back to article Extortionist hacks IT provider used by the stars of tech and big biz, leaks customer info after ransom goes unpaid

A service provider hired by the likes of Oracle, SAP, BT, and many others, to manage their IT systems has been hacked – and its client data held to ransom. At the turn of this month, Germany-based CityComp was broken into by a miscreant, who pinched troves of private information from its customer database and threatened to …

  1. This post has been deleted by its author

  2. ratfox
    Devil

    $5'000 of ransom?

    How Bitcoin has fallen...

    1. Anonymous Coward
      Anonymous Coward

      Re: $5'000 of ransom?

      accorfing to german radio reports it was 500.000

  3. Anonymous Coward
    Facepalm

    CityComp comps to vulnerabilities in their network

    Would Boris care to share the technical details of the breech. Do you think these kinds of attacks are enabled because the manufacturers had to dilute security under instruction from the spooks. I've seen videos of hardware locks designed by professionals that can be opened by a twelve year old with a wooden mallet. Same with man-in-the-middle attacks carries out on key-fobs. Something that could be defeated by only enabling the device with your thump pressed down on it.

  4. Jamie Jones Silver badge

    "Many companies pay us for our work"

    "Many companies pay us for our work,"

    That's a novel way of describing extortion.

    1. Neil Barnes Silver badge

      Re: "Many companies pay us for our work"

      Nice data you got here. Be a shame if anything happened to it...

  5. Anonymous Coward
    Anonymous Coward

    News from 1999......

    https://www.wired.com/1999/01/sun-on-privacy-get-over-it/

    Scott McNealy: "You have zero privacy anyway, get over it."

    ....and no one has done anything about it in twenty years....go figure!

    1. Hans 1
      Happy

      Re: News from 1999......

      Scott McNealy said and wrote some stupid things, this was one of them. Actually, no, he was a visionary, if you have an iPhone, Adnoid, macOS or Windows 10, you have no privacy, get over it ... how could he know about Devuan back then ?

  6. Blockchain commentard

    "A still unknown perpetrator has stolen customer data of CityComp". Er, if they bothered to read el Reg they'll know he's called Boris.

    1. Flywheel
      Joke

      He's trying to get his £350 million a week back...

  7. Jimmy2Cows Silver badge
    Facepalm

    Weird measure of success

    CityComp... "successfully fended off the attack"

    Umm no you didn't. Hence now being blackmailed over the data you "successfully" defended.

    1. Pascal Monett Silver badge

      Re: Weird measure of success

      Yeah, and hey look, they let 500+GB of data slip under their noses. Way to go to monitor your network.

  8. Pascal Monett Silver badge

    "once [..] learned of the vulnerability [..], it backed out, fixed up the hole, and refused to pay"

    Oh, poor little hacker got cheated. Look at the tears in my eye. No, take a good look. There's got to be something, no ?

    I guess not, then.

  9. K

    No wonder they didn't pay!

    The contact details anybody can easily find on LinkedIn... as for the inventory details, unless it includes IPs and credentials, has very limited impact!

    1. Anonymous Coward
      Anonymous Coward

      Re: No wonder they didn't pay!

      Not really, hardware information in targeted attacks is standard practise when looking to infiltrate large companies hosting very valuable data. I'm fairly confident Boeing for example would not be happy with lists of equipment they use to store and protect their data being publicly available. Neither does Linked in give you a list of email addresses both private and corporate, telephone numbers, name and position in company etc that can be used to gain access, yes Linked In can help but not to the extent that you seem to think it does.

  10. Giovani Tapini

    I'm just glad

    They didn't pay up and promote the er.. business model of Boris.

  11. Anonymous Coward
    Anonymous Coward

    Based on his speech patterns, this guy is German

    'Many companies pay us for our work, and we do not publish data and help them to eliminate vulnerabilities'

    He's saying, next time it could be someone really bad.

  12. Doctor Syntax Silver badge

    "Pay me $5,000 to not sell the data. Trust me, I'm a criminal."

    Not the most persuasive pitch.

    1. phuzz Silver badge

      "You can trust me because I didn't leak anything from these other companies. None of whom are admitting to being hacked."

  13. Swarthy
    Pirate

    Hmmm...

    He kinda' sounds like someone who had been burnt on bug bounties in the past; so now rather than relying on an official bounty program, he creates his own.

  14. Andytug

    Apart from the extortion motive, people like this guy make it harder for genuine white-hats, as it gives government more excuses to tighten the law so that even hacking to point out vulnerabilities will become illegal - which will make everything less safe!

  15. adam payne

    CityComp with the help and support of external experts and the State Criminal Police Office of Baden-Württemberg successfully fended off the attack

    The attack you successfully fended off while losing 500+GB of data, yes well done.

    implemented supplementary security measures of all systems

    Would that be installing all the missing patches?

  16. Hans 1
    Windows

    Sermon of the greybeard

    I know you have outdated business-critial software/hardware running in production, or some other 20 year old piece of custom-developed software that is encrypted, yeah, supports up to SSL 2.0 and the like ... sooner or later, Boris and his friends will come and get you.

    Go FLOSS now, or regret it later ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon