back to article Accused SOCA attacker reportedly 'keen' to help cops

A 19-year-old UK man accused of taking part in an attack on the website of the Serious Oranised Crime Agency was denied bail during a brief court hearing on Thursday. Ryan Cleary didn't enter a plea to the five offenses Metropolitan Police leveled against him on Wednesday, according to media reports. The judge at the …

COMMENTS

This topic is closed for new posts.

Page:

  1. Thomas 18
    Windows

    Bad times

    People just don't see the hurt they cause though, they just get wrapped up in the cause and forget about all the punters with chugging slow computers and businesses employees/customers.

    Lets hope the sentence is proportional to the crime though i.e. less than murder and lets try and keep him away from the yanks eh.

    1. Thomas 4
      IT Angle

      I have a dream

      I dream that one day, people accused of technical crimes such as these will be tried by a panel of technical experts, rather than Joe Plebb off the street who classes anything beyond the power switch as "computer hacking".

      1. ClareCares
        Unhappy

        Dreadful

        My heart goes out to the mother of this youngster. To have your son accused of a crime just for running a chat server. As a parent she has my sympathies.

        As a web developer I have to wonder when the FBI, and the Met police are going to go after Microsoft for the same things. They must run the servers for MSN which have to be a lot bigger than what ever Ryan was running. Surely this makes them much bigger criminals?

        1. This post has been deleted by its author

          1. Anonymous Coward
            Thumb Down

            @above

            @Bullseyed

            Computer Misuse Act 1990?

            @Clare

            There is a difference between MSN and IRC. Also I believe that the folks of Anon and Lulzsec use IRC to control botnets?

            1. Your Retarded
              Thumb Down

              @Titus

              I also believe that terrorists use mobile phones. That does not mean that all people who use mobile phones are terrorists.

    2. Anonymous Coward
      Anonymous Coward

      Thomas18

      I'm assuming the upvotes on Thomas18 are for the yanks comment?

      No crime was committed. If you leave your couch out at the curb, someone assumes it is garbage and takes it, your couch wasn't stolen. There is no reasonable expectation of privacy for data stored in plaintext.

      1. David Neil

        Not strictly true

        The couch analogy has a flaw.

        S.3(1) of the Theft Act 1968 states:

        ``Any assumption by a person of the rights of an owner amounts to an appropriation, and this includes, where he has come by the property (innocently or not) without stealing it, any later assumption of a right to it by keeping or dealing with it as owner.''

        While you may not have had the intention of permanently depriving the owner of their property, if you later became aware that they were indeed seeking recovery then you could be charged with theft.

  2. Turtle

    Well, we all know.

    We all know by now that it is easier to be a tough guy sitting at your computer than it is, for example, to be a tough guy while being escorted to the offices of the local constabulary, or standing in front of a judge in a real court of law.

    I'll bet "keen" doesn't half describe his new-found attitude.

    1. Scorchio!!

      Re: Well, we all know.

      "I'll bet "keen" doesn't half describe his new-found attitude."

      Eager? Desperate? There still has to be a proportionate punishment, one that deters future offenders. It's not enough to merely punish.

      1. Anonymous Coward
        Anonymous Coward

        And to rehabilitate?

        Perhaps a non-custodial sentence recylcing computers for developing nations

        1. Scorchio!!

          Re: And to rehabilitate?

          "Perhaps a non-custodial sentence recylcing computers for developing nations"

          My initial response was 'what an excellent idea'. However, the possibilities for raising armies of vengeful script kiddy armies made me uncomfortable with it. Perhaps undoing the damage done?

          1. Anonymous Coward
            IT Angle

            "Punishment"

            How about as punishment they put him in charge of all the government web sites. Surely he would do a much better job than the billions of dollars spent on "experts" who don't know shit about IT.

        2. Matt Bryant Silver badge
          Boffin

          RE: And to rehabilitate?

          Don't be silly! The gubbermints of the World are looking at the rising problem of skiddies and seeking a means to nip it in the bud. Anyone caught involved in the Lulzsec or Anonyputz activities is going to get the book, the bookcase and probably the whole library thrown at them, if only in the hope of sending a message to skiddies.

  3. Cormu
    Coat

    intresting

    so as we all asumed the geeky script kiddie now stripped of his anom is suddenlly very co-operative , lucky he has mummy with him to wipe his tears away.

  4. Mark 65

    WTF?

