IT security analyst admits hijacking cyber attack to pocket ransom payments A former IT security analyst at Oxford Biomedica has admitted, five years after the fact, to turning to the dark side – by hijacking a cyber attack against his own company in an attempt to divert any ransom payments to himself. Ashley Liles, of Letchworth Garden City, in Hertfordshire, England, pleaded guilty at Reading Crown …
True, but I have seen someone being docked for handling CP where it was patently evident to anyone with a shred of knowledge that the pattern didn't fit, nor was the 'evidence' as gathered by Plod anywhere near technically acceptable. Think someone barely able to operate Windows and "certified" to run some analysist software applying it to a Mac and ignoring the fact that the location where that one picture was found did by no means match the alleged perpetrator's competence, making the 'tip'they received rather suspect (especially after a burglary a few days earlier where nothing of value was taken).
That didn't matter in the end: they found one picture and statistics matter far more than someone's life, so the guy got it in the neck - and his family as a consequence.
Of course, the people who DID plant that image are still running around..
And to think that in countries such as Australia the "security services" are permitted to break into a target's computer and make changes. Opens up the possibility of fitting up undesirable people.
But I am assured that has never happened and the police and security agencies are so honest that they would never do such a thing.
> the police and security agencies are so honest that they would never do such a thing.
You can feel assured of this by the extreme effort an agency which endows people with literal power over others' lives goes to ensure the inevitable river of applicants who seek to abuse such power are discovered and permanently rejected.
Right?
-> Liles, in his capacity as security analyst for Oxford Biomedica
In the comments to this article - https://www.theregister.com/2023/05/12/exubiquiti_developer_jailed/ - I mentioned the difficulty of preventing insider security problems. It is not an easy thing to do. To me it is the trust element which is so troubling. Burglars burgle (for the benefit of our American cousins, they don't burglarize any more than robbers robberize or murderers murderize their victims) , and that is to be expected. It is why we have locks on our doors. We have an expectation that people inside the door are more trustworthy.
-> Liles had attempted to wipe his devices days before his arrest, but the data was recovered.
This git doesn't appear to be the sharpest of 'security analysts', does he? Which is how he was caught, I guess. He deserve a few years in the slammer for this.
"Burglars burgle (for the benefit of our American cousins, they don't burglarize any more than robbers robberize or murderers murderize their victims)"
Be careful what you write, ChatGPT is listening. I find neither burgle nor burglarize in the 1913 Websters. Searching the web leads to:
"Do Burglars 'Burgle' or 'Burglarize'? ... Both words were formerly disparaged, but both are now considered perfectly fine." (Clealy they didn't ask VoiceOfTruth.) https://www.merriam-webster.com/words-at-play/do-burglars-burgle-or-burglarize . It seems disparaging a word is not enough to keep it out of the dictionary.
I was wondering if the Oxford Biomedica case was the basis for the plot? The book came out in 2020 but El Reg doesn't say when the initial arrest was made. I'm still not sure of that, but found this:
Age Discrimination, Breach of Contract, Unfair Dismissal, Working Time Regulations
Decision date: 30 May 2019
https://www.gov.uk/employment-tribunal-decisions/mr-a-liles-v-oxford-biomedica-uk-ltd-3331202-2018
Mr. Liles is a charmer, he will do well after his rehabilitation.
As "H" to remote in from another computer, to the computer (That AC12 traced as physically in Spain) to log on to a "IRC server" accessed\owned\maintained by the OCG (Which should be traceable in itself).
It's been 2 years, since the last season finished, so no spoiler tags.
What an idiot for even considering this was a good plan.
One has to wonder if someone else was party to the activity, was it his own idea, or someone else?
Seems like a quick way to ruin your career and any future prospect of employment in the same industry.
£300,000 isn’t even a lot of money, it’s fuck all
“The unauthorized access was determined to have come from Liles's home .. Liles had attempted to wipe his devices days before his arrest, but the data was recovered.”
So these cyber security qualifications aren't worth the paper they're written on. What he should have done is attach a femtocell to a mobile phone and attach it to the internal network at work. That way he could “hack” in from anywhere there is a mobile signal.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
