Hacker News

2 hours ago by flowerlad

The government should offer a similar reward for information on US corporations who run critical infrastructure, or hoard personal information on US citizens, and don't maintain proper security.

an hour ago by cgb223

A government bug bounty program would be a huge step forward to our defense.

Could even encourage would be hackers to go white hat

an hour ago by flowerlad

The payout should come from the company that has the vulnerability, not US taxpayers. So basically there needs to be a law that states that if you run critical infrastructure, or hoard personal information on US citizens then you are required to set aside X dollars to pay white hat hackers who find vulnerabilities.

an hour ago by sircastor

That might have the added benefit of incentivizing better security practices overall.

2 hours ago by ixacto

So basically all the credit rating agencies and the government itself? Or does the OPM get sovereign immunity? https://www.lawfareblog.com/why-opm-hack-far-worse-you-imagi...

2 hours ago by salimmadjd

From the AP version (h/t @tareqak) [0], "identification of anyone engaged in foreign state-sanctioned malicious cyber activity". Key phrase, state-sanctioned.

This has less to do with tracking down cybercriminals, and more with creating a case for foreign policy agenda.

Remember it was WMD informant "Curveball" testimony to then Secretary of State Powell, that was used as one of the key pretexts to invade Iraq.

Essentially if an administration comes with an agenda to start a new war, they put the right people inside the State Department and then those guys just need to comb for anything (validated or not) to find "informants" to make the case for cyber attack. Followed by making the case in media that cyber attack is military attack and it requires military retaliation.

This will bypass the entire US intelligence system to validate the source of threat. It just needs one person to claim they were involve in cyber attack against US and it was sponsored by the government of Iraq, Iran, Venezuela, or any other country we want to go after.

I highly recommend watching this portion of the town hall with former US Congressman Dennis Kucinich talking about how non disclosure rules prevented the Congress from speaking out against US State Department spreading false information to American public [1].

[0] https://apnews.com/article/technology-joe-biden-europe-busin...

[1] https://youtu.be/s-W9b-_K_Xo?t=2433

27 minutes ago by exabrial

Oh I got this: A bunch of US IT Firms left the front doors unlocked and got mad when someone walked in and took their stuff.

Now that I've root caused it, I prefer next-day ACH if possible. PM for my bank details, thank you!

4 hours ago by giantg2

But wouldn't the methods needed to obtain that information generally carry a high risk of prosecution for illegal acts? I dont even want to go into specific chat rooms or browse the dark web for fear of being swept up in some overzealous prosecutor's net. Even if your innocent it can cost thousands of dollars and years of your life to prove it.

2 hours ago by nubb

Totally agree. Some shitty prosecutor will 1000% make some Americans life miserable just to add a conviction to their belt. The risk is probably not worth the reward.

2 hours ago by 3pt14159

You'd think that, but no, not really. If you talk to a lawyer first and he registers what you're doing with the police first and you don't actually break the law, you'll be fine. Lots of bounty hunters and private investigators are in the same game. Going to the police saying "I want to earn this $10m reward by finding those horrid blokes and here is why I'm qualified" isn't going to completely blow their mind.

But it could get you hacked or worse.

3 hours ago by jnosCo

I think this could be a very effective countermeasure. It reduces trust between members of a crew, and between crews themselves. If you're constantly suspicious of Ivan the mail campaign guy ratting you out for a payday, it makes the whole business focus more on opsec and less on offense. Though sole operators can do plenty of damage on their own, they probably are less likely to be state-backed.

2 hours ago by trhway

Does it come with Green Card for Ivan?

>it makes the whole business focus more on opsec

and that is bad?

2 hours ago by neatze

You need only to invest 500K (that passes AML) in US to get a green card.

2 hours ago by anter

No longer the case. EB5 requires $1,800,000 that can be reduced to $900,000 if it's in the Targeted Employment Area.

an hour ago by trhway

with known criminal background? That is my point - without State Department waiving such requirement and issuing GC/witness protection the Ivan would be easy reachable for FSB in any other country.

2 hours ago by lisper

With $10M in the bank there are surely many countries that would welcome him with open arms.

3 hours ago by tareqak

Same story from a different source (the Associated Press): https://apnews.com/article/technology-joe-biden-europe-busin...

an hour ago by Animats

"Russia’s most aggressive ransomware group disappeared. It’s unclear who made that happen." - NYT.[1]

Somehow, the problem seems to have been dealt with.

[1] https://www.nytimes.com/2021/07/13/us/politics/russia-hackin...

4 hours ago by artursapek

They should ask their buddies over at the CIA ;^D

3 hours ago by igorzx31

The CIA doesn't monitor cyber, that would be the NSA and US Cyber Command

2 hours ago by undefined

[deleted]

Daily digest email

Get a daily email with the the top stories from Hacker News. No spam, unsubscribe at any time.