    Can you really hold someone in police custody for more than 48hrs for DDoS?

    1. Anonymous Coward
      Stop

      You would be surpised...

      If the police think, or have grounds to believe that they can think, the attack on SOCA was targetted, and that there is a hint, just a whiff, of suspicion he attached a CIA site, then that comes under the Anti-Terrorism act. Its a pretty far reaching peice of legislation.

      For example, and this I know from expericence of dealing with the consequences: scan a passport, photoshop the image so the date of birth indicates your 18 (see, IT lessons worked very well for thsi kid), and HEY - your a terrorist. No, honestly, that is what happened. Teach him to try and sneak in to Glasto!

      Anon, to protect the guilty party!

    2. Peter2 Silver badge

      Yes.

      AFAIK, They can hold someone for 48hrs before charging them. After they have been charged with multiple criminal offences then they can be held while "helping the police with their enquiries" for a very, very long time.

    3. Anonymous Coward
      Anonymous Coward

      Yes.

      Its a crime. It causes damage.

      1. Arrrggghh-otron

        Causes damage?

        Really? Who is going to miss the SOCA website for a few hours?

        If you are running a website that makes money then you invest to protect it against things like DDoS and the innumerable script kiddies and bots that hit your servers constantly. If not then you take the rough with the smooth.

        Proportional defences relative to the worth of the resource.

      2. Mark 65

        Re:Yes - It is a crime. It causes damage.

        If I were to have an argument with you in the street and beat the shit out of you (a bit of a pasting but no gbh) in front of your kids I'd probably be treated more leniently than this dude. Who would you rather was free to walk the streets? The whole response to computer crimes is OTT *when compared to* other crimes.

    4. jonathanb Silver badge

      Yes

      Attacking military and law enforcement installations is terrorism, so they can hold him for 28 days.

    5. Anonymous Coward
      Anonymous Coward

      28 days

      They'll find a way to tie this in to anti-terror legislation. He gets a month without charge.

      1. a cynic writes...
        Facepalm

        "He gets a month without charge"

        They probably could have done that but for the fact they've already charged him. The original article being about his bail hearing was a bit of a clue.

  5. Anonymous Coward
    FAIL

    Vulnerable, agoraphobe in a a UK prison

    What a stupid farce.

    This is just some silly teenager, probably has Aspergers (or something like it) who hosted a chat server. An IRC chat server, that's all.

    I was dismayed to see Channel 4 News imply that he was a some sort of leader/lynchpin. I expect this kind of crap from the Daily Fail.

    That said, he's an idiot IF he was involved in using LOIC or DDoS. Sounds to me, like he was a cheerleader. So, he wasted his life on a computer, at least it's better than vandalising bus stops and graffiti tagging his neighbourhood. FFS!

    Only gullible fuckers think that lulzsec/Anonymous has a hierarchy. I have a feeling they're going to come down hard on this kid to:

    1. 'send a message'

    2. Look competent at solving crime i.e. for PR.

    1. Anonymous Coward
      Alert

      hosted an IRC server ?

      Is that all he did ? start an ircd process ?

      If so the charges of organising botnets might make sense (if you don't understand these things).

    2. Anonymous Coward
      Paris Hilton

      RE: "I was dismayed to see Channel 4 News"

      Channel 4 News is produced by ITN. The same producers of ITV News.

      1. Anonymous Coward
        Anonymous Coward

        Even Worse ...

        ... Channel 4 thinks Gregory Evans is some kind of infosec expert.

        http://www.theregister.co.uk/2011/01/31/ligatt_security_subpoena_quashed/

        http://www.theregister.co.uk/2010/06/22/worlds_no_1_hacker/

    3. DavCrav

      Of course

      "So, he wasted his life on a computer, at least it's better than vandalising bus stops and graffiti tagging his neighbourhood. FFS!"

      Actually, not of course. Instead of tagging a wall, causing a man to repaint it at a few hundred pounds of damage, he was involved in computer crime, which also has a monetary cost associated to it, likely significantly higher than hiring a painter and buying a can of Dulux.

      1. The Alpha Klutz

        criminal damage is good for the economy.

        Work is pretty slow for the guys who make bus stops until someone smashes one up.

        The "cyber security" industry must be worth millions, with thousands of staff. Someone has to do the damage that keeps those staff in clean clothes and doughnuts. Except for the clean clothes bit.

