These stories often have a part in them that makes me think about how it's somehow surreal that there's some person who goes to work in the morning and does something that looks and feels almost exactly like what most of us here do all day, except that the whole thing is part of an (explicitly) parasitic criminal enterprise.
Every B2C startup I have ever worked at has basically put a non-trivial component of their "product" efforts into finding some clever way to screw over customers and feel good about it at the same time. I've had YC startup teams describe fairly horrific ways of monetizing user data with a gleeful smile on their face ("It is really in the user's best interest!")
I've listened to interviews with phone scammers before and basically their worldview is that they're ripping off some first-world asshole who would be just as happy to destroy the scammers own country if it could make the cost of consumer goods slightly lower.
I suspect working for a ransomware company would at least mean you don't have to pretend the awful things you are doing are for the greater good, and I suspect also contains a bit of the phone scammer view that the people you are attacking are ultimately your enemy as well.
It's far more surreal when I've had to check into work, plan all day how to rip-off or exploit users without losing them, and then be cheerful about what a great customer focused team we are.
> It's far more surreal when I've had to check into work, plan all day how to rip-off or exploit users without losing them, and then be cheerful about what a great customer focused team we are.
That hits home.
I remember an interview with a ransomware-as-a-service business owner. He was pretty upfront with having grown up in severe poverty and being empathically impaired. Somehow when a greedy person is honest about it it makes it better for me. I feel like I know what to expect of him. It's the self-labeled good people who think that means justify the ends that make my alarm bells ring.
>Somehow when a greedy person is honest about it it makes it better for me. I feel like I know what to expect of him. It's the self-labeled good people who think that means justify the ends that make my alarm bells ring.
Old phrase: The road to hell is paved with good intentions.
“Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience.”
I also suspect that we don't need to look at history to see the backing proof. The SJW religion is very much what this quote is talking about and it's never been more relevant about the tyranny of the preachers of that religion as they mob anyone who disagrees.
The point is that "actual" tyrannical robbers are bad - and there's no denying that... but so are those who are worse in the name of "good".
> The SJW religion
> but so are those who are worse in the name of "good".
And how exactly is the "sjw religion" worse in the name of good? I get it. You don't like people calling you out if you do shitty things. But that doesn't make it worse than robber barons. Or even in the same ballpark.
"how is the sjw religion worse in the name of good" years of violent protests? Millions... billions?... of damage done? People killed?
Or do you agree that peoples lives should be destroyed if they do something you disagree with? Mobs of people calling the friends, family, work places, etc of someone who dares do something you disagree with?
I personally know someone who works in a rescue... someone got a bug in their butt that she did something "wrong". She's been hounded for weeks by The Righteous who have the Holy Word that she did "wrong" - no matter the nuances about what happened.
You can ignore the violence, the mobs, the hounding and the overall shitty attitudes of the SJW Religous... but they are literally the modern day Crusaders who have The Holy Decree to destroy the Heathens.
You want to know how SJWs are worse in the name of good? Open your eyes and look at all the "worse" done on a daily basis. I could list dozens or hundreds of publicly available examples but if you can't ALREADY see them without me pointing them out?
We can agree that C.S. Lewis' quote is not a scientific theory, but that doesn't make it incorrect.
For example, to the extent that the various Communist regimes fall under this descriptor, C.S. Lewis may have a point.
Are you dismissing this out of some logical-positivist impulse, because you reject the idea that well-intentioned groups can behave tyrannically, or because you don't think anybody acts with good intentions?
I read the comment as saying that actual robber barons are worse than busy bodies.
Take the oil and gas industry for example. They have known for 40+ years that they cause global climate change while disavowing it publicly and funding fake scientists and interest groups to spread FUD about it. I think the effects of global climate change will be at least an order of magnitude worse than well intentioned busy bodies. Climate change doesn't sleep.
(You could easily say the same about the tobacco industry, advertising monopolies, social networking websites, etc.)
I'm not sure I follow your opinion on the quote... I don't see the oil/gas companies as "tyrannical" entities. Nor would I personally apply this to companies from tobacco to Google...
"they have known about climate change" and those who know about it also have said we'll be dead in 1980... 1990... the seas will rise a dozen feet in 2000 and the snowcaps will be gone in 2010. If the "tyrannical" companies are wrong...
If you want to go that route that Oil Companies are Robber Barons... that would make the GCC doomsayers the "good" guys who are as bad on the other end - and have no problem being as bad with their lies and happy about it because it matches their conscience.
what does that say about the doomsayers? Exxon knew? When did the doomsayers know that their predictions were bunk? They are the "omnipotent moral busybodies" who have no care that all of their predictions are wrong and the damage - past, present and future - of their lies? Who cares because they are "Saving the Planet"...
> basically their worldview is that they're ripping off some first-world asshole who would be just as happy to destroy the scammers own country if it could make the cost of consumer goods slightly lower.
I happened to watch "The Battle of Algiers" last night and the scammers' sentiments reflect what the FLN commander Ben M'Hidi (insurgent/freedom-fighter depending on who you ask) had to say in response to questions about the civilian death toll:
Journalist: M. Ben M'Hidi, don't you think it's a bit cowardly to use women's baskets and handbags to carry explosive devices that kill so many innocent people?
Ben M'Hidi: And doesn't it seem to you even more cowardly to drop napalm bombs on defenseless villages, so that there are a thousand times more innocent victims? Of course, if we had your airplanes it would be a lot easier for us. Give us your bombers, and you can have our baskets.
I must mention here that I am not taking any ideological sides, and firmly believe that killing of innocent civilians, by any party whatsoever is plain wrong.
I suppose in any battle, ideological or otherwise, the actors involved come to justify their tactics as being in service of a greater, grander goal which also, at least in their minds, allows them to subvert responsibility and accountability.
