The precautions taken against thieves who open trunks, search bags, or ransack tills, consist in securing with cords and fastening with bolts and locks. This is what the world calls wit. But a strong thief comes and carries off the till on his shoulders, with box and bag, and runs away with them. His only fear is that the cords and locks should not be strong enough! Therefore, does not what the world used to call wit simply amount to saving up for the strong thief? And I venture to state that nothing of that which the world calls wit is otherwise than saving up for strong thieves; and nothing of that which the world calls sage wisdom is other than hoarding up for strong thieves.
For you heathens <g>, this is from a post-Laotzu Taoist essay called 'Opening Trunks'. This is a different translation from the one I learned, but the meaning is still clear. It's relevant to the discussion, in an abstract way.
Chuang Tzu is worth naming in his own right. His book may not be as elegant as the Tao Te Ching (is anything?) but it's great. He's also the one who came up with "Am I a man who dreamt he was a butterfly or a butterfly dreaming he is a man?"
HN doesn't tolerate novelty accounts, but if there were going to be an exception, "apropos quotes from Taoist classics" is pretty good.
Q: what do you call the thief who takes the trunk back to his master?
A: a golden retriever
better than a black dog, but this kind of thieving still seems like such a waste of talent. why not go work for lemote or xiami and make something useful?
This is actually quite interesting though worded a bit strangely/abstractly. He's saying that the strong thief prefers a world in which low level thievery is guarded against because it makes targets fatten themselves up believing themselves to be safe.
I think s/he's saying that current security only protects us from script kiddies; so whatever we do only 'protects' data from them but data cannot be protected against state-sponsored attacks (but gives people a false sense of security)?
Altho' I don't quite agree with some of the implied premise, because it's not as if script kiddies can/would take data away (making it unavailable). But the false sense of security is relevant.
No matter how obscure and Hollywood-like this "gang" sounds, I am long glad the reporting about anything with the term "hacking" stopped including seemlingly obligatory references to Anonymous; the obscure Hollywood-like hacking gang having ties with everything involving hacking and security breaches. In a previous situation, surely Hidden Lynx had ties with Anonymous!
I would totally think these guys are state-sponsored.
This: "Members wield advanced, zero-day attacks that exploit security vulnerabilities in Oracle's Java, Microsoft's Internet Explorer, and other widely used software frameworks or applications. The report said their tactics and exploits are far more advanced than those of the Comment Crew, a China-affiliated hacking crew that researchers from security firm Mandiant said has siphoned terabytes of sensitive data from 141 organizations over the past seven years."
And this: "Team Moudoor, named for the trojan they use, takes a large-scale approach that broadly penetrates organizations in the financial industry, local and federal government organizations, and organizations related to healthcare, education, and law. Team Naid, by contrast, is more of a special operations squad that keeps a low profile so it can save its resources for the highest-profile targets in the defense industrial base."
In short, these guys are highly, highly skilled and specialized ... and a specific attack target and vector.
This is not a bunch of script kiddies looking for fame and glory.
I think what the parent meant was such an organization must have re-organized or manifested into a separate identity(s) than which they were reported as to divert attention.
I am at once in awe and jealous of the kinds of things these people must know/be able to do. It's too bad that this kind of skill and knowledge could not be used in a more legitimate manner with such a high profit potential to the individual.
Who says it isn't being used in a legitimate manner for high profit potential? It seems you can offer up subscriptions to zero days for millions in annual fees and never have to worry about prosecution. Just so long as you aren't the one doing the actual hacking (your clients in the government will take care of that).