        It doesn't cost society anything, it actually generates wealth for society. Money doesn't disappear just because you spent it on fixing something.

        It costs society dearly when we allow a small number of individuals, mostly bankers, but other assholes as well, to collect millions of pounds they don't really need and then.... do nothing at all with it. Like they think taking money to the grave with them is some kind of funny joke. Well, it's not. Stop it.

      2. bean520
        FAIL

        Except he wasn't...

        ...he was hosting a chat server. There is no evidence he was actually involved in attacks

        1. a cynic writes...
          Facepalm

          "There is no evidence he was actually involved in attacks..."

          ...other than whatever is on his machine (currently in Police custody), his public statements six weeks ago when his name has been public knowledge, any network traffic intercepted since then and whatever he's telling the Police now in an effort to "co-operate".

          On the other hand we can definitively say that he was only hosting a chat server as an unnamed person with an axe to grind said so in a tweet. You can't get more solid evidence than that.

        2. Anonymous Coward
          Thumb Down

          on the other hand

          what evidence that he wasn't? are you involved in the investigation? have you seen the evidence?

          1. a cynic writes...

            I've seen the chatlogs over at The Gruaniad...

            Quick summary: he isn't part of the LulzSec core group, they thought he was a useful nutter with a tendency to throw a strop and use his botnet to DDOS people.

            Genuine or fake, I would imagine he's been shown them by Inspector Knacker by now and if the assessment in the logs is accurate (and it's consistent with his medical history) he'll be spilling his guts in revenge.

        3. Matt Bryant Silver badge
          FAIL

          RE: criminal damage is good for the economy.

          "....It doesn't cost society anything...." I used to know someone that excused car-crime with the same idiocy - "it keeps people in a job, dunnit".

          It costs us ALL. I'll explain how for the economically-challenged. If it is a public entity (Police, CIA, etc) that is hacked, then taxes will spent on cleaning up after the cybervandals, fixing the problems they caused, hopefully fixing the security holes, and then on finding and catching the criminals. If it is a commercial company, then they claim from their insurance, which comes from the same companies that sell you your house/car/life insurance (and mortgage), so they recoup their costs by increasing their prices. If you have savings then they will be impacted by the increased costs to banks and other companies in tightening up their security and defending against said vandals. Taxpayer money still gets paid on catching the guilty.

          You are truly ignorant if you think cybercrime has no cost. A fail of epic proportions.

    4. a cynic writes...
      Coat

      A gullible fucker writes...

      Apparently I must be a "...gullible fucker..." as I always thought someone must be aiming all these instances of LOIC that the members of Anonymous were running, rather than it working from the collective unconscious. You live & learn.

      Anyway whilst I'll agree he is young & daft with the common sense of a whelk, he's a bit more than a cheerleader. At the start of May he was quoted in the bleeding Metro after his faction of Anonymous took control of AnonOps.net and AnonOps.ru, and he was outed in retaliation.

  6. Anonymous Coward
    WTF?

    "insufficient information"???

    “The judge at the Westminster Magistrates' Court ruled there was insufficient information to set bail and scheduled another hearing for Saturday morning.”

    How does this happen? Were some parties deliberately withholding information for some reason?

    “The Guardian reported that FBI agents have arrived in Britain and may be given access to evidence collected by UK police.”

    Could this be why they “botched” the bail hearing? Is the FBI going to be allowed to interrogate him before he’s released? I also suspect another extradition demand, the Merkins are desperate to get their hands on some poor sap for their show trial.

    1. BristolBachelor Gold badge

      show trial

      Don't forget that we are now talking about an act of "warfare". And an attack against the CIA could be called terrorism and warfare (after all, it's far worse than taking a picture of a double-decker bus!)

      If he's a script kiddie, expect the book to be thrown at him. If he really is good (why was he caught?) then maybe he can be let-off if he turns to the dark side.

    2. Anonymous Coward
      Anonymous Coward

      Didn't plead either way

      It says he didn't plead guilty or non-guilty. Perhaps he's hoping that if he gives up enough people higher up the chain, they just might let him off the hook or lower charges to something that will just be a slap on the wrist.

      I'd guess this is why they haven't given bail, because he hasn't pleaded either way.

      And this isn't as simple as a DDoS against a rival gaming clan. The alleged attacks caused huge losses for the companies involved. And I'm sure they're looking into far more than just the DDoS attacks that they've released to the media.