Even Hitler and Stalin thought they were the good guys.
That doesn't mean one can't make moral judgments about which side is more or less evil, just that it's hard to be impartial., and in the end of the day, like in politics, it depends on what your values are.
>That doesn't mean one can't make moral judgments about which side is more or less evil, just that it's hard to be impartial
one would think it would be easy - just compare counts of innocents killed by each side. Unfortunately that would frequently make a "good"(winning) side look like a bad side and so they force other and more complicated criteria like this:
> one would think it would be easy - just compare counts of innocents killed by each side.
It would also be a very flawed measurement unless you count the innocents the "evildoers" wanted to kill. The difference between what Hitler achieved (and that's already horrible) and what he wanted to achieve is rather big.
> It's far more surreal when I've had to check into work, plan all day how to rip-off or exploit users without losing them, and then be cheerful about what a great customer focused team we are.
I suspect this hits home for a ton of people and applies to many people who don't (or are unwilling?) to realize.
I used to work for a company where their whole deal to make money was convince old people to enter their credit card and make them forget they ever entered it. Of course, I did not know this when I joined. I stayed for about 6 months I think.
TBH this seems like such a weirdly pessimistic take to me.
I mean, on one hand, I fully understand that many startups begin by offering a free or very low cost service and then have to figure out how to monetize, but I don't really see that as "screwing over the user", I see that as ensuring the business is a going concern. Even as a user, when I see that a business is transitioning from "everything is free and great" stage to "now we need to make money stage", I either leave or decide it's worth it, but I'm not really mad about that.
Furthermore, there are lots of startup services that I use, love and pay for, and I don't feel like I'm getting screwed over.
You’re talking about the thinks you know as a customer. Things like selling your data or the other things they do with it are often not disclosed. Did Facebook tell you that it wanted to learn how to make you or your children addicted to it in order to monetize your engagement?
It's not just startups, we live in a scam economy. There's a few companies that make good stuff, but they are rare.
Just an example, in 2017 I bought a fairly expensive, brand-new GM truck. It was manufactured in Mexico. I've bought GM stuff before but they were made in Texas. I'm sure it was a cost saving measure. I recently sold it after 4 years and 14k miles. Dead battery needed to be replaced, the transmission was hosed, and I took a bath on it. It's known as the "Chevy shake." There's a big class action suit that I believe was dismissed. We bailed them out in 2008 and they started making absolute dog shit. I'll never buy a GM truck again.
Most home appliances are also garbage and will only last you 5 years or so, if that. My elderly mother is paying for 2 ovens. The first one stopped working before it was even paid off. Her current one won't heat consistently and she constantly complains about it.
The LG OLED TV I bought a few years ago has YouTube burned into the screen. I won't reward them with another purchase. My "commercial grade" grill's wheel rusted off after a couple of years because it wasn't treated and had cheap metal. I have the broken, detached wheel on the ground under it, sideways so the thing won't constantly rock back and forth.
Planned obsolescence that almost killed many US industries 40 years ago is back in full force and will have predictable results.
> Last week, security firm Emsisoft warned that this feature is often buggy and could lead to situations where the ransomware permanently destroys the victim’s files. The Babuk Locker team responded a few days later in a hacking forum post that they fixed this bug.
Basically "thanks for the report, should be fixed now". Such a normal workflow
Like the election interference. I keep imagining a small company of 50 employees punching in their time clock, grabbing coffee, then dedicating the rest of their day to ruining the elections of another country.
I think this train of thought might be headed towards what Hannah Arendt described as the "banality of evil"[1].
An average person with a mundane office job that happens to be for e.g. a certain government agency (to stay with the example), indirectly causing all kinds of mayhem elsewhere that is largely beyond their comprehension, simply because it's all neatly abstracted away from them.
At least on wallstreet, early on I noticed, sometimes people simply lose awareness (social interaction play's critical role) and end up doing illegal things, without knowing it, some end up in jail.
I think if person ends up in amoral/illegal group, eventually he will end up doing amoral/illegal/unethical things, there is no guard except to avoid such groups proactively.
There's a big company of over a million employees that has done this for decades, it's called the United States military and Intelligence Community. Iran, all of South America, etc.
I have a friend in Makedonya who wrote fake news articles im support of Donald Trump for two years. The best she could have made as a journalist was €350-€450 per month. This is a nation where the average salary is €250/month and senior software engineers make maybe €1000-€1500. MKD’s biggest export is people because of their economy.
Writing these articles she made €5000 per month. It was a life changing amount of money.
Now she owns a 4-plex downtown and another 2 airbnb units. She has lifted her family into the middle-class thanks to this. Her employer profited millions; and they did no worse than the usa does to many other countries on a daily basis.
Honestly, I have a hard time even resenting your friend. Maybe she was especially good at her job, but most of what I saw from that industry was laughably bad. You'd have to be a complete moron to be taken in by it.
That tens of millions were had more to do with the fact that we'd been doing it to ourselves for decades than with your friend's additions to it. Oh, certainly she made everything a tiny bit worse, but I don't have any anger to spare on top of the deep enmity I feel for the people who teed up the situation in which she worked.
I have a sneaking suspicion that if your friend (and her coworkers) did something less despicable for a living it would not have made much difference. People right here carefully cultivated that environment of hatred and gullibility that your friend helped exploit. They're the real problems -- and they're still doing it.
From afar I loved the Donald! Wrecking the wreckers!!
For the rest of the world he was a much better choice than HC. She would have been dropping bombs, and using murderous robots just as Obama did. Much rather the USA is rulled by a selfish clown than some one who cares to use the horrendous weapons the USA has so many of.
I can't blame other countries for cheering for the destruction of the United States from within, but keep in mind that power vacuums are quickly filled, and the next guy might be even worse.
Both sides? What do you mean 'both'? Presumably there are considerably more than two sides -- I'd expect that many countries are interfering in many other countries elections.
They distinguish between humans and enterprises. They may not want to scam people, because it may ruin their karma, but there is nothing wrong to mess with companies, after all it's just a cost of doing business for them. And if you look even deeper we always had such parasitic criminal enterprises that use IP laws to ransom others.
...there's some person who goes to work in the morning and does something that looks and feels almost exactly like what most of us here do all day...
For a moment, I thought you were talking about the police informants themselves.
Not that I'm fond of cybercriminals but it's somewhat ironic to see one sort of infiltration of an enterprise (say, informants at a drug dealing operation) threatened by another sort of infiltration of an enterprise (criminals spear fishing the police). Not all police informant program are problematic but plenty are imo and moreover, the need for police informants more or less comes from things like the drug war, which allow permanent criminal enterprises which need to be put permanently under siege.
I remember vividly HN cheering attempts to doxx Parler users. Some misguided members of the public even volunteered info to LE agencies. This is what happens when people feel and consequently think they can and ought to have a right to rat out other fellow citizens. I don't see the difference here.
Funny, I had the same thought when I was in my teens and couldn't ever imagined it until Simpsons did an episode [1] on this where Homer got his dream job at Globex and the CEO/Company is the dream boss - provided a fully paid for house, flexible hours, great pay, beautiful company town, easy going colleagues, CEO that trusts you, etc.
It was only halfway through the episode you realise that Hank Scorpio is the stereotypical james bond villian and everyone working for him (including homer) was helping him in his diabolical schemes! But you wouldn't know it if Homer didn't re-sign from his job while Hank was battling Bond. :)
It’s a business. This happens because people keep paying the hackers. If federal law prevented you from being able to give into blackmail demands like this, it would happen 90% less often
Its a bit of a stretch but I think there's a bit of distance in the idea that criminal gangs are a bit like corporations for people whose parents didn't support them through college.
Really more like small nation like entities. They provide services, welfare, have taxes, rules on the use of violence, solve disputes, have wars... and occasionally overrun the area government and actually run things.
Organized crime gets to levels where it is essentially a competing government with an equally competitive consent of the governed.
There's seldom such a thing as a nation-state that didn't start from organized crime. America started off as a smuggler gang called the Sons of Liberty, for example.
That's why they have to be paranoid about gangs: they're embryonic states
Sometime it's possible for me to at least understand the rationalization they must be going through (e.g. "stealing from rich people is okay they still have plenty, while I have nothing and was born poor", "Not cool but they will get past it and maybe I'm doing them a favor teaching them a life lesson, look at that security if it's not me it will be someone else", ...). It's both reassuring because it shows that in the majority of the time people still have a conscience, and frightening because sometimes there are no rationalization possible and it's purely a sociopathic/evil enterprise.
For a bunch of scams and the like, you could also go with "westerners got rich by pillaging and colonizing my country; this is just recapturing a piece of what they've stolen"
There are better examples out there than porn companies. And mindgeek is probably the porn company which monetizes the highest amount of their traffic through legitimate offers (paysites) instead of straight-up scams.
I don't know. A social worker processing disability claims from what I understand isn't being paid well and I don't think could be described as stealing anything, if anything they give more than they get.
Please correct me on this but from what I can gather ransomware is a direct consequence of cryptocurrency. US Federal law enforcement has quite a lot of control over traditional banking and trying to extort the amount of money from a public agency would traditionally call for Federal Intervention. If so it seems like there is a good case to be made for a direct fine placed on the ledger used for payment in order to compensate for the damages.
No, money will always be used for crime as long as money and crime exists. People invent new crimes, People invent new money. Crime is the problem, not the money.
I would argue that money that can be used in this context is extremely valuable, as it is beyond the state.
This is a very awful situation, and I feel for the victims, but the existence of cryptocurrency is not the problem, any more than cryptography is the problem wrt ransomware.
Tech can be used in many forms. Use it properly. Find and bring those to justice that do not. Don't blame the tools.
Your argument ignores whether or not the technology makes the crime significantly more likely.
Technology comes with negative externalities.
The cryptocurrency world needs to accept that it does have negative externalities, and show that the benefits outweigh them, rather than pretending that they don't exist.
Yes, and it's pretty clear that computing as a whole comes with a huge amount of downsides (hacking, revenge porn, video game addiction, etc). It's also pretty clear that the overall benefits outweigh the downsides.
I'm personally not convinced that the upsides of cryptocurrencies outweigh the downsides.
I was surprised it wasn’t classified as some kind of counterfeiting scam tbh. When you mine crypto you are pretty much printing money. Sure yeah it takes proof of work/storage/stake ect but so does counterfeiting. The philosophical differences are kind of vague.
Crypto does not pretend to be dollars, so no it's not counterfeiting any more than the X foreign government printing Y non-USD currency is counterfeiting.
Yes? That's precisely the argument the parent poster was making -- technology (both computing and cryptocurrency and everything else) comes with both upsides and downsides.
In the case of general purpose computing, the upsides are obvious and massive. Whereas it's much, much less clear that the upsides of cryptocurrencies outweigh their downsides.
Governments and banks can't touch your money or see what you're doing unless they get your keys. What other reasons do you need?
We don't need anyone's permission or blessing either. We want our freedom back and society's gonna have to accept this. If that means more crime, energy consumption or whatever -- so be it.
Sure, you could say the onus is on the people who use cryptocurrency for more than just crime or speculation to give proof about these uses, but for most detractors it'll never be enough, and for these users the benefits outweigh these negatives (or else they wouldn't be using crypto to begin with) so it's all an exercise in futility except maybe to convince any neutral bystanders one way or the other.
