This guy will be rewarded with a refreshing cup of tea...
A Russian citizen is accused of flying to America in a bid to bribe a Nevada company employee to infect their bosses' IT network with ransomware. Egor Kriuchkov has been charged [PDF] with one count of conspiracy to intentionally cause damage to a protected computer. He was nabbed by the Feds at Los Angeles airport and is …
White Queen: "The rule is, jam to-morrow and jam yesterday – but never jam to-day."
Alice: "It must come sometimes to 'jam to-day'"
White Queen: "No, it can't. It's jam every other day: to-day isn't any other day, you know." "The rule is, jam to-morrow and jam yesterday – but never jam to-day."
Alice: "It must come sometimes to 'jam to-day'."
White Queen: "No, it can't. It's jam every other day: to-day isn't any other day, you know."
Once upon a time, the KGB would have first gotten dirt on the prospect, or fabricated it if there was none to be had. Then there would have been a night out, but with girls, not friends, and the deal would have been proposed. Of course, the dirt would have been hinted at, then blatantly exposed if the prospect was not compliant. When the deal had been agreed on, the prospect, now very willing accomplice, would have remained under surveillance until completion of the mission.
Don't they watch The Americans any more ?
Gaming was my first thought too - Reno is / was the registration of choice / necessity for a number of outfits?
However, see https://www.zippia.com/company/best-biggest-companies-in-reno-nv/ - there are a number of medicals there too.
Looking down the scale, isn't there also a certain ranch in Nevada? Be fscked if I can remember the name.
Nowadays, it's the FSB or the GRU. Besides, it depends on the person they are trying to coerce. I'm one of those "I don't give a shit" types. I would report the attempt to the FBI and damn the consequences of the dirt being aired. Fabricated or not.
I would like to think that that would be my attitude as well, but you never know until it happens.
And let's not forget that kidnapping your significant other, or child if you have one, can also be on the cards, with the threat of losing body parts if you don't comply.
It's rather hard to ignore that kind of threat.
I would report the attempt to the FBI and damn the consequences of the dirt being aired. Fabricated or not.
Easy to say when you are not is that position. But are you quite certain that you would be as blase about it if the "dirt" was irrefutable evidence of you having sex with a 12 year old (or several)?
One million dollar. In Bitcoin. After the operation has succeeded, so the employee has no way to enforce payment without going to jail. Do I have "mug" written all over my face? No way I would accept this.
Chances of actually cashing in would be quite low. Chances of being caught would be considerable, followed by years in jail, bankruptcy, no chance of ever getting a well-paid job again. And since this is in Nevada, I'm sure there are some companies there who are run by quite unscrupulous people, so there is the risk I wouldn't even make it to jail.
A bribe of any magnitude is useless if the funds aren't both safe and explainable. Winning lottery ticket, 'corporate sponsorship' as in fight club etc. The other alternative, for anyone without attachments, is someone willing and able to permanently relocate to some backwater (and where $1 million certainly won't last that long)
Strictly speaking, the mark went to his bosses and the corporate security team, and *they* went to the feds.
But the comments section is normally funnier than the article! And whereas the articles tend to be quite accurate, some of the comments are... well, let's just say their grasp of the subject matter is like today's Hollywood's idea of an original script...
When dealing with shady organisations remember how much you life is worth. I've never contracted a killer but I guess you could probably get it done for 20K. I'm talking about getting away with it, not paying a couple of crack-heads, them getting caught and dobing you in. Therefore if it costs 25K to pay you off it's cheaper to off you. Now you might disagree with the figure I have suggested and think, or know, how much it would cost for a professional hit so use that figure in my hypothesis.
> Now you might disagree with the figure I have suggested and think, or know, how much it would cost for a professional hit so use that figure in my hypothesis.
Or you could pay someone £100k to do the hit, only for them to outsource it to someone else for £50k, who then outsources it for £25k, who then gets someone for £10k... who decides they can't be bothered and just goes to ask the victim if they wouldn't mind pretending to be dead.
