" that system is. Also wouldn't defunding the ICO make it more proper?
A friend of mine is senior management at one of these companies. His life has been a real nightmare trying to get things back on track - there are so many interconnected systems that they needed to get back up 'clean' and running just to get their normal business running, let alone the online side. And he's not even directly responsible for any of this, but it's all so embedded in a modern retail business that if something like this happens it's your problem to deal with to a degree. The stress caused by this sort of thing is immense.
How is it not the responsibility of senior management at a major retailer to ensure an exploit at a vendor can't take the whole house of cards down?
Many other major enterprise clients out there are all over vendor security/compliance ... auditing and reauditing vendors to minimise chance of this happening or worst-case, if does happen, containing it and recoverying quickly
Crazy how young all these cyber criminals are. When I was their age, the peak of my criminal career was scoring booze by lying about my age. I wish they shared a little bit on what cyberattacks they were conducting.
It’s also unclear if this was everyone, or just who they caught. It’s not unknown for hacking groups to position the youngest (least experienced, most desperate for recognition) people in the most vulnerable positions.
A kid can break all the windows in your house, smash in your door, set your house, car, bike, clothing on fire. I guess all those things are bad
I'm not saying the system wasn't poorly implemented but, society doesn't work when people abuse everything either. Maybe that just means we're doomed but most of society works because people don't go around smashing and/or taking everything they possibly can.
Young people have little fear of repercussion as they cant really fathom the consequences. Either they learn from this misadventure or go on being a career criminal. All of this depends on their home lives.
This simply isn’t true. Yes, teenagers are morons by the standard of a well adjusted 30 year old, but they’re more than capable of understanding consequences for their actions.
I hate to sound like my parents/grandparents but I absolutely knew that causing millions of pounds of damage and attempting to blackmail a major corporation could have huge negative consequences for people and myself at 17.
But it is very well understood and accepted that teenage - especially male prefrontal cortexes don't fully develop until mid 20s.
I'm sure they knew it could have major consequences, but when your risk taking pedal (limbic system) pedal is pushed to the floor all the time and your risk avoidance brakes (prefrontal cortex) is not fully developed that all goes out of the window, not unlike being intoxicated.
For example, I shudder to think how aggressively I drove when I first got a car - and I was very sensible compared to many people I knew! I hadn't actually drove for a couple of decades since I was an adolescent until very recently and I had to rent a car for something, but it was absolutely startling to me my frame of mind vs the last time I drove. All I can remember back then that driving was extremely fun and the more windy the road the better, this time all I could see was loads of giant risks.
Now if you compare this to the whole population, if you have a segment of it that are much more risk seeking either through genetics or environmental reasons, you can see the problem.
You can see this in all kinds of statistics at a societal level - crime, accidents, addiction risk. It is all much higher in these age ranges (and especially skewed towards males).
I don't think we should just dismiss good science like this "because I knew better". It has always been a very grave societal issue that has tended to be ignored or downplayed.
Obviously this doesn't give people carte blanche to do what they want - I'm not saying that. But hopefully societal views will catch up a bit with society and we can actually do something about it.
> Young people have little fear of repercussion as they cant really fathom the consequences.
> But it is very well understood and accepted that teenage - especially male prefrontal cortexes don't fully develop until mid 20s.
Your statement here does not mean that the statement I quoted above is true. Just because biology predisposes one to doing stupid shit does not mean young people are incapable of understanding consequences and repercussions. The fact that most of us here never went out to cause millions of pounds of damage is testament to that.
I don't understand why clarifying young folks are capable of understanding consequences and repercussions, but will underperform at doing so for a myriad of reasons, including real physical differences in brain structure, should be this contentious.
Because we’re talking in the context of young people who executed a multi-stage criminal enterprise causing millions of pounds of damage, harming multiple companies and their customers, AND TRIED TO EXTORT THE CEO FOR PROFIT.
This is not “behavioural immaturity” associated with an underdeveloped prefrontal cortex!
Actually, this is exactly what underdeveloped prefrontal cortex looks like at scale. You're describing sophisticated technical execution combined with catastrophically poor judgment.
