back to article Forget your space-age IT security systems. It might just take a $1m bribe and a willing employee to be pwned

A Russian citizen is accused of flying to America in a bid to bribe a Nevada company employee to infect their bosses' IT network with ransomware. Egor Kriuchkov has been charged [PDF] with one count of conspiracy to intentionally cause damage to a protected computer. He was nabbed by the Feds at Los Angeles airport and is …

  1. Anonymous Coward
    Anonymous Coward

    At least...

    This guy will be rewarded with a refreshing cup of tea...

  2. Anonymous Coward
    Anonymous Coward

    Id like to complain

    I'm starting to get wound up by these hacker images used on articles like this. They're clichéd and and inaccurate.

    He should be crouching with a cigarette in a corner and wearing tracksuit bottoms.

    1. macjules Silver badge

      Re: Id like to complain

      Or crouched in a corner in the shower trying not to drop the soap.

  3. Flocke Kroes Silver badge

    $1m portion of which would go back to the employee

    White Queen: "The rule is, jam to-morrow and jam yesterday – but never jam to-day."

    Alice: "It must come sometimes to 'jam to-day'"

    White Queen: "No, it can't. It's jam every other day: to-day isn't any other day, you know." "The rule is, jam to-morrow and jam yesterday – but never jam to-day."

    Alice: "It must come sometimes to 'jam to-day'."

    White Queen: "No, it can't. It's jam every other day: to-day isn't any other day, you know."

  4. Pascal Monett Silver badge
    FAIL

    Well the FSB ain't what it used to be

    Once upon a time, the KGB would have first gotten dirt on the prospect, or fabricated it if there was none to be had. Then there would have been a night out, but with girls, not friends, and the deal would have been proposed. Of course, the dirt would have been hinted at, then blatantly exposed if the prospect was not compliant. When the deal had been agreed on, the prospect, now very willing accomplice, would have remained under surveillance until completion of the mission.

    Don't they watch The Americans any more ?

    Pff. Amateurs.

    1. osakajin Bronze badge

      Re: Well the FSB ain't what it used to be

      That's millennials for you.

    2. Androgynous Cupboard Silver badge

      Re: Well the FSB ain't what it used to be

      FSB? Could be I suppose, but it looks like private enterprise to me. What did said Nevada company do I wonder?

      1. Anonymous Coward
        Anonymous Coward

        Re: Well the FSB ain't what it used to be

        Casino

        1. Diogenes8080

          Attribution

          Gaming was my first thought too - Reno is / was the registration of choice / necessity for a number of outfits?

          However, see https://www.zippia.com/company/best-biggest-companies-in-reno-nv/ - there are a number of medicals there too.

          Looking down the scale, isn't there also a certain ranch in Nevada? Be fscked if I can remember the name.

        2. macjules Silver badge

          Re: Well the FSB ain't what it used to be

          Tesla Gigafactory

    3. Maelstorm Bronze badge

      Re: Well the FSB ain't what it used to be

      Nowadays, it's the FSB or the GRU. Besides, it depends on the person they are trying to coerce. I'm one of those "I don't give a shit" types. I would report the attempt to the FBI and damn the consequences of the dirt being aired. Fabricated or not.

      1. Pascal Monett Silver badge

        I would like to think that that would be my attitude as well, but you never know until it happens.

        And let's not forget that kidnapping your significant other, or child if you have one, can also be on the cards, with the threat of losing body parts if you don't comply.

        It's rather hard to ignore that kind of threat.

      2. Anonymous Coward
        Anonymous Coward

        Re: Well the FSB ain't what it used to be

        Can't have been GRU. There weren't any yellow minions to be seen.

      3. Cynic_999 Silver badge

        Re: Well the FSB ain't what it used to be

        "

        I would report the attempt to the FBI and damn the consequences of the dirt being aired. Fabricated or not.

        "

        Easy to say when you are not is that position. But are you quite certain that you would be as blase about it if the "dirt" was irrefutable evidence of you having sex with a 12 year old (or several)?

        1. Maelstorm Bronze badge

          Re: Well the FSB ain't what it used to be

          I can safely guarantee you that is fabricated because that is something that I will never do.

          1. John Brown (no body) Silver badge

            Re: Well the FSB ain't what it used to be

            But will all your friends, neighbours, employer etc think that too? Can you be absolutely certain?

    4. Paul Hovnanian Silver badge

      Re: Well the FSB ain't what it used to be

      "Once upon a time, the KGB would have first gotten dirt on the prospect"

      But sometimes that backfires.

  5. HildyJ Silver badge
    Facepalm

    Oceans

    Sounds like a plot from the Oceans Eleven franchise (and I suspect a casino was the unnamed company).

  6. Hubert Cumberdale Silver badge

    Here's the

    obligatory XKCD for you.

    1. Maelstorm Bronze badge

      Re: Here's the

      And that's what they call rubber hose cryptanalysis.

