Is it easier and better sometimes to pay a ransom on demand?

Following Talk Talk’s moment ‘hackus horribilis’ on 21st October 2015, details are emerging not of foreign extremists potentially being behind the attack, but rather a growing cabal of youngsters aged 14-16 have been arrested and released on bail by the British police after questioning over the incident. The latest advisory from TalkTalk is that only 4% of their customer base (157,000 customers and around 15,600 accounts) were actually affected by the breach of security (though obviously if you were one of that number, you wouldn’t care about the low percentages).

TalkTalk are not on their own though:  M&S had some of its users’ details accidentally shared with other customers online last week. This followed what was described as an internal error. The website was pulled down for 2 hours whilst the problem was fixed. Nonetheless, personal data including names, dates of birth, contacts and previous orders could be seen. Meanwhile, Barclays suffered problems with customers complaining of difficulties with ATM transactions during the weekend of 21st October. This incident was put down to a “network problem” resulting in a “tech outtage” by Barclays.

And in an interesting discussion at the 2015 Cyber Security Summit in Boston, the FBI’s Assistant Special Agent in Charge of CYBER and Counterintelligence Programmes, Joseph Bonavolanta advocated that sometimes it really might pay off the criminals in ransomware attacks, where a CryptoWall infection has breached a company’s IT systems. Often this advice is because the infected organisation has no way of recovering the files.  Often, the cause of failure is due to a lack of recovery options and the company has no back up, or one that is too old to be commercially useful.  Ransomware has been gathering traction since 2013 and much of the difficulty for government security agencies is that no two Ransomware attacks are the same.

Meanwhile, the Deputy Director of the US National Security Agency (NSA), Richard Ledgett commented last week in an interview with the BBC, that as the world becomes more connected and more vulnerable, nation states have to identify their red lines which cannot be crossed by other nation sabotage (eg. the Sony attack) and that where this happened it should lead to consequences. There should be a three prong plan:  build our defences, build offences against threat in others’ networks and “have a build up of international diplomatic regimes” through which the threat of sanctions could be levied.

Post the Edward Snowden leaks, he said real damage had been done, as the disclosures had led to changed behaviours in cyber attackers targeting many organisations.  He added “Several terrorist organisations and one in particular had a mature operational plot directed against western Europe and the US“. This had hampered the NSA’s ability he said to do their job.  Arguing the rights and wrongs of surveillance in a data-filled world, Ledgett said: “I think that the way the discussion (the Snowden leaks) came about was wrong. You hear claims that he was a whistle-blower and that he tried to raise things. Those are just not true…He didn’t try.”   On the subject of transparency, Ledgett advised that it was good to have a public discussion about what the authorities are and can do, but it got harder if it involved specific operations and specific targets.

With Teresa May updating the UK Government’s powers on mass surveillance there is a difficult path to tread for those who keep us safe, and those who would have liberty at the forefront of the argument.

(Pix below Richard Ledgett Deputy Director of the NSA).

_86342462_nsa

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s