The Ransomware Superhero of Normal, Illinois (opens in new tab)

(propublica.org)

118 pointsthecyborganizer6y ago37 comments

37 comments

Admirable initiative on his part. I'm sure that like me, a lot of you here can identify with being a programmer who wasn't a traditional student.

Maybe not such a hot idea to out his personal details in a story like this though. One of the things they (eventually) taught me in college was operational security.

blotter_paper6y ago

On the other hand, flyjng this flag might be his best bet at landing a decent job.

randogogogo6y ago

The heart wants what the heart wants. Good on him.

noonespecial6y ago

The amount society is losing by making this guy wake up at 2am to deliver papers on a friggin' bicycle just boggles the mind.

Wistar6y ago

Here is a gofundme for him. Not many funders, it looks like:

https://www.gofundme.com/f/get-ransomware-hero-michael-gille...

And a Patreon as well: https://www.patreon.com/demonslay335

jszymborski6y ago

Might I ask, what is the trust model for GoFundMe campaigns launched on the behalf of someone. Does GoFundMe do an escrow/arbitrage sort of thing to assure that the money gets to Gillepsie and not the organiser of this event?

bayesian_horse6y ago

Where did all those hackers go?

No idea, they ransomware.

djbelieny6y ago

Ba dum tsss...

jeron6y ago

boo

praptak6y ago

Tough crowd, tough crowd.

randogogogo6y ago

I know this is a repost, which is rare for this site, but I feel such a camaraderie with him and the homestate connection I'll vote it up again and again.

thecyborganizerOP6y ago

I initially posted this story last week, and it didn't get much attention - curiously, the next day I received an email from dang asking that I repost it! From the email:

This is part of an experiment in giving good HN submissions multiple chances at the front page. If you have any questions, let us know. And if you don't want these emails, sorry! Tell us and we won't do it again.

randogogogo6y ago

Oh very interesting. Weirdly enough my initial response to you has been upvoted and then downvoted. I don't want to turn this place into Reddit with all the meta talk, but interesting things are afoot.

wyxuan6y ago

That’s interesting. Is this manual? Can’t dang just push it to the front page?

1 more reply

dredmorbius6y ago

Reposts, particularly of other-than-breaking news items, are fairly common.

It often takes a few repeats for an item to get traction. There are also numerous perennial favourites which show up every few years.

HN itself has existed since 2007. Memories fade, and new souls appear. xkcd's Ten Thousand applies.

cududa6y ago

Interesting. 3 years ago I had my credit card stolen and a bunch of purchases made to a non-existent surf shop in Normal, IL.

g2ah5z6y ago

I went to college at Illinois State University, which is in Normal, IL. The thought of there being a surf shop in a town that's in a middle of a cornfield with no water nearby just cracks me up.

beat6y ago

What about Lake Bloomington? Miller Park "lake"? I suppose you could sit on a surfboard in knee-deep dirty water until you got bored.

_blaise_6y ago

Clinton Lake a bit south of there has decent windsurfing and kitesurfing in the spring and fall.

cududa6y ago

I did have fun looking around Normal on Street View imagining locations of the surf shop

tshanmu6y ago

He is on the evil radar.. :(

birdiesanders6y ago

Huh, odd to see Blono on the internet. Peoria and Bloomington/Normal are pretty much forgotten outside of Central IL. I run a small repair shop and a software design company in Peoria. Might have to go pay a visit to the only computing celeb we have here!

cwkoss6y ago

Never pay for ransomware - increasingly ransomware is being released that doesn't actually save the encryption key, and so the extortionist just says whatever they think will get you to pay the most money.

thecyborganizerOP6y ago

There's some interesting game theory at work here. I remember learning in the early days of ransomware that the hackers would typically provide excellent customer service to the targets. They'd always promptly respond to emails or phone calls, and they'd even walk you through the process of buying Bitcoin to send. The premise was that you'll get the highest revenues if you make it as easy as possible for people to pay you - and establish a reputation for actually unlocking the data once you're paid!

Of course, just taking the money and running is a much higher-margin business, but it relies on that established reputation-building. Maybe a good analogy is counterfeit sellers on Amazon.

bsaul6y ago

friend of mine just got his hd encrypted, and i told him to try and talk to the guy instead of just assuming it was just a bot. And indeed he got a conversation going. He’s still unsure about paying, and hope for now that someone will release a decrypter. He’s got all his kids pictures and videos and no other backup..

thephyber6y ago

It's also worth noting that if you pay ransomware, the organization you pay now knows that you (1) are willing to pay, (2) don't have the technical capability to avoid a malware infection, (3) don't have a full backup solution.

Even if the ransomware is removed/disabled after payment, you are more likely to be re-targeted either by the same group or that group may resell your information to rival ransomware groups.

I'm not entirely against paying, but it's a risk calculation and you should know all of the risks.

bsaul6y ago

i have the feeling based on a recent experience that at least for individuals, you’re not really « targeted ».it’s more of a fishnet approach , and then some people will do the hotline to help you pay the bitcoins.