      E.g there's allegations (outside of the court room) of much deeper hacks which could potentially be considered "national security" and therefore aren't being discussed.

      I'm personally fed up with reading 'oh but all he did was host an IRC server'. Read up a bit and find out the truth before you post here. I sat in those IRC servers watching and trolling for a long time, so I know the truth.

      1. Anonymous Coward
        Flame

        @Didn't plead either way

        "I sat in those IRC servers watching and trolling for a long time"

        So you spent months spying on a psychologically disturbed teenager via the internet?

        My fucking hero.

        1. Anonymous Coward
          Anonymous Coward

          Sure

          Yeah cos I have the same illness as him. At least I will have if I'm ever arrested for any kind of crime.

          I was in those chats in my spare time to try disrupt anon. efforts, and it was successful. It doesn't take that much to make those idiots paranoid and turn against each other. Which in turn draws them away from their pathetic attacks.

          I wasn't focussed purely on a certain alleged DDoSer but rather the group as a whole. I just happened to see a certain alleged DDoSer chatting away in the public and private rooms and setting LOIC targets for the sheep followers who installed the DoS software.

      2. Anonymous Coward
        Anonymous Coward

        Re: Didn't plead either way

        "I'm personally fed up with reading 'oh but all he did was host an IRC server'. Read up a bit and find out the truth before you post here. I sat in those IRC servers watching and trolling for a long time, so I know the truth."

        I claimed nothing of the sort and you would know it if you had read my comment properly..

        II hope you were more observant in your (fictitious?) fraternisations with these petty criminals on their IRC channel.

        I don't think he should be let off if he is in fact guilty, I believe he must get a fair trial here and suffer a proportionate punishment for any crimes he's commited, something he will not get if the Merking get hold of him.

        .

    3. Anonymous Coward
      Stop

      Let's not jump to conclusions

      I read the "Insufficient Information" part and at first thought it sounded odd too. However, it could be for all kinds of reasons.

      He might have threatened self harm in the past, so they may want to psychologically assess him; he might have said he doesn't know where is passport is, so they may have given him another couple of days to come up with it; his parents might need a day or so to confirm they can cover any bail conditions; if the court was considering stopping his internet access to prevent further communications with his alleged conspirators, they might need extra time to figure out how to do it; he might have said he feels threatened by alleged conspirators, so they may have to consider how to protect him.

      Not saying any of these are valid reasons, plausible or true, but there could be many perfectly reasonable situations where the court decides it needs more information before setting bail conditions.

      Let's not just assume that it's for Big Brother conspiracy purposes.

      1. Scorchio!!

        Re: Let's not jump to conclusions

        "He might have threatened self harm in the past, so they may want to psychologically assess him"

        The correct term is 'psychiatrically assess him'. Psychologists participate in MDT assessments, but their expertise is not psychiatry per se. The people who bear the greatest brunt are the two doctors required for non court sectioning and the approved social worker in psychiatry (yes, only one). However psychologists cannot and do not issue psychiatric diagnoses, only psychiatrists can do this.

        The difference between psychiatrists and psychologists; the former go to med school and then choose a specialised branch of medicine, psychiatry, and further specialise in, e.g., forensic, geriatric, psychoses, eating disorders, anxiety disorders, and so on. The latter read a B.Sc. in psychology and then choose to specialise and move on to an approved doctorate in clinical psychology, in which they choose a further sub specialisation in, e.g., psycho geriatric, psychoses, etcetera. Not all psychology courses result in doctorates, and the doctorate in question is a doctorate in clinical psychology. (Psychology has become Americanised, I regret to say.) Other branches in psychology include organisational, occupational, forensic, counselling.

        The emphasis in psychology is on science, whereas in psychiatry the emphasis is on medical practitioner training in psychiatry, akin to an art or a craft.

        Psychiatrists prescribe medicines, psychologists do not although some twits occasionally argue in favour of this. I don't know about you but I'd like my prescribing officer to be well versed in anatomy, drug interactions and life saving, not in psychometrics, scientific testing and how-does-it-feel crap. That way there's a tendency for the patient to live a little longer.

  7. Anonymous Coward
    Anonymous Coward

    Assuming the crimes were committed in the UK......

    I would hope he is tried in the UK, under UK law and given a proportionate punishment (i.e. one decided by a judge, not a politician a tabloid newspaper).

  8. Anonymous Coward
    Anonymous Coward

    FBI?

