I hope they find them
And when they do, well, let's just say I wouldn't balk at some extraordinary rendition.
UK and US cops have reportedly joined forces to find and fight Qilin, the ransomware gang wreaking havoc on the global healthcare industry. In early June, the notorious Russia-based crew attacked Synnovis, which provides pathology services to National Health Service's London hospitals. The digital intrusion has led to the …
I think the technique they've used already of offering a substantial reward for "information" leading to the arrest of some of the leaders might well turn up results. A large enough some of money might tempt one criminal to remove another, eve a possible rival, for fun and profit. Go drinking in a bar in Moscow, wake up in a country with an extradition treaty with the US.
Not that agree at all with this line of thinking.. but in the current context of Ukraine delivering missiles deep into Russia onboard drones, and NATO countries supplying said missiles plus intel, it would be pretty easy to conceal something even more chilling. With several layers of doublespeak involved I propose this would be called 'extraordinary non-rendition'.
It's a tad short-sighted to 'like' it, since that puts more money in the hands of the criminals to further their criminal enterprises. It's somewhat akin to 'liking' a drunk driver who hits a sexual predator; you don't hand them another bottle of gin and praise their extrajudicial actions.
"I don't mind when big corporations get shafted, in fact I quite like it tbh."
So you don't mind if some of your pension funds investments get siphoned off by scum? Or the savings of people trying to put together a deposit on a house or for their families?
How many times do we have to spell it out? The big investors in big corporations aren't some nebulous "them". They're more likely to be us. And in this sort of attack, doubly us because it's the corporations' customer data that's being sold on to other scammers.
Even when you discount NHS data this is not victimless crime.
"So you don't mind if some of your pension funds investments get siphoned off by scum? Or the savings of people trying to put together a deposit on a house or for their families?"
You delicate summer flower.
$megacorp will milk us for every penny then can, with or without being hacked.
If you look up Synnovis, the organisation actually attacked, you might be forgiven for thinking it was a big corporation.
Its most recent accounts up to 2023 show income of just under GBP 200 million.
That's likely to be a lot high during 2023 and into 2024.
The document, at 56 pages, makes interesting reading. No mention in the risk section of their own IT, letalone how vulnerable it might be. Just everybody else.
But the good news - from their June 4th press release is that - "We take cybersecurity very seriously at Synnovis and have invested heavily in ensuring our IT arrangements are as safe as they possibly can be".
In days past, a large reserve of tangible wealth was a big target for criminal gangs. The downside for the gangs was the need to be physically present to take that wealth away from the legitimate owner(s). Today, thefts can be accomplished from just about anywhere on Earth since the items being sought have no physical form. That should make the keepers of the data more careful about protecting that information, but just like a vault, it costs money and they don't seem to think they need to make that investment.
One thing to think about is the concentration of data in one place with one door (or path). If the most the criminals could get for their efforts is 10,000 records as that's all a database will contain, it might be less rewarding to take the risk as opposed to be able to grab records of 70,000,000 people in one go. It's a convenience vs. security trade as many things are. Increase convenience and security suffers. Increase security and convenience is lessened. Any legitimate need to access the entire database could be allowed only on approved application at a secured facility and not available via the internet. Speed of read access for something as large as a hospital could be set as a function of how large the hospital is where write access to update patient records could have very different settings.
There'll always be some odd-ball research project that requires access to some weird subset of data that can only practicably be fulfilled by giving them full access. The problem is that data is more useful and more valuable the more concentrated it is, to good guys and bad. I think that's a principle that goes a bit beyond the well accepted trade-off in computer security of mere 'convenience'.
"There'll always be some odd-ball research project that requires access to some weird subset of data that can only practicably be fulfilled by giving them full access."
I understand that, but it should come with needing to access that data at a location with physical controls. If the research isn't going to support the cost of going to one of these locations, the researcher will need to figure something out. It's like an astronomy grad student that has a thesis they are working on that needs access to a large telescope. They either have to get the funding to buy the time or come up with a new research project (or make modifications). There were things I would have liked to pursue while at University but resources where not there to do them so I had to find something else.