It'll be a good day when everyone stops giving in to these ransom seeking parasites. I wonder how hard law enforcement goes looking for them? They're taking society hostage left and right.
Until companies accurately value their distributed bug bounties and have a better track record of paying, then the parallel market of the true market price of security will flourish
The market price of how worth it is this stuff to the company
For now, the flogging continues until morale improves
correct, and the blackhat infrastructure is far more sophisticated to distribute liability, corporation like.
the person creating a payload is compensated without doing the unauthorized access
the person doing the unauthorized access is compensated without selling the things they found
the person selling the things they found didn’t do the unauthorized access, and is not trying to weaponize the information (lets use an example of identity theft here and below)
the person weaponizing the information is only guilty of using someone else’s credentials or making new credit cards
in comparison, white hat is undervalued when respected, a gamble for being respected enough for compensation at all, and comes with threats of prosecution anyway
I don't agree that companies like boeing failing to secure their own assets properly is taking society hostage, rather than the absolute lax and laid-back approach to digital infrastructure that leads to allowing these weekly emerging "cyber terrorist" groups to take advantage to begin with.
They may be inappropriately handling the contents relative to their scope and potential damage, but that's actually not their prerogative or their concern. It should be a punishable offense beyond "ransom fees" to be in such a position that you can get so easily exfiltrated when entrusted with nationally secure data. Making a big display to the company to pay up a ransom means this has likely already happened silently multiple times to varying degrees without notice, and that anything after the initial public response is just theater. Its unfortunate that I have to feel embarrassed by the security posture of businesses that have absolutely no excuse.