    They're going to peg him out in a wide open space to extract a confession aren't they...

  9. Anonymous Coward
    Anonymous Coward

    Doxed

    Ryan Cleary was the guy who was doxed by Anonymous some months ago when they allegedly had a falling out. I suppose that Anonymous is not considered a terribly reliable witness, which might explain the delay in his collar being felt.

    You would have to be really terminally stupid to continue hacking so soon after being doxed. It does make me wonder if they have the right person..

  10. amanfromMars 1 Silver badge

    The Right to Remain Silent Restrains Discovery and Presentation of State Secrets

    "Lets hope the sentence is proportional to the crime though i.e. less than murder and lets try and keep him away from the yanks eh." .... Thomas 18 Posted Friday 24th June 2011 06:56 GMT

    They appear to be already phishing for Private Proprietary Pirate Intellectual Property, Thomas 18 ..... "...FBI agents have arrived in Britain and may be given access to evidence collected by UK police."

    Softly Softly ....... IT's a Great Long Game ..... Creation with Novel Intellectual Property Share and Dream Servering.

  11. Marcus Aurelius
    WTF?

    Insufficient information is not sufficient

    There is a presumption of the right to bail unless there are valid reasons raised to deny bail.

    It sounds as though his brief was asleep on the job here

  12. Richard Boyce

    If the evidence stands up

    ... then I hope that he does face extradition. Only the Americans give sentences that reflect the seriousness of the offence and therefore can offer good incentives to plea bargain and cooperate.

    Anyone who runs a botnet is victimising a lot of people and causing a great deal of expensive damage, whatever his age. Any teenager who thinks it would be cool to be a member of a gang that causes mayhem needs to see that there can be serious consequences.

    One reason that there's such pressure in the UK to reduce sentences to slaps on the wrist is that our prisons are full of addicts who have turned to crime. If our politicians decriminalised possession of drugs for personal use and gave addicts free controlled access to pure drugs, we'd have less wasted police effort, less demands on the NHS, fewer victims of burglary, theft and other crimes, less money going to organised crime, and we'd have more resources to keep problem people safely locked up for longer.

Page:

This topic is closed for new posts.

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Malaysia-linked DragonForce hacktivists attack Indian targets
    Just what we needed: a threat to rival Anonymous

    A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party (BJP) making remarks felt to be insulting to the prophet Muhammad.

    The BJP has ties to the Hindu Nationalist movement that promotes the idea India should be an exclusively Hindu nation. During a late May debate about the status of a mosque in the Indian city of Varanasi – a holy city and pilgrimage site – BJP rep Nupur Sharma made inflammatory remarks about Islam that sparked controversy and violence in India.

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • Microsoft fixes under-attack Windows zero-day Follina
    Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

    Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.

    Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.

    Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.

    Continue reading
  • Cloudflare says it thwarted record-breaking HTTPS DDoS flood
    26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that

    Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago.

    In April, the biz said it mitigated an HTTPS DDoS attack that reached a peak of 15.3 million requests-per-second (rps). The flood last week hit a peak of 26 million rps, with the target being the website of a company using Cloudflare's free plan, according to Omer Yoachimik, product manager at Cloudflare.

    Like the attack in April, the most recent one not only was unusual because of its size, but also because it involved using junk HTTPS requests to overwhelm a website, preventing it from servicing legit visitors and thus effectively falling off the 'net.

    Continue reading
  • Man gets two years in prison for selling 200,000 DDoS hits
    Over 2,000 customers with malice on their minds

    A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.

    A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.

    Gatrel, was convicted of owning and operating two websites – DownThem.org and AmpNode.com – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • Capital One: Convicted techie got in via 'misconfigured' AWS buckets
    Assistant US attorney: 'She wanted data, she wanted money, and she wanted to brag'

    Updated A former Seattle tech worker has been convicted of wire fraud and computer intrusions in a US federal district court.

    The conviction follows the infamous 2019 hack of Capital One in which personal information of more than 100 million US and Canadian credit card applicants were swiped from the financial giant's misconfigured cloud-based storage.

    Paige Thompson (aka "erratic") was arrested in July 2019 after data was leaked between March and July of that year. The data was submitted by credit card hopefuls between 2005 and early 2019, and Thompson was able to get into Capital One's AWS storage thanks to a "misconfigured web application firewall."

    Continue reading

Biting the hand that feeds IT © 1998–2022