"Unskilled group" is responsible for multiple, crappy ransomware attacks


#1

Originally published at: http://boingboing.net/2017/03/28/tuyuljahatathotmail-com.html


#2

Calling itself SADStory

There’s a story there.


#3

Telling people that their shared web hosting servers are rooted is about 10–15% of my average day at work.

I almost feel like someone needs to write a modern version of The Jungle about the tech industry, because that’s pretty much the level of disgusting we’re still at.


#4

Wonder how well a “skilled” group could do…

http://imgur.com/2E6Aro5


#5

I hate to see sloppy work. These “Mafia Malware Indonesia” guys need to sign up for a white-hat hacking course through the BoingBoingStore. It’s 91% off! And I’m sure it could be adapted back to black-hat stuff.


#6

It’s actually SADStroy (as in Search And Destroy?) if you look at the image, but I love it how everyone is calling them Sad Story now and the name is totally sticking.


#7

i hear this trope marched out every virus, hack, malware, exploit, etc. and it is almost never true. every. single. time. even with snowden there was a concerted effort to paint him as a technical bumbler.

we will never know. it is beyond the scope of security researchers egos to ever admit any attack had any skill whatsoever. (insert tootsie pop owl) all while blatantly ignoring the fact that X attack was successful, meaning it worked investing the minimum effort for a successful outcome is a hacker sums game, and crucial to understanding any attack. reusing pieces that work doesn’t indicate one way or the other the skill of the person stringing them successfully together, it really is a silly silly stupid trope.

if the people securing the forts are so smart, then how come the people attacking them have such an easy time and the odds are so stacked in their favor that overall computer security can be referred to as a “dumpster fire”? Something doesn’t add up yo. it is a weird trope meant to demean and taunt hackers with very little basis in reality. they also intentionally misconflate the people discovering and writing the exploits with the people reusing and repackaging them.

haha


#8

Might have something to do with this

http://imgur.com/kkaRWip


#9

“I betcha they’ll managed to get the formula right by the summer and start raking it in.”

Speaking of sloppy.


#10

Well, I’m out of the loop today, but back in the early days of viruses, when most were still written in assembly, I spent a lot of time disassembling, dissecting, commenting and annotating viruses found in the wild.

And most of them were pretty terrible code, really. More than a few were meant to be way more destructive than they actually were, because their destructive “payloads” were so bug-ridden that they didn’t work at all, and the virus was only discovered because its reproductive code was so buggy.

That many of them worked at all was something of a wonder.

But at that point in history, most programmers wrote terrible assembly code. All the uni-trained kids used C or C++ for everything but embedded systems (aside from passing around snippets of inline assembly like poorly-understood magical incantations).

But I was self-taught, and always started with a platform’s assembly language. I never really felt like I understood a system unless I could parse a debugger’s disassembly dump. (-:

I have no particular dog in this fight: I’ve seen really crappy code in antivirus software, too.

But IME at the time, efficient well-written code was the exception rather than the rule in viruses.


#11

I used to be involved in the running of a website for a fan convention but at some point they ripped it away from me to move it to dreamhost for $9 … The idea of shared shells for what looked like 1000 people just kinda unnerved me.

I do wonder if they are rooted.


#12

They never have to be good at it. They just have to hit enough people who will just pay to get their files back. It’s like the Nigerian email scams. Poorly written, a lot of people would say it’s an obvious scam. Those people aren’t the targets. The real targets are the people dumb enough not to recognize it’s a scam. They are easier to deal with.

You get too good at it, and you start dealing with people who have the smarts and resources to fight back.


#13


#14

This topic was automatically closed after 5 days. New replies are no longer allowed.