  7. gnasher729 Silver badge

    One million dollar. In Bitcoin. After the operation has succeeded, so the employee has no way to enforce payment without going to jail. Do I have "mug" written all over my face? No way I would accept this.

    Chances of actually cashing in would be quite low. Chances of being caught would be considerable, followed by years in jail, bankruptcy, no chance of ever getting a well-paid job again. And since this is in Nevada, I'm sure there are some companies there who are run by quite unscrupulous people, so there is the risk I wouldn't even make it to jail.

    1. cbars Silver badge

      Just watched "Greed":

      "Have I got a handle on my head?"

      ... "I'm saying, in a very clever way, do I look like a fucking mug?"

      Haaaaaaa

      1. Hubert Cumberdale Silver badge

        What does Marsellus Wallace look like?*

        *(moderately NSFW due to language and violence)

    2. jmch Silver badge

      Quite so...

      A bribe of any magnitude is useless if the funds aren't both safe and explainable. Winning lottery ticket, 'corporate sponsorship' as in fight club etc. The other alternative, for anyone without attachments, is someone willing and able to permanently relocate to some backwater (and where $1 million certainly won't last that long)

  8. Maelstorm Bronze badge

    I wonder if the guy they tried to bribe went to the feds.

    1. Anonymous Coward
      Anonymous Coward

      So you skipped the article?

      And went right to the comments section?

      1. Anonymous Coward
        Anonymous Coward

        Re: So you skipped the article?

        Strictly speaking, the mark went to his bosses and the corporate security team, and *they* went to the feds.

        But the comments section is normally funnier than the article! And whereas the articles tend to be quite accurate, some of the comments are... well, let's just say their grasp of the subject matter is like today's Hollywood's idea of an original script...

        1. Paul Hovnanian Silver badge

          Re: So you skipped the article?

          "Strictly speaking, the mark went to his bosses"

          That's not always a good idea. Sometimes the boss has already been paid off and has supplied your name as a scapegoat should that infected USB stick be discovered.

    2. Anonymous Coward
      Anonymous Coward

      The Russians were talking to him and he reported it? He must be a damn Democrat, no Republican would ever do such a thing!

    3. disgustedoftunbridgewells Silver badge

      I'm going to start doing this below reports on football matches.

      "So chaps, does anybody know what the score was last night? I think it X were playing Y. "

  9. Anonymous Coward
    Anonymous Coward

    Night out with Friends?

    That's a bit bizarre....

    "Hey all my friends, I'd like you to meet this cool Russian dude I met online, who is paying for us all to be here tonight....... "

    As a previous poster commented, a night in with some nice russian girls would seem a better prospect.

  10. We're with Steve

    A life is worth less than 1Million

    When dealing with shady organisations remember how much you life is worth. I've never contracted a killer but I guess you could probably get it done for 20K. I'm talking about getting away with it, not paying a couple of crack-heads, them getting caught and dobing you in. Therefore if it costs 25K to pay you off it's cheaper to off you. Now you might disagree with the figure I have suggested and think, or know, how much it would cost for a professional hit so use that figure in my hypothesis.

    1. juice Silver badge

      Re: A life is worth less than 1Million

      > Now you might disagree with the figure I have suggested and think, or know, how much it would cost for a professional hit so use that figure in my hypothesis.

      Or you could pay someone £100k to do the hit, only for them to outsource it to someone else for £50k, who then outsources it for £25k, who then gets someone for £10k... who decides they can't be bothered and just goes to ask the victim if they wouldn't mind pretending to be dead.

      And this actually happened in real life event, though it involved a total of 5 hitman, and started at ~£250k...

      https://eu.usatoday.com/story/news/world/2019/10/25/chinese-developer-five-hitmen-sentenced-after-failed-murder-outsource/4094899002/

      1. Peter2 Silver badge

        Re: A life is worth less than 1Million

        And including faking the murder with the victim, so the "murderer" got paid the other half of the money before going to the police, apparently.

  11. disgruntled yank Silver badge

    Old and romantic notions

    It seems that a good deal of the commentariat takes its notions of Las Vegas from the Godfather movies. Nowadays the big casinos are run by guys like Steve Wynn, mostly famous for inadvertently sticking an elbow through a Picasso in his digs, or Sheldon Adelson, best buddies with Donald Trump, at least when the latter doesn't go unhinged and tell him off. Admittedly, a sometime mob lawyer is or recently was mayor of Las Vegas, but it's really corporate these days. I suspect that most Las Vegas crime these days above the holding up the 7-11 level amounts to tax evasion or money laundering.

    My own suspicion is that the company meant to be extorted provided services that clients did not care to have public, else why would the business's data be worth the threat of disclosure.

    1. Version 1.0 Silver badge

      Re: Old and romantic notions

      Good point - these days when every device is traceable it could be very interesting to do a wallet biopsy on everyone walking into the building, their phones, Fitbits, laptop, cars parked in the garage and their credit cards when they buy a drink or ten. I expect that's happening, but under the table.

