back to article Let's roll the 3d6 dice on today's security drama: Ah, 15, that's LG allegedly hacked, source code stolen by Maze ransomware gang

Maze ransomware masterminds claim to have stolen source code from LG after hacking into the electronics giant. Researchers at security outfit Cyble clocked screenshots of files, apparently swiped from LG's internal network, posted on the malware gang's website, where the miscreants boast about their victims. "Soon you’ll be …

  1. Jan 0 Silver badge

    >At LG, we take cybersecurity issues very seriously," a spokesperson told The Register.

    Was the Register's reply that it's obvious that they don't?

    I think they still feel Lucky, do you think they deserve a Gold Star?

    1. Anonymous Coward
      Anonymous Coward

      “ Was the Register's reply that it's obvious that they don't?”

      Is it only companies that randomly haven’t been hacked yet that obviously take security seriously?

      LG could have taken it seriously but one of their trusted partners had a lapse. There could be many other reasons including an employee who is meant to have that access.

      Jumping to conclusions gets people killed.

    2. Dwarf

      @Jan 0

      That's a new keyboard you owe me.

      At least someone knows what they company was called before marketing re-branded it Life's Good to make it more palatable to European markets that don't get all this luck and 8's thing that is common in the far east.

      Clint Eastwood also springs to mind "So, Do you feel lucky Punk ?!" and I guess that applies to both sides in this game of Chicken, but who will prevail ? Personally, I say don't pay the scumbags.

      Conversely, though if it does get released, then I'm wondering if any of the code will contain keys or backdoor accounts that would be very interesting from a security perspective for all the Internet of Tat that is not upgradeable.

      Hopefully after a couple of leaks like this, companies of such devices will see that upgrade ability is a key requirement for any device in the 2020's and beyond.

      So from a consumer perspective, we win in both scenarios.

      1. Piro Silver badge

        I was under the impression that they're still Lucky Goldstar, and this "Life's Good" stuff is just a marketing slogan

        1. Robert Grant

          Yeah it's just a slogan.

  2. Kevin McMurtrie Silver badge


    LG open-sources their phones and appliances, 3rd party support comes to life, and their hardware works however people want it to.

    OK, reality is more like LG asking everyone to install a sketchy unsigned Windows driver to patch firmware vulnerabilities as they're disclosed. The driver will have vulnerabilities too.

  3. cb7

    We live in an era where this type of crime pays.

    And law enforcement is powerless to track them down and put them away (preferably forever).

    How can someone put up a website and remain untraceable in this day and age?

    1. Tom 7

      Because we're happy to trade with people that will allow people on their soil to do this so long as they'll hide some financial transactions from our own tax inspectors.

    2. Pascal Monett Silver badge

      They are not untraceable. They are, however, not in the same country as LG HQ, therefor law enforcement cannot do anything locally and international cooperation on that front is nearly non-existant.

      So being a criminal on the Internet is basically without consequence, as long as you don't attack anything in the country where you reside.

      1. David Hicklin Bronze badge

        "as long as you don't attack anything in the country where you reside"

        or is on friendly terms with the country where you reside..

    3. robidy

      Strangely there are some people that need to be or contact people anonymously...think journos to start with...then people unfairly persecuted.

      Sometimes privacy from nation states and vested third parties is a good thing so what this group has done is not a reason to stop it altogether.

  4. RM Myers

    LG Software

    Based on my limited experience with LG software, the biggest danger from releasing the source code will be the potential to make any IT professionals die from laughter. When it comes to software quality, LG stands for low grade.

    1. Dan 55 Silver badge

      Re: LG Software

      "This man is Ernest Scribbler... writer of code. In a few moments, he will have written the funniest code in the world and, as a consequence, he will die... laughing."

    2. Arthur Daily

      Re: LG Software

      Lets see

      1) Nothing was 'stolen'

      2) Good companies have nothing to hide, and can cope with embarrassment

      3) External code reviews do no harm - at least not to LG who have super low market share in the mobile market and have admitted to noncompetitive agreements signed with suppliers, but not disclosed to the relevant authorities.

      4) Blackmail is not a problem if you have done nothing wrong

      5) It's a company not a person - so hopefully nude selfies are not on the company server

      6) Whatever happened occurred on an approved and signed off risk plan - indicating management accepted the risk anyway.

      7) May use of lessons learnt - and move on to be better. PR will do the cleaning.

  5. TRT Silver badge

    I'm not entirely clear...

    why rolling 3d6 is used in this context (the 'd' in 3d6 actually stands for 'dice' so the headline makes little sense anyway).

    Surely that must be a reference to generating character traits in the D&D game system?

    A determination of success or failure in such a system would be a 1d20 roll, which is also the same roll as 'a saving throw', which is scored against the appropriate aforementioned character trait. In this case it would make more sense as a saving throw against a spell or magical attack rather than a physical one, but there is no saving throw against the Maze spell... at least not in the first round following a successful cast. In later editions, there's a roll against the victim's intelligence once per round for every subsequent round, up to 10. But in plain old AD&D, the victim was trapped for a period simply determined by their intelligence.

    Am I missing something?

    1. TheProf

      Am I missing something?

      Answers on a postcard to the usual address.

    2. Anonymous Coward
      Anonymous Coward

      Re: I'm not entirely clear...

      “ Am I missing something?”

      Yes, go out doors and get a life, but stay 2m from anyone and wear a mask.

      1. TRT Silver badge

        Re: I'm not entirely clear...

        2m? What's that in standard dungeon interior squares?

        And would an Orc mask be acceptable?

  6. digimatic

    With any luck.....

    They'll leak the sourcecode and device signing certificates for my 2018 model TV. Then I can go about resolving the numerous software issues it has.

    UI blocking on network events, Random reboots, Forgets Freeview channels once a week, frequently needs reconnecting to my wifi, Forgets it has a soundbar attached.....sometimes won't come out of standby without a cold reboot.

    From a hardware perspective it's still all fine, and between the required reboots it performs well, but we are still pretty much ready to scrap it because its stability gets worse with every software update LG have pushed to it.

    Lucky-Goldstar? It's Lucky if I can go one day without the thing crashing, I won't touch another device from LG.

    1. Richard 12 Silver badge

      Re: With any luck.....

      That's why I will try very hard never to buy another 'smart' TV.

  7. Anonymous Coward
    Anonymous Coward

    Must have a look then..

    I have a nice 43" 4K screen of them, but it would be cool if I could stop it from also feeding power down the USB-C cable. Unfortunately, I fear that's hardware.

  8. Anonymous Coward
    Anonymous Coward

    Grr teasers..

    Skip the drama and release it already.

    We all want access to unrestricted modification development to correct the software In our foolishly purchased LG gear.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like