Tag Archives: cybercrime

Think Hoarding Passwords Keeps You Safe From Firing? Think Again

Most employees think they are indispensable to their employers, but in fact, most employees are easily replaced. A recent legal ruling involved an IT manager who sought job security by holding “the keys to the kingdom”–the passwords to the company’s computer network that only he possessed. His plan didn’t become a fast track to climbing the corporate ladder; instead, it led to his relocation into a jail cell.

Terry Childs was principal network engineer for Department of Telecommunications and Information Services (DTIS) of the City and County of San Francisco. He apparently distrusted his co-workers and sought to make himself unfireable, so he arranged to become the only person with his network’s passwords. When he was suspended from his job, he refused to divulge the passwords so that his employer could reassume control over its network…

For taking these steps, Childs was convicted of violating California’s state computer crime law (California Penal Code Sec. 502(c)(5)), which criminalizes taking an action that “knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.” He was sentenced to four years in prison and ordered to pay nearly $1.5 million in restitution, the bulk of which compensates the employer for its post-firing efforts to find and fix Childs’ backdoors. Last month, a California appeals court upheld the conviction and restitution order.

I imagine many IT employees and software engineers fantasize about how they will “stick it to the man” through backdoors or password-hoarding if they are ever fired from their jobs. Fantasies are fine, but actually implementing the plan could turn into a criminal nightmare.

via Think Hoarding Passwords Keeps You Safe From Firing? Think Again.

Mushrooming growth of ransomware extorts $5 million a year | Ars Technica

Malware that disables computers and demands that hefty cash payments be paid to purported law-enforcement agencies before the machines are restored is extorting as much as $5 million from end-user victims, researchers said.

The estimate, contained in a report published on Thursday by researchers from antivirus provider Symantec, is being fueled by the mushrooming growth of so-called ransomware. Once infected, computers become unusable and often display logos of local law-enforcement agencies, along with warnings that the user has violated statutes involving child pornography or other serious offenses. The warnings then offer to unlock the computers if users pay a fine as high as $200 within 72 hours.

via Mushrooming growth of ransomware extorts $5 million a year | Ars Technica.

Ransomware: Hackers’ new trick to take over your computer and blackmail you for cash. – Slate Magazine

There are many variants of ransomware, all of which begin by locking you out of your own machine. The next phase: trying to blackmail, intimidate, or otherwise spook you into forking over cash. You probably shouldn’t do it. But it’s easy to see why a lot of people do.

The version I described in the first paragraph is the product of a virus called Reveton, which you can contract either by clicking a malicious link or visiting an infected website, which triggers an automatic download. Beneath the video feed, which registers the surprise on your face as you recognize yourself, are your computer’s IP address and hostname and an urgent message: “Your computer has been locked!” Scroll further and you’ll find yourself accused of possessing illegally downloaded files in violation of federal copyright laws. A new iteration claims that you’re in violation of SOPA, the Stop Online Piracy Act—which, as serious netizens know, never actually became law.

The crime, you’re told, is punishable by a fine or up to three years in prison. There’s only one way to unlock your computer, according to the warning on your browser, and that’s to pay up. And if you don’t pay the specified “fine” within 48 or 72 hours—often by purchasing a prepaid cash card such as Green Dot’s Moneypak, which makes the transaction hard to trace—it claims that you’ll be locked out of your machine permanently and face criminal charges to boot.

The criminal charges are bogus, of course, but the threat of being permanently locked out of your files is real, says Chet Wisniewski, senior security adviser at the data-security firm Sophos.

via Ransomware: Hackers’ new trick to take over your computer and blackmail you for cash. – Slate Magazine.