If I say cash and banks get used by the vast majority of organized crime I'd be factually correct, but I'd also be accused of whataboutism. In a world without crypto I'd be seriously hampered by an unfair economic system, so to me personally the pros outweigh the cons, but it'd be anecdotal evidence. Hope you see what I'm trying to get at.
Whether or not a technology's pros outweigh its cons is some appropriately weighted average across all the people that it affects. The person who gets hit by crypto-enabled ransomware likely feels differently from you.
I also think there is some moral weight to particular benefits. Dealing with unfair economic systems is definitely a "better" benefit (for some definition of good) than those people whose benefits are currency speculation or ransomware.
Yet, very rarely do we hear about cryptocurrency being used for anything but speculation and crime. In fact, those are the only two proven usecases for cryptocurrency. Money you can at least use to buy stuff, so it has a marked positive impact on the society.
Speculation is a huge use case. Bitcoin will never be practical for day to day transactions but it may be for a settlement layer - certainly Ethereum is proving that out right now. A few minute settlement time is a huge advantage over what clearing houses offer. The immutability of the block chain somewhat less so, but if you introduce third party trust and can settle things off chain in case of a dispute, well, I for once do see a practical use of crypto beyond black market transactions and speculation.
Deflationary currencies encourage savings. The more the deflation the more the savings. Inflationary currency encourages consumerism. The more the inflation the more rapid spending. Each have their pluses and minuses.
The USD is an inflationary currency and Bitcoin is a deflationary currency. Right now Bitcoin is extremely deflationary and so there is extreme savings, but that is not sustainable indefinitely. Whether it becomes more popular to spend Bitcoin after the value levels out remains to be seen, but deflationary Bitcoin will always tend to encourage savings more than inflationary competitors like the USD.
Yes which now stands at $37 on average which is probably more than you what you bought at the gas station. Ethereum fees are very high too. There are other currencies that are better with this. But currently my credit card does this at a fee of ~3% instantly.
I'm curious where the $37 number comes from? I just did a quick search and came up with $13.64 for a "high priority" transaction (higher than normal fee to get included in a block sooner)[0]. It's still high, but not $37 high.
Of course the "average" might be more bytes than buying a pack of gum but the argument still holds that the transaction costs are prohibitive for general commerce.
The average transaction cost is baked into sticker prices, so at the end of the day, it's the buyer who pays the transaction costs. It's like saying 'the merchant pays rent' - yes, in a way, but really no. The customers pay the rent for the merchant via mark-ups.
However, there are a number of benefits; for one, average ticket size is about 20% higher for credit transactions vs cash (if I recall correctly) and merchants do not have to hold onto and manage piles of cash. This is a material cost savings.
Further, of that 3%, about 0.1% goes to Visa, the rest goes to the issuing bank and covers the cost of rewards programs and loan origination. Generally speaking between 1 and 2% of that will be rebated to the buyer.
For the remaining 0.9-1.9%, customers get benefits like insurance and the ability to issue chargebacks.
In Europe, debit interchange is capped at 0.2% and credit at 0.3%, and they just don't have insurance or rewards.
As it stands today if you wanted to transact in crypto, not only will you pay the $30 fee, you'll also be paying the mark-up for credit acceptance.
I know how credit cards work. I'm saying that Ethereum fees could be priced in the same way and you'd also never notice them because they'd get aggregated over every purchase. I realize this isn't a realistic scenario, but I think it's ignoring a monopoly type situation to accept that credit cards can price their costs in and other types of transactions cannot.
Not really. Your wait depends on the attached transaction fee and current network conditions. If you cheap out, then yes you have to wait, but it's also entirely avoidable.
That's because cryptocurrencies are typically much better than conventional currencies for speculation and crime. Some "coins" are also usable as standard payment methods, but they're either on-par with conventional banking or just slightly better, not enough to make them the preferred choice for mundane transactions. The stigma also doesn't help.
In a lot of cases I would say that's true. US taxes largely go to funding unnecessary military ventures and preparedness, not actually helping the tax payers
What else does cryptocurrency currently enable to the same degree (or close to) as crime? Speculative investment? We have the stock market for that. Pyramid schemes? Got plenty of thost. Burning through tons of energy for nothing but economic gain? Plenty of that around already. Store of value? Precious metals say hello.
Seriously, I can't think of a single positive use case of crypto currency. So while it can be used for some things, it seems to me that the only concrete use case that is already happening, is crime.
> No, money will always be used for crime as long as money and crime exists.
This seems to fly in the face of the facts. Namely, that ransomware was virtually impossible to conduct before digital currency, due to the traceability of electronic money, and all current ransomware uses cryptocurrency rather than any other form of payment.
And I would argue that the need for crime is the problem. You seem to happily skip this step as if crime is a given. Take away the need for crime, solve the problem.
The answer is to get rid of poverty and unequal opportunities.
I’m not saying it’s easy. But if you’re dissecting a problem, at least present all the pieces.
Also things that can easily be sold off for close to face value, like iTunes gift-cards.
I think the IRS scammers still usually ask for something like that instead of cryptocurrency, because cryptocurrency is a bit too hard for their marks to figure out.
You could outlaw or regulate the mining and use of the coin in a country. It wouldn't be easy to enforce, but you could certainly but the law on the record.
You could increase taxes on cryptocurrency capital gains. Big exchanges would absolutely report those gains to the IRS and you could be on the hook for a bigger bill.
It's not impossible to regulate this stuff. Yes, some folks will figure out ways around the regulations, but you'd catch most tech-unsavvy people just fine.
Laws don't target organized crime. Well organized crime influences the law so it would target regular people and politicians could say they are tough on crime.