They bragged about it to the BBC as well. This is not a clever strategy to not get caught. Neither is not immediately fleeing to another jurisdiction than the very one you committed the crimes in.
This is what happens when you have extremely smart kids with high risk-taking tolerance. If they weren't as intellectually gifted, they might be driving a souped up 15 year old Golf like a maniac round country roads - but because they have these technical capabilities, their poor judgment scales up to cause millions in damage instead of just getting themselves arrested with a few grams.
There are some statements that, though reasonable in isolation, are almost always heard from people teeing up a really bad opinion.
For example, if someone says "I'm not racist, but" I'm already rolling my eyes before they've even said what they're about to say.
Similarly, when some people hear "prefrontal cortexes don't fully develop until" they start rolling their eyes pre-emptively at the infantilising, anti-personal-responsibility take that usually follows. Even if it didn't, in your case.
Maybe I didn't phrase that quite right. I knew a kid who was caught by the FBI carding at just 14. He was totally aware of what he was doing but did not comprehend the severity of his crimes. Like I remember him just casually dismissing it as some cute prank. Apparently he was arrested, had his computer confiscated, then banned from using the Internet or a computer. I only heard that through others who knew him personally so who knows but I never saw him online after that incident (irc/icq/aim days.)
So with that story, some teenagers don't or can't comprehend the severity of their crimes or the trial and punishment that ensues. To them it's just a dumb credit card company write off and a free laptop or whatever.
I'll admit, I used to push limits. Used to do silly things with misfit friends. Got into a little incident where we pissed off some dudes, one who had a gun (no one shot but man having one pointed at you is scary AF.) Learned real fast not to do stupid "funny shit" that was really just jerk behavior. We never expected to have a gun pointed at us.
That's what teenagers do, they push limits without thinking because they're rebellious. Looking to carve out their independence. Sometimes, they learn the hard way. That's just life.
>I hate to sound like my parents/grandparents but I absolutely knew that causing millions of pounds of damage and attempting to blackmail a major corporation could have huge negative consequences for people and myself at 17.
Sure but not all do. If you look at murders, most of them are in 15-24 range in United States so them being 17, 19 and 20 tracks with what you expect.
The probability they'll try to teach you to obey the law instead of locking you in a cell for life is significantly higher when you're 17 than when you're 35. Even better if you're 13, though.
I’m a bit torn on that, honestly. Were this an embarrassing hack like the ones I read about as a teenager, I’d agree. However, they caused millions of pounds of damage to multiple companies (and their customers) and attempted to blackmail the CEO for profit.
I’d be amazed, and I think the public would be outraged, if they got a slap on the wrist for this.
Not sure I'd agree. I'm sure most people reading here at HN had some computer-related incident as a teenager that made them realize there could be real consequences goofing around with a computer. And I would guess of those that did, most heeded that warning.
I guess I’d expect them to be in a country where it’d be difficult to be apprehended and extradited. Being in the UK seems like a stupid move to me, but what do I know!
Was it a professional operation? Says they were 17. Some people playing around with their Commodore 64 except it's connected to the internet and a pretty big company.
Let's not pretend these kids were trying to hack the Gibson just for the lulz. Calling into help desk, requesting password resets with social engineering, getting into network, installing ransomware is all well beyond playing around. I know there are smart teens, but I would not be surprised to find out there is someone more experienced in the background that got the kids going if not even on behalf of.
There are plenty of teens selling dope, stealing cars, breaking into homes, yet nobody thinks they're just knuckleheads playing around. Why do we think because "but on a computer" makes it different?
Cybercrime is usually international, cross-border, because (1) it's all online anyways, and so it's approximately equally difficult from any country, and (2) to disincentivize your own local law enforcement from getting involved.
Apparently they pretended to be an employee and the help desk reset the password for them. Once in the door, active directory imploded as usual, with full access they encrypted everything and demanded ransome.
Reminds me of Maersk. They had poor endpoint hygiene and no EDR. In 2017 about 90% of their infrastructure was wiped in less than one minute. They had to reinstall a lot of things due to backups weren't up to par. Usually level 1 merchants (> 6 million transactions per year) are put on an audit and improvement plan if this occurs. In the UK, there could be an investigation and penalty from the ICO for the data breach.
