undefined | Better HN

0 pointsCrosseye_Jack2y ago0 comments

1) Entity gets hacked

2) Hackers exfiltrate data from the target (this could be source code, database dumps, employee records, emails, or any combination of the above - basically anything that could be seen that has value to the company staying private.

3) Depending on the model used, the hackers either privately or publicly informs entity they have their data and unless a payment of X if made the data will get leaked or sold to the highest bidder.

0 comments

andersa2y ago

I don't understand how anyone would ever pay. There is nothing guaranteeing you the hackers actually destroy their copy of the data on payment, so they could just come back and ask you for another payment every few months.

Or are we really supposed to believe these criminals would follow some sort of made up honor code?

Crosseye_JackOP2y ago

You are completely right, they are criminals there is nothing stopping them from just dumping the data anyway (or launching another attack later down the road).

However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

But there is another "maybe" to consider (OP did ask for a brief explanation so I didn't go into all possibilities), did they encrypt the data? If they did and entity no longer has access to it they then have two options 1) restore the data from backup (if they had them and can restore service in a reasonable amount of time) / write off any data loss 2) pay up for the keys.

google2341232y ago

Or… they do the extortion thing and then change the name of their group and go again without the untrustworthy baggage

1 more reply

neffo2y ago

> However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

The hackers are the real victims here

shric2y ago

They have an incentive to uphold their end, otherwise they will never be able to extort someone else in the future.

andersa2y ago

Aren't they all anonymous, though? So they could just change their name for the next operation. Maybe all these groups are already the same people behind the scenes.

1 more reply

op00to2y ago

If the criminals get a reputation for dumping data after you pay, no one will pay anymore. It’s not honor, its customer service.

xvector2y ago

Their business model wouldn't work if they did a double random. It's not an honor code but a common sense code.

google2341232y ago

Which is why it should be illegal to pay them off

j / k navigate · click thread line to collapse

0 pointsCrosseye_Jack2y ago0 comments

1) Entity gets hacked

3) Depending on the model used, the hackers either privately or publicly informs entity they have their data and unless a payment of X if made the data will get leaked or sold to the highest bidder.

0 comments

andersa2y ago

Or are we really supposed to believe these criminals would follow some sort of made up honor code?

Crosseye_JackOP2y ago

You are completely right, they are criminals there is nothing stopping them from just dumping the data anyway (or launching another attack later down the road).

However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

google2341232y ago

Or… they do the extortion thing and then change the name of their group and go again without the untrustworthy baggage

1 more reply

neffo2y ago

> However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

The hackers are the real victims here

shric2y ago

They have an incentive to uphold their end, otherwise they will never be able to extort someone else in the future.

andersa2y ago

Aren't they all anonymous, though? So they could just change their name for the next operation. Maybe all these groups are already the same people behind the scenes.

1 more reply

op00to2y ago

If the criminals get a reputation for dumping data after you pay, no one will pay anymore. It’s not honor, its customer service.

xvector2y ago

Their business model wouldn't work if they did a double random. It's not an honor code but a common sense code.

google2341232y ago

Which is why it should be illegal to pay them off

j / k navigate · click thread line to collapse