Just look at the latest Mark Rober video on Youtube. Criminals can simply ask you to send the money cash in a box, hidden in books or other stuff.
There will always be a way to get illegal cash, ransomware just became much simpler with cryptocurrency. Now that the trend is here to lock your systems for ransom I don't think they will go away with cryptocurrency.
Expand your definition of ransomware to include state actors and you’ll quickly see that the dollar itself, being a global reserve currency controlled by a single government, is used for all sorts of ransom demands.
- In pseudonymous cryptos, mark any address that has been the destination of a ransomware payment or demand as tainted. Any net positive transaction from a tainted source wallet marks the destination wallet as tainted. (I.e. you are obligated to return tainted monies to tainted wallets if they send money to you.)
- Exchanges are forbidden to deal with tainted wallets, or with any exchange that deals with tainted wallets.
While you're at it, I guess you could mark any wallet funded at an exchange that doesn't KYC as tainted as well, to limit the use of crypto for money laundering.
I'm guessing we're going to figure a lot of this stuff out in the next 10-20 years, if the crypto craze doesn't die off naturally during that timeframe.
Basically, in order for a wallet to be "green" it needs to be associated with a real world identity and, if it serves as an exchange, it also needs to follow the policy not to exchange anonymous into pseudonymous. Any wallet that doesn't follow this policy is tainted. At fiat offramps, seize monies sourced from tainted wallets as it's presumptively illegal.
Ah yes, threats and bureaucracy, the go-to tools of the statist. Reminds me, more than anything else, of all the joy sparked worldwide for the better part of the 20th century by the War on Drugs. In your ideal world, is any cash transaction also "presumed guilty" (hah!) of money laundering?
The real fault lies with institutions rushing to half-assedly digitize so now they're wide open to script kiddies, and with enterprise IT providers doing a piss-poor job at doing correct software engineering. And now you're suggesting more savagery like it's some sort of solution to anything at all?
Yeah I mean we have these requirements for banks. They seem to work pretty well for preventing bank system usage in ransomware. So, at least at a glance, I think something in this direction would work.
The war on drugs is bad because it doesn't work, and because drugs cause less harm than fighting them does. It's not an apt comparison to the situation we're talking about.
As far as comparisons go, let's try this on for size.
Which of the following causes more harm in total:
(a) a ransomware gang attacking the computers of a hospital, thus endangering the lives of its patients; or
(b) law-abiding citizens adhering to a historically contingent economic system which leaves millions of people without access to healthcare?
I think it's best to talk about specific things rather than broadening every conversation to encompass the entire economic system and the problems with it. Probably someone wants to have that conversation with you, but that someone isn't me.
There are mechanisms to obfuscate using Bitcoin laundering services or with zksnarks-based transactions (https://zk.money). As much as it would be great to be able to track these funds, I think it will be increasingly impossible.
Ban the exchange of laundered bitcoins and other coins, too. If laundering you non-banned coins gets them banned, your incentive to do so goes way down.
A) Use already clean money in one address to buy a token on uniswap (or any AMM)
B) Use your laundered dirty money in other addresses to pump the token on uniswap (or any AMM)
C) Sell the token from address in A) back into the Uniswap liquidity pool at a massive profit, enjoy the profits and reintegrated money. You look like any trader.
D) Bag hold the token in the address from B) and never think about it again and never worry about trying to cash that out. In addition that address can add to the liquidity pool and provide a service to all other traders indefinitely.
E) Laugh at people that are still imagining how difficult it is to launder money on public ledgers. Blockchain detectives on their wild goose chase looking at the wrong addresses.
Do this all over time, and not immediately pumping a token with the laundered money.
Sure, I’ll probably get more scrutiny after writing this but you won’t. I really hate chilled speech and people having dumb ideas because the should-be-obvious reality is never talked about. The point is that the trader behavior is indistinguishable from others, and there are no financial intermediaries on permissionless AMMs to flag anything.
This isn’t that different from regular (non-blockchain) money laundering. You can pick your favorite illiquid penny stock, pump it up to 10 cents, and arrange to pick up the profit on the other end. You’ll be up against various people betting against you and, if you use Uniswap between reasonably liquid tokens, you’ll also be up against arbitrageurs. With Ethereum you can, in principle, arrange to atomically pump a liquidity pool and take the profit, but doing so makes it really obvious what’s going on. And, with Ethereum, all the creative sleuths can see what’s going on and can analyze the data and find you.
(This style of intentionally introducing a pricing error and arbitraging it yourself happens for real and is not always particularly profitable. You can read about the foreign exchange fixing antitrust shenanigans. Some traders thought they were being very clever, and, according to Matt Levine, made relatively small amounts of money and ended up getting seriously smacked down. The feds and the courts may be slow, but they’re not dumb.)
This all seems very abstract, but, when you try to spend what you think were carefully laundered ransomware gains on a nice beach in France or Florida and Interpol or the FBI arrests you, the resulting trial and prison time will be considerably less abstract. :)
The outputs are easy to track. The issue you have is someone running an exchange over seas that won't co-operate. Also, as others have said, it isn't as if there were no online scams before 2015.
Sounds like those exchanges are going to have devalued bitcoins then. Due to the traceability of bitcoin, I wouldn't be surprised if receiving coin from blacklisted addresses and then not removing it becomes something that gets your wallet blacklisted from mainstream exchanges under money laundering regs.
therecord.media get's a lot of attention now on HN presumably because it's new and Catalin joined them.