> They had to reinstall a lot of things due to backups weren't up to par.
"After a frantic search that entailed calling hundreds of IT admins in data centers around the world, Maersk’s desperate administrators finally found one lone surviving domain controller in a remote office—in Ghana. At some point before NotPetya struck, a blackout had knocked the Ghanaian machine offline, and the computer remained disconnected from the network. It thus contained the singular known copy of the company’s domain controller data left untouched by the malware—all thanks to a power outage... So the Maidenhead operation arranged for a kind of relay race: One staffer from the Ghana office flew to Nigeria to meet another Maersk employee in the airport to hand off the very precious hard drive. That staffer then boarded the six-and-a-half-hour flight to Heathrow, carrying the keystone of Maersk’s entire recovery process."
Cyber crime does not exist. Only deficient systems intentionally designed to be exploited exist. if you want your “cyber infrastructure” to not be attacked, dont make it vulnerable. All tech is artificial, not of nature.
Require software to be developed by licensed engineers. no more offshoring. no more importing of cheap labor. make tech corps pay instead of acruing mass wealth. Make the corps pay when the vulnerabilities they put in it are exploited.
Theft does not exist. Only deficient windows intentionally designed to be breakable exist. if you want your "personal possessions" to not be taken, dont make them vulnerable. <etc>
Yes, the companies involved should take some responsibility for terrible security practice (though I'm sure they wish this had never happened!) but victim-blaming doesn't justify crime.
This stinks of foreign sponsorship. I can see how they could pull off the social engineering but being able to work their way around a foreign system like they did - no way.
Active directory has become an invaluable tool for ransome gangs, it not only gives them effortless root access on every system, but also documents the company structure so you can focus your resources. This isn't sophisticated at all.
Related Reddit thread : https://www.reddit.com/r/cybersecurity/s/LXb88TKC4M
This doesn’t surprise me. I work for a company that hires a substantial headcount from TCS, probably one of their biggest clients, and the quality of the work is astonishingly bad.
I’d recommend avoiding at all costs but we all know these companies are brought in by non-technical people.
+1 from first hand experience with TCS
> In 3 of 4 calls, the service desk reset passwords and re-enrolled MFA with zero resistance. The caller simply gave a name – no validation, no callback, no check. On the 4th call, the attacker requested access to a privileged group. The TCS agent asked for an employee ID. The ID given didn’t even match our company’s format; and yet, the access was granted anyway.
Yikes
In a proper capitalistic system, those who build low quality e-commerce services, including hackable ones, should go out of business and replace more competent companies. This includes buying services from bad suppliers.
This Reddit post hints that many shortcuts were taken, security not taken seriously when they should have, and now they reap what they sow.
There has been no reaping. MKS shares were largely unimpacted (despite this costing at least £300m). Management have tried to deflect, said this was a highly sophisticated attack, said that other firms had been hacked but just didn't report it, endless amounts of lying.
The reality is that decreasing costs is a far easier lever to pull than increasing revenue so managers will be heavily incentivised to do this if you give them profit-based incentives. This happens every few years with listed companies in the UK now, no-one ever changes their behaviour (retail, in particular, is ground zero for bluffers in the UK, managers are exceptionally bad, and even worse are comp committees that set targets that cannot be achieved without damaging long-term value).
There is no efficient market here. It is as simple as managers understanding the world we now live in, and that is unlikely because all these companies view IT as a cost and their managers are people who rotate through executive roles and politics despite leaving a flaming wreck in their wake. Things will stay the same.
> In a proper capitalistic system, those who build low quality e-commerce services, including hackable ones, should go out of business
If the impact is large enough, they do.
This not a case where binary thinking works for most situations, though. The costs associated with the attack will hurt them by damaging their balance sheets a little bit, taking capital away from more productive opportunities, and distracting their employees from more fruitful tasks.
There’s always a public thirst for immediate blood in these situations, but the damage is more subtle and manifests more as opportunity cost than a sudden collapse of the company. The demand for sudden stock market collapse of companies is ironic, given all of the criticisms thrown at companies for putting too much emphasis on short term stock results.