      1. John Brown (no body) Silver badge

        Re: Old and romantic notions

        "Fitbits, laptop, cars parked in the garage and their credit cards when they buy a drink or ten. I expect that's happening, but under the table."

        The likes of Google and Facebook probably already have that. More so is/when Google put their hubs into the hotel rooms.

    2. Doctor Syntax Silver badge

      Re: Old and romantic notions

      "services that clients did not care to have public, else why would the business's data be worth the threat of disclosure."

      Most responsible businesses do take security of their clients' seriously. At least they do after they've been breached. That's why abstracting data before encrypting it has become a standard part of ransomware.

    3. Claverhouse Silver badge

      Re: Old and romantic notions

      ... or Sheldon Adelson, best buddies with Donald Trump, at least when the latter doesn't go unhinged and tell him off.

      .

      Caesar's wife must be above suspicion.

  12. Anonymous Coward
    Anonymous Coward

    Who needs money when you have deep and abiding hatred

    LOL a million dollars?

    We've got employees that are so bitter and twisted they'd do it just to see the look on their manager face

  13. disgruntled yank Silver badge

    Update

    Now it appears that the target was Tesla: https://electrek.co/2020/08/27/tesla-fbi-prevent-ransomware-hack-gigafactory-nevada/ .

  14. a_yank_lurker Silver badge

    Old Training

    In my younger days I remember getting security training. One of the points made was that spies, etc. will try to set you up to coerce you into working with them by various means mostly foul. But what was noted in the training was that going to the security people as soon as it was safe with the details will clear you of any wrong doing and they will probably use you to maintain contact until they are ready to pounce.

  15. lglethal Silver badge
    Go

    Just curious...

    Does anyone know what happens if, you happened to get approached in such a situation AND you agreed and got a cash advance from the bad guys (because lets face it you would have to be a severe Numpty to not get the cash upfront), if you then hand the buggers over to the feds - do you get to keep the cash?

    Asking for a friend. Honest guv!

    1. Cynic_999 Silver badge

      Re: Just curious...

      "... do you get to keep the cash?"

      Not in the UK. It would be seized under POCA.

      1. Paul Hovnanian Silver badge

        Re: Just curious...

        In the USA, only the police are allowed to profit from the proceeds of criminal activity.

  16. Archivist

    Just say no

    Having got embroiled and cheated on the deal, he'd better keep looking over his shoulder from now on.

    Would have been better to just say no in the first place.

    1. Lomax
      Go

      Re: Just say no

      Sounds to me like he did exactly the right thing:

      According to the complaint, Kriuchkov traveled to the US in July on a tourist visa and made contact with a Russian-speaking employee at Tesla Gigafactory Nevada.

      He met the employee, who remains anonymous in the complaint, several times socially before making him a proposition to pay him to help introduce malware in Tesla’s internal computer system in order to extract corporate data and affect Tesla’s operations.

      Kriuchkov alleged that he was representing a group that would then arrange a ransom with Tesla in order to not release the information and stop affecting its operations. The employee didn’t refuse, but he immediately informed Tesla, who in turn informed the FBI.

      The FBI launched a sting operation with the employee who wore a wire and shared text communications with Kriuchkov as they were negotiating the terms of the malware attack. The employee and Kriuchkov met several times throughout August to plan the attack and the payment of the employee’s fee.

      Interestingly, through the cooperation with the Tesla employee, the FBI was able to obtain information about previous attacks from this group.

      https://electrek.co/2020/08/27/tesla-fbi-prevent-ransomware-hack-gigafactory-nevada/ (thanks @disgruntled yank for the link).

    2. doublelayer Silver badge

      Re: Just say no

      Well, if you already end up in the yes or no part of the conversation, you're already at a certain level of risk. They might have plans if you say no to make sure you don't report their request to someone. While those plans might be along the lines of "put that guy and the people near them on the don't try list, get the requester out of the country, and send a new requester next time just in case", they might also run along the lines of "turn that guy in right now to get them caught or maybe use a nearby object to attempt to create amnesia so they don't remember what I look like [procedure may have side-effects]". If you agree long enough to get free and turn them in, not only might you have a better safety record but you might actually catch these people, like this time.

  17. Lomax
    Big Brother

    The Independent Takes a Stumble Under Pressure

    Any guesses who's behind the takedown of the London Independent? It's been down most of the day, at one point showing the Apache2 Ubuntu Default page, and currently

    Timed out while waiting on cache-lcy19271-LCY
    The cache time-out makes me think DDoS. Then again, maybe it's just that the ops team haven't had their maintenance whipping, due to Covid-19 social distancing...

    1. Doctor Syntax Silver badge

      Re: The Independent Takes a Stumble Under Pressure

      Could it be something to do with the fire and they haven't got their replacement up and running yet?

      https://www.theregister.com/2020/08/27/telstra_london_hosting_centre_fire/

      1. Lomax

        Re: The Independent Takes a Stumble Under Pressure

        Could be! Is that where Fastly keep their LCY boxen?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020