And this actually happened in real life event, though it involved a total of 5 hitman, and started at ~£250k...
It seems that a good deal of the commentariat takes its notions of Las Vegas from the Godfather movies. Nowadays the big casinos are run by guys like Steve Wynn, mostly famous for inadvertently sticking an elbow through a Picasso in his digs, or Sheldon Adelson, best buddies with Donald Trump, at least when the latter doesn't go unhinged and tell him off. Admittedly, a sometime mob lawyer is or recently was mayor of Las Vegas, but it's really corporate these days. I suspect that most Las Vegas crime these days above the holding up the 7-11 level amounts to tax evasion or money laundering.
My own suspicion is that the company meant to be extorted provided services that clients did not care to have public, else why would the business's data be worth the threat of disclosure.
Good point - these days when every device is traceable it could be very interesting to do a wallet biopsy on everyone walking into the building, their phones, Fitbits, laptop, cars parked in the garage and their credit cards when they buy a drink or ten. I expect that's happening, but under the table.
"Fitbits, laptop, cars parked in the garage and their credit cards when they buy a drink or ten. I expect that's happening, but under the table."
The likes of Google and Facebook probably already have that. More so is/when Google put their hubs into the hotel rooms.
"services that clients did not care to have public, else why would the business's data be worth the threat of disclosure."
Most responsible businesses do take security of their clients' seriously. At least they do after they've been breached. That's why abstracting data before encrypting it has become a standard part of ransomware.
In my younger days I remember getting security training. One of the points made was that spies, etc. will try to set you up to coerce you into working with them by various means mostly foul. But what was noted in the training was that going to the security people as soon as it was safe with the details will clear you of any wrong doing and they will probably use you to maintain contact until they are ready to pounce.
Does anyone know what happens if, you happened to get approached in such a situation AND you agreed and got a cash advance from the bad guys (because lets face it you would have to be a severe Numpty to not get the cash upfront), if you then hand the buggers over to the feds - do you get to keep the cash?
Asking for a friend. Honest guv!
Sounds to me like he did exactly the right thing:
https://electrek.co/2020/08/27/tesla-fbi-prevent-ransomware-hack-gigafactory-nevada/ (thanks @disgruntled yank for the link).
According to the complaint, Kriuchkov traveled to the US in July on a tourist visa and made contact with a Russian-speaking employee at Tesla Gigafactory Nevada.
He met the employee, who remains anonymous in the complaint, several times socially before making him a proposition to pay him to help introduce malware in Tesla’s internal computer system in order to extract corporate data and affect Tesla’s operations.
Kriuchkov alleged that he was representing a group that would then arrange a ransom with Tesla in order to not release the information and stop affecting its operations. The employee didn’t refuse, but he immediately informed Tesla, who in turn informed the FBI.
The FBI launched a sting operation with the employee who wore a wire and shared text communications with Kriuchkov as they were negotiating the terms of the malware attack. The employee and Kriuchkov met several times throughout August to plan the attack and the payment of the employee’s fee.
Interestingly, through the cooperation with the Tesla employee, the FBI was able to obtain information about previous attacks from this group.
Well, if you already end up in the yes or no part of the conversation, you're already at a certain level of risk. They might have plans if you say no to make sure you don't report their request to someone. While those plans might be along the lines of "put that guy and the people near them on the don't try list, get the requester out of the country, and send a new requester next time just in case", they might also run along the lines of "turn that guy in right now to get them caught or maybe use a nearby object to attempt to create amnesia so they don't remember what I look like [procedure may have side-effects]". If you agree long enough to get free and turn them in, not only might you have a better safety record but you might actually catch these people, like this time.
Timed out while waiting on cache-lcy19271-LCYThe cache time-out makes me think DDoS. Then again, maybe it's just that the ops team haven't had their maintenance whipping, due to Covid-19 social distancing...
Biting the hand that feeds IT © 1998–2020