"go out of business and replace more competent companies"
... be replaced by more competent companies
They do. Security is about risk management. It’s all very actuarial. If the damages from an attack are severe enough (ie. a company makes it go bankrupt), that’s capitalism working.
"proper capitalist system" aka fantasy capitalism, an utopic capitalism that lacks operations/tasks where deceiving is cheaper than doing things correctly, yes I am one of those that don't believe that such thing is compatible with human nature.
That's a very naive view of capitalism, there is nothing inherently preventing companies from being negligent in infosec no matter how "proper" that system is. Also wouldn't defunding the ICO make it more proper?
In capitalism-as-explained-by-capitalists, that would happen. In actual capitalism, it would not.
A friend of mine is senior management at one of these companies. His life has been a real nightmare trying to get things back on track - there are so many interconnected systems that they needed to get back up 'clean' and running just to get their normal business running, let alone the online side. And he's not even directly responsible for any of this, but it's all so embedded in a modern retail business that if something like this happens it's your problem to deal with to a degree. The stress caused by this sort of thing is immense.
>it's your problem to deal with to a degree
How is it not the responsibility of senior management at a major retailer to ensure an exploit at a vendor can't take the whole house of cards down?
Many other major enterprise clients out there are all over vendor security/compliance ... auditing and reauditing vendors to minimise chance of this happening or worst-case, if does happen, containing it and recoverying quickly
The focus will be on these teenagers but the real story is one of security negligence by these companies.
Crazy how young all these cyber criminals are. When I was their age, the peak of my criminal career was scoring booze by lying about my age. I wish they shared a little bit on what cyberattacks they were conducting.
How bad your system be if it can be hacked by a kid?
3/4 of them were over 18. The other was 17.
It’s also unclear if this was everyone, or just who they caught. It’s not unknown for hacking groups to position the youngest (least experienced, most desperate for recognition) people in the most vulnerable positions.
A kid can break all the windows in your house, smash in your door, set your house, car, bike, clothing on fire. I guess all those things are bad
I'm not saying the system wasn't poorly implemented but, society doesn't work when people abuse everything either. Maybe that just means we're doomed but most of society works because people don't go around smashing and/or taking everything they possibly can.
[dead]
I suspect that it is related to the M&S and Co-op attacks. https://www.bbc.co.uk/news/articles/cwykgrv374eo
Young people have little fear of repercussion as they cant really fathom the consequences. Either they learn from this misadventure or go on being a career criminal. All of this depends on their home lives.
This simply isn’t true. Yes, teenagers are morons by the standard of a well adjusted 30 year old, but they’re more than capable of understanding consequences for their actions.
I hate to sound like my parents/grandparents but I absolutely knew that causing millions of pounds of damage and attempting to blackmail a major corporation could have huge negative consequences for people and myself at 17.
But it is very well understood and accepted that teenage - especially male prefrontal cortexes don't fully develop until mid 20s.
I'm sure they knew it could have major consequences, but when your risk taking pedal (limbic system) pedal is pushed to the floor all the time and your risk avoidance brakes (prefrontal cortex) is not fully developed that all goes out of the window, not unlike being intoxicated.
For example, I shudder to think how aggressively I drove when I first got a car - and I was very sensible compared to many people I knew! I hadn't actually drove for a couple of decades since I was an adolescent until very recently and I had to rent a car for something, but it was absolutely startling to me my frame of mind vs the last time I drove. All I can remember back then that driving was extremely fun and the more windy the road the better, this time all I could see was loads of giant risks.
Now if you compare this to the whole population, if you have a segment of it that are much more risk seeking either through genetics or environmental reasons, you can see the problem.
You can see this in all kinds of statistics at a societal level - crime, accidents, addiction risk. It is all much higher in these age ranges (and especially skewed towards males).
I don't think we should just dismiss good science like this "because I knew better". It has always been a very grave societal issue that has tended to be ignored or downplayed.
Obviously this doesn't give people carte blanche to do what they want - I'm not saying that. But hopefully societal views will catch up a bit with society and we can actually do something about it.
