As for repercussions, notice they indicated "fear of the United States and its planning of offensive cyber operations". We don't hear a lot about US offensive operations. Maybe they're ongoing but they don't get a lot of press. If that's the case maybe the need more for deterrence purposes. Does anyone have any visibility?<p>Also, notice they did not mention any concern the FSB would invite them for tea, pay respects to their families, or any other ... imperial entanglements. This says a world about their standing in Russia, whether tolerated, encouraged or some other arrangement.
This is an interesting topic because BM claims to have a moral compass and is only interested in targeting wealth not impacting humans. Let me ask the question: “if companies paid for in-house security professionals competitive with what one might imagine BM pays, would people still choose the grey work?”. I presume in a dichotomy between clearly unethical and ethical, it’s easy for many to choose ethical. But when you add a grey option, it certainly changes things since I imagine most people are ethically grey. Let’s assume what BM is doing is effectively legal in the country where they operate.
>Moreover, LockBit encrypts the first 256 kb of the file (which is pretty bad from the point of view of cryptographic strength). We, on the other hand, encrypt 1 MB. Essentially, that’s the secret to their speed.<p>So I can just pad all my valuable data by 1MB?
reminds me of the Bin Laden interview(s) before 9/11, specifically the one with Robert Fisk where Bin Laden was saying he was going to start attacking America<p><a href="https://www.bbc.co.uk/programmes/w3csvtth" rel="nofollow">https://www.bbc.co.uk/programmes/w3csvtth</a><p><a href="https://www.cbsnews.com/pictures/osama-bin-laden-tora-bora/" rel="nofollow">https://www.cbsnews.com/pictures/osama-bin-laden-tora-bora/</a>
> it was seeking to recruit partners and claiming that it combined the features of notorious groups like REvil and DarkSide<p>I wonder if they have leetcode style interviews :)
I feel like giving criminals a platform like this is wrong.<p>I'm all for reformed criminals giving interviews in the context of what they did being wrong, but this is an interview about how they're getting better at their crimes.<p>Regardless of how easy it might be given security practices, these are crimes, and they are crimes for a reason: they cause damage. Their impact is felt beyond the ransom money paid, it's felt by employees who may be put in terrible positions as their work is held ransom and who might pay up personally to avoid problems at work, it's felt by customers of these companies who end up with higher prices, it's felt by countries as their output is hit. The fact that this "industry" is getting more "professional" does not change the fact that it's harmful. They don't deserve the publicity and attention that this sort of platforming provides them.
There's an elephant in this room and its name is <i>ethics.</i><p>When I was a mainframe programmer at IBM, one of they first things they taught us was how to stop the processor of a System/370 machine. If you can do that, ladies and gentlemen, you can bring down Bank of America, the US Army, the Social Security Administration, etc. So everyone there knew how to be a "black hat" hacker if we wanted to.<p>Was there money to be made in that? Surely. More money than IBM ever paid anyone! But the reason neither I nor any of my colleagues would ever dream of using our skills to hurt people is that last part of the sentence: <i>it hurts people</i>.<p>Yes, IBM did some awful stuff from helping Nazis to keeping apartheid alive in South Africa (over employee objections while I was there), but overall, the "corporation" provided valuable goods and services to real people who had to slog on in real jobs every day to get the world's real work done.<p>Oil companies are in the same boat. The world runs on oil and some ransomware attacks aren't going to change that. The idea that terrorism (and black hat hacking is absolutely a form of terrorism) is a useful way to change corporate behavior is so ill-informed that it's pathetic.<p>When asked about taking a "white hat" approach and selling legal pen testing (or even PTaaS), these developers declined saying they probably couldn't monetize their skills at the same level that way.<p>Well, I say, too <i>effin'</i> bad. If everyone optimizes solely for himself, there will be no one left. It's appalling to me that criminal organizations now recruit, have price lists, and get PR placement. These people and their products (and their communication channels) need to be turned off ASAP for everyone else's sanity and self-preservation.
This is free advertising for criminals.<p>Correction: this is free advertising for criminals _actively looking to recruit associates to assist them in committing crimes_, and helps them commit crime.<p>Don't upvote "Weapons Smuggling, Inc. (YC21) is hiring a coordination specialist for EMEA operations"
I find myself puzzled by organizations like these. Let's say they do not attack infrastructure or other critical services, and only leech off huge companies.<p>I cannot argue against it?