I always wondered how you do paperwork for something like this. It must be a nightmare from an accountant perspective. What is the bill code for "blackmail" when you file the income tax and you write a 6 figure expense. In the end your cash has to balance out, you cannot not declare it. Anybody with experience in something like this?
That's absolutely insane! Even after paying the ransom, how could they be sure noone were still sitting on the keys? Assuming it's code signing keys, it sounds incredibly irresponsible to not (force) update all devices anyways.<p>Is really the only thing protecting the safety of those devices the promise of a blackmailer to not abuse the private keys they were sitting on?<p>... makes me wonder what else we don't know about all the other vendors...
I can fully see how this could happen. Too many companies don't understand the value of keys like this, and won't until they have a similar situation.<p>I wonder how exactly the criminals came to have them in the first place, but would be willing to bet it was ultimately incompetence by someone at Nokia.
Wow, that's rough. Not much you can do against a vulnerability that'll destroy the trust of your entire customer base. A DDOS is one thing but I probably would have paid the millions in this case.
> Had it done so anyone could then have written additional code for Symbian including possible malware which would have been indistinguishable from the legitimate part of the software.<p>Like a rootkit then ? It's a classic case of robbing the mob, as in 'the people who actually own the phone you think you've bought'.
I'm trying to imagine this happening to someone like Red Hat.<p>BM: "We have the keys to your software repos give us money or we leak."
RH: "Here's a tarball of the sources it make your life easier, knock yourselves out! Maybe we'll even get some new developers!"<p>Obviously there are reason's why companies choose to keep their software closed source, but sometimes I wonder.