It's not a big deal, but I think it needs to be pointed out (especially to the audience outside the US) that they are CIA funded. They should be more transparent about this.
they're obviously a threat-intel company first. So create something that generates value (that receives the funding) and then set up a company blog that poses as a "legitimate journalistic outfit without an agenda". Final step is to produce only quality content 98% of the time and the 2% of times when you should be critical to your own side turn a blind eye. Classic playbook for all propaganda operations (regardless if they're US/RU/CN/whatevs).
the tragedy of all cyber reporting is that there can be no neutral party. the moment you need to call out your own camp you'll lose support/protection and legitimacy to exist (e.g. imagine Bellingcat being vocal of anything that happens within FVEY. Unthinkable!)
all of the reports are pretty tame in comparison with what they could uncover in war zones that involve the US. Taking a swing at US LEA is hardly something to write home about. Until they give me scoops at an equal magnitude say something that shows US black sites still in operation, or another Abu Ghraib or something about Gitmo? Nobody really cares about US racist cops - that's stuff that is anyway covered by WaPo & NYT.
Give me something of the same magnitude that got exposed by Manning, Snowden or Assange and I will be happy to believe that they are "neutral". But oh wait - they'd be in exile or dead. So my point stands.
Nah. Not interested in playing your game. You stated X, I showed X was incorrect. Now you're moving the goalposts, which was fully expected.
One of the strongest messages the US sends abroad is that the 1st amendment is sacrosanct. Highlighting law enforcement violently suppressing that is extremely damaging to America's reputation.
I'm not playing any game. the goal post is not to compare apples with oranges. if the position is that Bellingcat (which markets itself as a citizen journalist type of outfit) is independent as they claim then they should be measured as such.
Nobody is moving any goalposts. Your assertion that they are independent but also are unable to highlight crimes committed by the US then they are simply not independent.
FWIW I'm not highlighting any side being bad or good but that the claim of independence needs to be viewed in relation to their alliances.
As far as I can see: Bellingcat is laundromat for Mossad, after WikiLeaks became laundromat for Russian intelligence.
They still are a citizen journalist type of outfit, they don't take direct funding from government orgs. But they have to suspect some of their anonymous analysis contributors are working with a state agenda and resources.
As a result, Bellingcat unlikely to go after Israelis in Gaza, but more likely to go after ISIS terrorists, Syria, Russia. WikiLeaks more likely to focus on US politics and NATO, than to look at Putin's finances or Russian banks.
But then all of advanced journalism becomes murkey, as you can be independant, while only looking at what your anonymous sources give you. Is NYT or WP independant when it runs an article on national security by the CIA or DoD for censorship, and securing those future juicy leads?
wait, so what is the inference here with Bellingcat? that they are funded by CIA / gov.ru? and that they tell mostly the truth, but willfully withhold certain things detrimental to their financial masters?
no. what is insinuated is Bellingcat enjoy connections with GCHQ & MI6. Eliot Higgins is close to the British IC, gives talks at Atlantic Council and trades info with them.
Bellingcat (despite the great work they do IMHO) certainly does not get Russian passport details simply by hacking or by asking some "corrupt" Russians working for the state for help. So you can probably trust most of what they say but not how they get their info or that they are simply a "hacktivist / citizen jorno" outfit (they'd be dead since long time if that would be all)
At least until I've seen them uncover something as big as Skripal or the MH17 (within the FVEY) I wouldn't believe their claims of being "independent". Which will never happen because you don't bite the hand that feeds. Anyone playing in that league will not survive very long (quite literally) unless they get security benefits needed (which requires affiliation).
There doesn't have to be a conspiracy. That protection comes at a cost of bias (it's not required when everyone around you and most importantly yourself believes you're part of the good guys).
I too found the "corrupt officials" hard to believe, but there's a surprising amount of evidence for it. In general the Russian government has a surprisingly middling level of control over society compared to somewhere like China. Other Russian news orgs also buy personal data, try looking at Meduza for example.
Part of one of their rounds of funding included investment in 2010 by In-Q-Tel, the CIA's investment arm. They are one of numerous investors, which includes Google. They are not receiving ongoing funding.
A private equity firm bought them two years ago for $780 million.
The reason that CIA contact at any point is significant is that, unlike an ordinary investment house, US intelligence agencies as a matter of course act to keep their activity secret. It stands to reason that this implies that any visible CIA involvement would indicate much invisible involvement by The Agency - and various ex-CIA agents who've gone public have basically confirmed this.
So getting funding from the CIA really is different from other thing - possibly. But the situation of all this not being known and being officially concealed produces a lot of paradoxes.
>> The deal essentially buys out earlier investors, which included GV (Google’s venture arm), In-Q-Tel (the CIA’s venture arm), IA Ventures, Balderton Capital, Mass Mutual Ventures and others — and gives them a healthy return in the process.
I’m surprised that top-level comments aren’t interested in the escalation of ransomware threats. From holding data of individuals hostage under threat of erasure to corp targets to threatening human life at hospitals and now directly dangling a threat of violence against police informants.
This is easily the most vicious threat that I’ve seen.
Perhaps because those involved in computer security don't see any end in sight. It's widely acknowledged that there is no such thing as perfect computer security, if someone wants to get in bad enough they will. Zero-days will always exist. Every single app running on a computer that accesses the internet is an attack route, as are all the companies associated with the computer and software and all the people associated with all of those (via social engineering, bribery, threats). Stopping attackers from getting into computers, especially consumer computers (and many consumers have critical jobs at companies, in governments, etc.) is not possible in total it seems. And once they are in they can steal files, expose them, and encrypt them, or control the computers and data on them (for blackmail or other reasons). So expect it to get worse. It's been on that path for a while and nothing has stopped it yet. Even the CIA has had files outed. Without a solution expect the USA Congress to be blackmailed, chemical plants to explode, all financial dealings to be revealed, unless the ransom is paid. What is there to stop it from happening? I expect it to get much worse before it gets better, mainly because it has only been getting worse and no solutions are in sight. Passing a law that makes paying ransoms illegal is not going to work when the alternative is lots of people dying or big dents in economies. And we can not easily send military strike teams or drones into other countries to attack back, without inviting even bigger conflicts. An offensive cyber posture would also mean you have to find out who attacked you, not always possible. And militaries are set up to fight a single enemy, or a few enemies, not hundreds of thousands of enemies.
