undefined | Better HN

0 pointsthrowawaygh4y ago0 comments

Writing a law that prevents this sort of pass-through is trivial. Hold all parties responsible. Don't even require first-hand knowledge that a ransom was paid.

Writing a law with proper disincentives is also trivial -- forget about fines. Proper jail time for senior execs and board members.

Execs and boards will be damn sure not to pay ransoms, and additionally damn sure that any company they hire to help knows in no uncertain terms that they are also not to pay any ransoms.

It really isn't that hard to write laws that disincentivize paying ransoms and aren't possible to route around with wink-and-nod bullshit.

0 comments

strogonoff4y ago

Laws that disincentive paying ransoms don’t seem to necessarily be that simple to implement and uphold, at least as long as cryptocurrencies are in the equation.

Someone may have paid into that wallet, but who? Was it the attackers themselves, to make it seem to observers as if they succeeded? Did some consultant happen to keep a stash of crypto? Maybe the boss of the hacked organization wisely maintained a wallet for that purpose, funded by embezzling?

throwawayghOP4y ago

This is a great example of technologists underestimating the law. Juries, judges, and legislators are not complete dumbasses.

kwhitefoot4y ago

Presumably someone had to buy the cryptocurrency in the first place so that should be traceable.

strogonoff4y ago

One might not need to buy cryptocurrency all at once after the hack nor do it with visible corporate money, CEO can own a crypto wallet not connected to them in any way, there are mixers/anonymizers, etc. The range of possibilities is much broader in that land.

j / k navigate · click thread line to collapse

0 pointsthrowawaygh4y ago0 comments

Writing a law that prevents this sort of pass-through is trivial. Hold all parties responsible. Don't even require first-hand knowledge that a ransom was paid.

Writing a law with proper disincentives is also trivial -- forget about fines. Proper jail time for senior execs and board members.

Execs and boards will be damn sure not to pay ransoms, and additionally damn sure that any company they hire to help knows in no uncertain terms that they are also not to pay any ransoms.

It really isn't that hard to write laws that disincentivize paying ransoms and aren't possible to route around with wink-and-nod bullshit.

0 comments

strogonoff4y ago

Laws that disincentive paying ransoms don’t seem to necessarily be that simple to implement and uphold, at least as long as cryptocurrencies are in the equation.

throwawayghOP4y ago

This is a great example of technologists underestimating the law. Juries, judges, and legislators are not complete dumbasses.

kwhitefoot4y ago

Presumably someone had to buy the cryptocurrency in the first place so that should be traceable.

strogonoff4y ago

j / k navigate · click thread line to collapse