The guy asked my hijacked friend for the equivalent of 200€ in bitcoin. I don’t see anyone spending time specifically on his case for that amount. A skilled hacker able to « target » someone could make much more money actually developing real software.

autoexec6y ago

I'd like to think that any person or company who was hit by ransomware would act quickly to remedy point 3 and, as much as its ever possible, point 2 as well.

GhettoMaestro6y ago

I am amazed he gives all of this knowledge and tooling away for free. A very wonderful contribution to everyone's security and research. My hat is off to this e-Chad.

Itaxpica6y ago

For anyone interested in kicking in some cash to support his work, the ID Ransomware main page has a link to his Patreon, where for a dollar or more a month you get to see pictures of his cats (https://www.patreon.com/demonslay335)

(there's also a BTC address, for the crypto-inclined)

Grangar6y ago

Oh man, that article went from super wholesome to way too real. I feel so sorry for that man, I'm donating to his gofundme later this weekend. Something like a patreon would be a good way to generate more income perhaps?

Quarrelsome6y ago

about time to lock him up isn't it?

Sorry, still bitter about Marcus Hutchins's outcome.

tssva6y ago

Facing consequences for crimes committed?

Quarrelsome6y ago

its a discomfort with the seeming desire that all white hats are holy and perfect and not accepting the grey that still contribute to positive outcomes. Its about allowing people to err and redeem themselves.

I find these outcomes exclusionary to those with less positive upbringings and backgrounds.

1 more reply

j / k navigate · click thread line to collapse

37 comments

elipsey6y ago

Admirable initiative on his part. I'm sure that like me, a lot of you here can identify with being a programmer who wasn't a traditional student.

Maybe not such a hot idea to out his personal details in a story like this though. One of the things they (eventually) taught me in college was operational security.

blotter_paper6y ago

On the other hand, flyjng this flag might be his best bet at landing a decent job.

randogogogo6y ago

The heart wants what the heart wants. Good on him.

noonespecial6y ago

The amount society is losing by making this guy wake up at 2am to deliver papers on a friggin' bicycle just boggles the mind.

Wistar6y ago

Here is a gofundme for him. Not many funders, it looks like:

https://www.gofundme.com/f/get-ransomware-hero-michael-gille...

And a Patreon as well: https://www.patreon.com/demonslay335

jszymborski6y ago

bayesian_horse6y ago

Where did all those hackers go?

No idea, they ransomware.

djbelieny6y ago

Ba dum tsss...

jeron6y ago

boo

praptak6y ago

Tough crowd, tough crowd.

randogogogo6y ago

I know this is a repost, which is rare for this site, but I feel such a camaraderie with him and the homestate connection I'll vote it up again and again.

thecyborganizerOP6y ago

I initially posted this story last week, and it didn't get much attention - curiously, the next day I received an email from dang asking that I repost it! From the email:

randogogogo6y ago

wyxuan6y ago

That’s interesting. Is this manual? Can’t dang just push it to the front page?

1 more reply

dredmorbius6y ago

Reposts, particularly of other-than-breaking news items, are fairly common.

It often takes a few repeats for an item to get traction. There are also numerous perennial favourites which show up every few years.

HN itself has existed since 2007. Memories fade, and new souls appear. xkcd's Ten Thousand applies.

cududa6y ago

Interesting. 3 years ago I had my credit card stolen and a bunch of purchases made to a non-existent surf shop in Normal, IL.

g2ah5z6y ago

I went to college at Illinois State University, which is in Normal, IL. The thought of there being a surf shop in a town that's in a middle of a cornfield with no water nearby just cracks me up.

beat6y ago

What about Lake Bloomington? Miller Park "lake"? I suppose you could sit on a surfboard in knee-deep dirty water until you got bored.

_blaise_6y ago

Clinton Lake a bit south of there has decent windsurfing and kitesurfing in the spring and fall.

cududa6y ago

I did have fun looking around Normal on Street View imagining locations of the surf shop

tshanmu6y ago

He is on the evil radar.. :(

birdiesanders6y ago

cwkoss6y ago

thecyborganizerOP6y ago

Of course, just taking the money and running is a much higher-margin business, but it relies on that established reputation-building. Maybe a good analogy is counterfeit sellers on Amazon.

bsaul6y ago

thephyber6y ago

Even if the ransomware is removed/disabled after payment, you are more likely to be re-targeted either by the same group or that group may resell your information to rival ransomware groups.

I'm not entirely against paying, but it's a risk calculation and you should know all of the risks.

bsaul6y ago

autoexec6y ago

I'd like to think that any person or company who was hit by ransomware would act quickly to remedy point 3 and, as much as its ever possible, point 2 as well.

GhettoMaestro6y ago

I am amazed he gives all of this knowledge and tooling away for free. A very wonderful contribution to everyone's security and research. My hat is off to this e-Chad.

Itaxpica6y ago

(there's also a BTC address, for the crypto-inclined)

Grangar6y ago

Quarrelsome6y ago

about time to lock him up isn't it?

Sorry, still bitter about Marcus Hutchins's outcome.

tssva6y ago

Facing consequences for crimes committed?

Quarrelsome6y ago

I find these outcomes exclusionary to those with less positive upbringings and backgrounds.

1 more reply

j / k navigate · click thread line to collapse