It has indeed been amazing to watch how little discussion there has been about this as it keeps getting worse. Some people are writing warnings, especially those who are the ones who are supposed to be doing something about it. That seems to be a common tactic these days, if you are responsible for solving a problem print a warning, then when the problem manifests say "I warned you". Many problems have been ignored for decades this way.
It's the police who are really dangling the threat of violence. If we're not ok with those threats becoming public, we should not have police make those threats
Let's be honest. Until the government (federal, state, and local) gets deadly serious about cyber crime this will keep happening.
There's so much waste in Washington D.C. for them to have no ability to do anything about this stuff makes me think there's way too much corruption in our government. Until that's rooted out and qualified people put into the important decision-making roles, may we simply hope things don't get too bad before they start getting better.
Does seem a bit nuts that they had a document sitting around containing informant identities. Seems like the kind of thing you’d never store in plain text (or not store at all!)
I continue to be amazed that the people writing ransom aren't brought to justice. I'm not talking about the small time ones that want a few thousand. There have any multi-million dollar payments.
Can thse be taking in payments (even bitcoin) that with enormous legal effort can't be tracked down? Even if they are in Russia or some place that won't prosecute them, they can make life hard by putting out international warrants for their arrest. So big companies just don't care enough to try to get them prosecuted?
Also it should be considered an illegal payment, extortion at least. This feels like an actual real job for international crime fighting.
Is it possible for organizations to buy ransomware insurance? It is very difficult to avoid paying the ransom when people's lives are in jeopardy. I can imagine hospitals would be interested in purchasing such insurance as well.
It's amazing to me how brazen the ransomware scene has become. The fact that they are now going after law enforcement agencies shows extreme confidence in their ability to evade prosecution.
And I know the DC police force doesn't have global jurisdiction to root out cyber attackers, but the 3 letter agencies that do have this jurisdiction may view ransomware in a different light after this attack.
North Korea conducts low-level cybercrime to fill the state's coffers and geopolitics. They are like vikings; raiding an enemy and stealing all they can while they're there to keep the lights on. Hackers from Russia or China are higher up on the hierarchy of needs and attack targets for geopolitical advantage.
>Just because someone is hacking from Russia doesn't mean they are working for the FSB, or are doing it for non-commercial reasons.
That's why the reply a few comments up the chain said "These type of ransom seems to be state backed or at least tolerated."
"At least tolerated" part means that the hackers are doing it for their own purposes or for money, but not under command or employment from foreign federal agencies. Foreign federal agencies simply tolerate those hackers by looking the other way, since no skin off their backs for some ransom payments taken from some US entities.
What I am responding to in the grandparent post is:
> Hackers from Russia or China are higher up on the hierarchy of needs and attack targets for geopolitical advantage.
That is a completely different claim from what you are talking about. The throwaway account claims that foreign hackers are all political agents. (Which is an incredibly broad generalization to make about an entire country, that strips its residents of their agency, and would require extraordinary amounts of evidence to support.) Your statement does not support that interpretation - it argues that they are economic agents that are tolerated/encouraged/whatever by the political apparatus.
Your claim is compatible with mine. The throwaway account's, on the other hand, isn't.
The group demanding the ransom can freely set their price. Surely if they know an insurance company is on the hook for it then they’ll add a few zeroes accordingly, making it impossible to underwrite.
Most ransomware groups just want the money; they don't particularly want to inflict damage on their target. If their demand falls within policy limits, then they will very likely get payed. If their demand exceeds policy limits, then the target needs to make a much more active decision about weather or not to pay. Combined with the fact that exceeding the insurance limit likely puts you into a realm where you are asking for a some large enough to be a significant challenge (otherwise they wouldn't have bothered with insurance), and you are now reducing the likelyhood of getting a payout.
I would expect the net result of this would be that groups raise their demands to match what (they think) the policy limit is.
From what I understand, ransomware insurance is already a thing. With the policy you get someone who negotiates the price and pays the ransom directly to the ransomware gang, which bypasses some laws against paying ransomware directly.
In theory, this helps with lower prices, negotiated support policies with the ransomware criminals to ensure the decryption process goes well, and they keep cryptocurrency available so the policy holding company doesn't have to scramble to get millions of dollars in crypto in a day or two.
Similar to kidnapping negotiators, ransomware negotiators often have the experience to produce a better outcome
It would work by the "insurance" paying off established ransom groups in advance. Protection rackets aren't exactly a new invention. Wether it can work or not is entirely hinging on the uncertainty of just how fragmented the ransomware industry really is. Is it actually just one loose federation or are multiple ecosystems existing in parallel? Do they perhaps informally agree on virtual turfs?
There was an article or discussion I believe I read on HN that discussed how kidnapping and ransom insurance reduced violent outcomes and made dealing with the kidnappers more predictable.
True, but what has made kidnapping mostly disappear is laws that make it illegal to pay a ransom. That makes it impossible to ask for help (as the police are more likely to find out) raising the ransom, and thus the total paid much less.
Nothing is perfect, but when there is no money in the crime there is much less crime. (Don't confuse less with zero!)
Sure, but GP was asking about how insurance might work. Also, I'd thinnk making lowering ransoms (by making it illegal or other means) works only if it's paired with a low probability of the kidnappers being able to enjoy the proceeds.
Kidnap, ransom & extortion insurance have been around for a while. I imagine that whatever solution those industries employ would work here. I'm also curious what that looks like, though.