> Young people have little fear of repercussion as they cant really fathom the consequences.
> But it is very well understood and accepted that teenage - especially male prefrontal cortexes don't fully develop until mid 20s.
Your statement here does not mean that the statement I quoted above is true. Just because biology predisposes one to doing stupid shit does not mean young people are incapable of understanding consequences and repercussions. The fact that most of us here never went out to cause millions of pounds of damage is testament to that.
I don't understand why clarifying young folks are capable of understanding consequences and repercussions, but will underperform at doing so for a myriad of reasons, including real physical differences in brain structure, should be this contentious.
Because we’re talking in the context of young people who executed a multi-stage criminal enterprise causing millions of pounds of damage, harming multiple companies and their customers, AND TRIED TO EXTORT THE CEO FOR PROFIT.
This is not “behavioural immaturity” associated with an underdeveloped prefrontal cortex!
Actually, this is exactly what underdeveloped prefrontal cortex looks like at scale. You're describing sophisticated technical execution combined with catastrophically poor judgment.
They bragged about it to the BBC as well. This is not a clever strategy to not get caught. Neither is not immediately fleeing to another jurisdiction than the very one you committed the crimes in.
This is what happens when you have extremely smart kids with high risk-taking tolerance. If they weren't as intellectually gifted, they might be driving a souped up 15 year old Golf like a maniac round country roads - but because they have these technical capabilities, their poor judgment scales up to cause millions in damage instead of just getting themselves arrested with a few grams.
There are some statements that, though reasonable in isolation, are almost always heard from people teeing up a really bad opinion.
For example, if someone says "I'm not racist, but" I'm already rolling my eyes before they've even said what they're about to say.
Similarly, when some people hear "prefrontal cortexes don't fully develop until" they start rolling their eyes pre-emptively at the infantilising, anti-personal-responsibility take that usually follows. Even if it didn't, in your case.
Maybe I didn't phrase that quite right. I knew a kid who was caught by the FBI carding at just 14. He was totally aware of what he was doing but did not comprehend the severity of his crimes. Like I remember him just casually dismissing it as some cute prank. Apparently he was arrested, had his computer confiscated, then banned from using the Internet or a computer. I only heard that through others who knew him personally so who knows but I never saw him online after that incident (irc/icq/aim days.)
So with that story, some teenagers don't or can't comprehend the severity of their crimes or the trial and punishment that ensues. To them it's just a dumb credit card company write off and a free laptop or whatever.
I'll admit, I used to push limits. Used to do silly things with misfit friends. Got into a little incident where we pissed off some dudes, one who had a gun (no one shot but man having one pointed at you is scary AF.) Learned real fast not to do stupid "funny shit" that was really just jerk behavior. We never expected to have a gun pointed at us.
That's what teenagers do, they push limits without thinking because they're rebellious. Looking to carve out their independence. Sometimes, they learn the hard way. That's just life.
>I hate to sound like my parents/grandparents but I absolutely knew that causing millions of pounds of damage and attempting to blackmail a major corporation could have huge negative consequences for people and myself at 17.
Sure but not all do. If you look at murders, most of them are in 15-24 range in United States so them being 17, 19 and 20 tracks with what you expect.
And yet most 15-24 year olds are not committing murder, this sentence:
> Young people have little fear of repercussion as they cant really fathom the consequences.
is not true.
The probability they'll try to teach you to obey the law instead of locking you in a cell for life is significantly higher when you're 17 than when you're 35. Even better if you're 13, though.
I’m a bit torn on that, honestly. Were this an embarrassing hack like the ones I read about as a teenager, I’d agree. However, they caused millions of pounds of damage to multiple companies (and their customers) and attempted to blackmail the CEO for profit.
I’d be amazed, and I think the public would be outraged, if they got a slap on the wrist for this.
Not sure I'd agree. I'm sure most people reading here at HN had some computer-related incident as a teenager that made them realize there could be real consequences goofing around with a computer. And I would guess of those that did, most heeded that warning.
Yes, maybe these kids never learnt that lesson, for whatever reason. My point is that you can’t make this general claim:
> Young people have little fear of repercussion as they cant really fathom the consequences.
