Sign in / up

back to article Wanted: State-backed bandits planning cyberattacks on US infrastructure. Reward: $10m

The US is offering a $10m reward to anyone who dobs in digital outlaws responsible for foreign government-backed cyberattacks on critical national infrastructure such as pipelines, power grids, and communication networks. The cash incentive is part of the US State Department's Rewards for Justice (RFJ) programme and the …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Version 1.0 Silver badge
    Facepalm

    Where's the biggest profit?

    Are malware companies making more money than the insurance companies?

    A nice boost of malware attacks means that the insurance industry has a ton of free publicity to make buying insurance look like a good idea to any corporation with an internet connection. If the malware attacks are prevented then it's going to cost the insurance companies shareholders a lot of money.

    3 1 Reply
    1. Headley_Grange Silver badge
      Reply Icon

      Re: Where's the biggest profit?

      @Version 1.0: that might have been the case up until a short while ago, but insurance companies are starting to back away from cyber security. AXA France recently stopped underwriting ransom payments. Other companies are now excluding ransom payments from their cover and the cost of premiums is rising. The security requirements for getting insured are increasing in some sectors, which can only be a good thing.

      I think we'll soon see the end of organizations having poor security and relying on the insurance pay the ransom to get their data back.

      7 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    I would have thought..

    .. that helping against obesity by messing up their meat packaging would have been cause for rewards.

    But hey, who am I to argue?

    :)

    1 4 Reply
    1. IGotOut Silver badge
      Reply Icon

      Re: I would have thought..

      What?

      4 0 Reply
    2. TimMaher Silver badge
      Reply Icon
      Thumb Up

      Re: I would have thought..

      And forcing them to walk more and pollute less because they ran out of fuel.

      All good.

      2 3 Reply
      1. Jaybus
        Reply Icon

        Re: I would have thought..

        Perhaps in NYC and other large cities where the majority already walk or use public transit, but in the area affected by the pipeline shutdown, the more typical 20 minute commute by driving turns into a 4 hour or so walk. All good for who?

        4 0 Reply
        1. elip
          Reply Icon

          Re: I would have thought..

          Nike, Adidas, and Reebok of course.

          0 0 Reply
  3. Neebert

    I was in front of a computer from age 5, I am 44 now and it seems the criminals are still one step ahead. The user can't be expected to know anything about computers but can be a criminal. I still have everything offline, I know it's going bad, it always go bad but I can have everything back to normal in 10 minutes. The vast majority of IT systems would be crippled, we need an effective online ID. Only an online passport or whatever you want to call it will keep everyone safe. There is nothing even close to this, seriously your Facebook account if you have one is about as good as it gets. That's so crazy we have to let it go bad before anyone will listen. Wait until Lastpass or someone like that get's hacked, then we will see some real damage.

    1 1 Reply
    1. Pascal Monett Silver badge
      Reply Icon

      I think we've already seen some real damage.

      Go ask the hospitals that have been hacked if the damage wasn't real.

      As for an online ID ? Pie-in-the-sky. Won't ever happen until the Internet is managed by a single entity, and that's not happening for the forseeable future if only because China ain't going to let anyone else manage its local part of the Internet.

      1 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Consider what active directory is in the context of your corporate identity. Chances are everything from desktop to payroll and any special access privileges are all there.

      Centralisation might mean less attack surface, but it definitely means single point of failure.

      I wish I could tell you about the security howlers I’ve not only seen but persist in the infrastructure world. Suffice to say every OS released since the 1980s can be found, often in equipment that you would least expect. Control system assets are usually depreciated over 20 years, yet probably out of support in 10. And you can find default passwords everywhere (how do you manage the credentials of he hundreds of different engineers that may attend the same device?) Repeatedly replacing them in bulk would also set your bills back badly.

      Consider also what this means for infrastructure systems that need communications. Flow computers, instrumentation, billing etc.

      There is something to be said for a mandraulic system over a connected one, at least from a security POV.

      All things considered the only reason we haven’t seen a major attack (Yet) is because we haven’t pissed someone enough. See black energy in the Ukraine for examples.

      1 0 Reply
  4. ElRegioLPL

    The US government clearly wont pay a $10m reward out by bitcoin, so will need your info either way which makes the tor page pointless. Even if they did pay it by bitcoin, theyve shown they will track the money to the exchange.

    1 1 Reply

    1. This post has been deleted by its author

  5. Anonymous Coward
    Anonymous Coward

    I think in many/most cases the US also has to provide refugee status and a new identity in the US. "Ditches for Snitches", otherwise. The informants can use the Tor network to pre-arrange for that special informant status.

    1 0 Reply
  6. Clausewitz 4.0
    Mushroom

    Outrageous

    Better write: "The US North A is offering a $10m reward to stop anyone who is able to have more cyberpower than US North A itself."

    But, wait.. Only $10m for such a military-political-intelligence-privatesector snafu?

    Some people will feel really devaluated.

    1 4 Reply
  7. gandalfcn Silver badge

    Which begs the question. How much funding has the USA put into cyberattacks on other countries infrastructure etc?

    0 1 Reply
  8. Anonymous Coward
    Anonymous Coward

    Belgian Version.....And It's Not About Chocolate......

    Rewrite: "We encourage anyone with information on malicious cyber activity, carried out against Belgian critical infrastructure by actors at the direction of or under the control of a foreign government, to contact the Court of Justice of the European Union (CJEU) via our Tor-based tips-reporting channel."

    *

    In this alternative universe.....you are guilty and I claim my £5......see below:

    - Link: https://www.theguardian.com/uk-news/2018/sep/21/british-spies-hacked-into-belgacom-on-ministers-orders-claims-report

    *

    How about an Iranian version.......remember Stuxnet?

    *

    Or a German version.......you know....when the NSA hacked phones in Germany, including the phone of Angela Merlkel.

    *

    ........but of course the commentards here will point out that "our people" are the "good guys"......its those "bad guys" we need to worry about!

    *

    THERE ARE NO "GOOD GUYS" IN THIS MESS!!!

    1 0 Reply
    1. Potemkine! Silver badge
      Reply Icon

      Re: Belgian Version.....And It's Not About Chocolate......

      Quite all States do extrajudicial killings. It doesn't mean murders should be made legal.

      With Russia, the point is not that the Russian State conducts ransomware attacks. Russia lets criminals do them without trying to stop them. Because it annoys the others, maybe because also Russian rulers get their share of the ransoms. Whatever the reason, the direct consequence is that ransomware flourishes.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like