Here's how I imagine it: The policy would insure up to a certain dollar amount, say $20 million, and pay directly to the insured in the event of an attack. If the ransom demand is $50 million, the insured can either pay the remaining $30 million on their own or use the $20 million to begin to repair the damage to their systems.
My company was attacked relatively recently and our local servers were all encrypted. All we had to do was contact our insurance provider and they handled the investigation and negotiations with the group. A day or two later and our files were back.
One aspect is that a bunch of ransomware actors are on US sanctions list, so paying money to them - for whatever reason - is a felony i.e. "funding terrorism" even if you don't know at the time who is behind them.
The ransomware industry is actually in the midst of a big shift. As ransomware becomes more prevalent, ransomware insurance providers are charging more and paying out less.
A lot of companies either can no longer afford the insurance, or else it has become expensive enough that it doesn't make any sense to purchase.
Though exposing police informants could lead to their death and obviously shouldn't happen, I'm fairly curious why they're tracking the "MOST VIOLENT PERSON MVP."
If those folders are containing evidence, they are possibly criminally unorganized and you would still expect "hate crimes" to contain a comparable amount of video. Not KB to GB difference.
On a serious note, I would expect that street beefs (especially ones that spill over to rap diss tracks) are responsible for the largest percentage of urban homicides.
They should assume it's all compromised and has all _already_ been shared with their worst enemies, and everyone else.
Undercover agents should be extracted or wrap up things where they are under the assumption of being exposed.
Informants should be notified, and possibly given witness protection (by a more competent agency) if they are at risk.
Training and re-training for everyone involved on proper digital hygiene. Also get qualified staff and create a process that avoids compressible elements where possible. E.G. Text files are so much nicer for security, automation, and long term archive.
It is strange that they keep files on police informants. In my country it certainly does not work this way. Every police officer has his own informants and nobody knows who they are apart from him.
Taking f*ck the p0lice to another level quite literally. That said. It's ironic that law enforcement can't even protect your identity or PII should you risk your life to become an informant.
Private corps when faced with a data breach under GDPR laws are made to pay for their slip ups. LE under the same circumstances have a special pass under the guise of national security. And the cost is your life in the worst case scenario
Makes me angry and sad that this "virus" of ransomware is still so prevalent even thought there is a "vaccine" - in the form of standard cybersecurity practices. But I never hear about anyone getting fired over this, so I guess that it's just not a priority for lots of organizations.
Agreed. It wouldn't surprise me at all if there were actuaries out there telling companies that it's cheaper to pay ransoms if and when they occur than to hire dedicated security. Which probably is true, at face value.
Certain critical information should never be stored as digital data, as we've seen repeatedly keeping it secure is essentially impossible. Like it or not, there's now overwhelming evidence to prove that statement true. We've seen far too many supposedly very secure sites broken into have any faith in keeping very sensitive data secure—the huge SolarWinds attack, the NSA break-in and the loss of British National Health records to name just a few at the tip of a huge iceberg.
Now here's yet another instance, and we're seeing them at this high level almost every day. Tragically, this leak could have very serious consequences in that people are likely to be killed as the consequence:
It's time we citizens demanded that such critical records be stored on paper files and in locked cabinets in secured buildings as they once were. Simply, we've no other option.
Smart governments such as Russia have gone back to keeping critical documents on paper as they once did. In essence, no matter how hard one tries to secure digital data it's still dead easy for a determined adversary to access it—but it's much, much harder - in fact almost impossible - for the same adversary to break into a building and then into locked repositories and steal the same files in their paper form.
Let's do some very basic sums to prove my point:
1. The amount of data stolen in this case is 250GB. (This is an absolutely huge amount of data.)
2. If we commit text to paper we get about 2K bytes per page (a long accepted round figure)
3. Therefore, a standard ream of paper, 500 pages, stores 1,000,000 bytes (1MB) of data.
4. 250GB is actually 250,000 megabytes
5. Now, a ream of paper weighs conservatively 2Kg (it's likely more). Thus, each 1MB in paper storage will weigh ≈2 kg
6. Extrapolating this out, we therefore need ≈500,000 kg ==> ≈500 tons of paper.
7. Thus, I'd strongly assert that whilst thieves (smart hackers) have amply demonstrated that they can easily steal 250GB of data from right under the noses of highly secured sites such as the NSA, Police etc, that it would be nigh on impossible for them to do so if the records were STILL stored in paper form, as they:
(a) would have to breach the physical security of a guarded building and break in;
(b) once inside, they'd then have to breach records security by breaking into secure records rooms thence secured filing cabinets; and,
(c) then remove 500 tons of paper records, this would require a huge logistical operation involving much manpower and many, many trucks—and they'd have to do all this without being caught!
The only way this could ever happen in practice would be for a country to be invaded by another (like the Nazis did in WWII).
In short, digital security has long proved that it's nowhere near being ready for prime-time. QED!
Our community is sadden to announce the tragic loss of a local computer hobbyist who tripped and fell in front of a municipal dump truck due to untied shoe laces. Contributing factors to the accident are believed to be a loss of focus from recent life stress including a failed rap career, repressed homosexuality, chronic tardiness, and talking back to elders.
In unrelated news, we congratulate Sergeant Yang of the Benevolent Retirees Association Metro Police for winning the "face up, face down!" raffle. Also of merit is the National Penalty Battalion, who successful accomplished the release of a genetic bio-weapon targeting the financial profiteers of international narcotics trafficking. We ask for no money. Please simply change your ways. In response to your hardship and efforts, 100 billion dollars has been deposited to your accounts by the federal central bank at 0.0001% interest.
There's more than just informant data in the leak. Some would argue, for instance, that police disciplinary records being public is in the public good.