Clearly, young people can. Maybe these young people couldn’t, but that’s a different claim.
Little information there about them, but I find it kind of surprising that the suspects are even UK based..
You have to buy underwear or prawn sandwiches in the UK to know M&S exists?
Why is that surprising?
I guess I’d expect them to be in a country where it’d be difficult to be apprehended and extradited. Being in the UK seems like a stupid move to me, but what do I know!
Was it a professional operation? Says they were 17. Some people playing around with their Commodore 64 except it's connected to the internet and a pretty big company.
Let's not pretend these kids were trying to hack the Gibson just for the lulz. Calling into help desk, requesting password resets with social engineering, getting into network, installing ransomware is all well beyond playing around. I know there are smart teens, but I would not be surprised to find out there is someone more experienced in the background that got the kids going if not even on behalf of.
There are plenty of teens selling dope, stealing cars, breaking into homes, yet nobody thinks they're just knuckleheads playing around. Why do we think because "but on a computer" makes it different?
Likely an OCG behind them. I wouldn't be surprised to see a defence of exploitation.
Cybercrime is usually international, cross-border, because (1) it's all online anyways, and so it's approximately equally difficult from any country, and (2) to disincentivize your own local law enforcement from getting involved.
Apparently they pretended to be an employee and the help desk reset the password for them. Once in the door, active directory imploded as usual, with full access they encrypted everything and demanded ransome.
Source: https://specopssoft.com/blog/marks-spencer-ransomware-active...
Reminds me of Maersk. They had poor endpoint hygiene and no EDR. In 2017 about 90% of their infrastructure was wiped in less than one minute. They had to reinstall a lot of things due to backups weren't up to par. Usually level 1 merchants (> 6 million transactions per year) are put on an audit and improvement plan if this occurs. In the UK, there could be an investigation and penalty from the ICO for the data breach.
> They had to reinstall a lot of things due to backups weren't up to par.
"After a frantic search that entailed calling hundreds of IT admins in data centers around the world, Maersk’s desperate administrators finally found one lone surviving domain controller in a remote office—in Ghana. At some point before NotPetya struck, a blackout had knocked the Ghanaian machine offline, and the computer remained disconnected from the network. It thus contained the singular known copy of the company’s domain controller data left untouched by the malware—all thanks to a power outage... So the Maidenhead operation arranged for a kind of relay race: One staffer from the Ghana office flew to Nigeria to meet another Maersk employee in the airport to hand off the very precious hard drive. That staffer then boarded the six-and-a-half-hour flight to Heathrow, carrying the keystone of Maersk’s entire recovery process."
https://www.wired.com/story/notpetya-cyberattack-ukraine-rus...
Evil Tor used are blocked. Can't read site.
I only read sites that are written in Rust, and I can't load this one either.
Can someone post a String Literal for us, please?
Omg rust is so fast. Did you know that?
edit: wow, fun is cancelled for today it seems
[dead]
Cyber crime does not exist. Only deficient systems intentionally designed to be exploited exist. if you want your “cyber infrastructure” to not be attacked, dont make it vulnerable. All tech is artificial, not of nature.
Require software to be developed by licensed engineers. no more offshoring. no more importing of cheap labor. make tech corps pay instead of acruing mass wealth. Make the corps pay when the vulnerabilities they put in it are exploited.
Theft does not exist. Only deficient windows intentionally designed to be breakable exist. if you want your "personal possessions" to not be taken, dont make them vulnerable. <etc>
Yes, the companies involved should take some responsibility for terrible security practice (though I'm sure they wish this had never happened!) but victim-blaming doesn't justify crime.
More like if the store had the information of every customer sitting there for anyone to take. yes, theyre responsible for their negligence.
When you know its going to happen, and then it happens because you did nothing - yeah, its your fault.
This stinks of foreign sponsorship. I can see how they could pull off the social engineering but being able to work their way around a foreign system like they did - no way.
Active directory has become an invaluable tool for ransome gangs, it not only gives them effortless root access on every system, but also documents the company structure so you can focus your resources. This isn't sophisticated at all.