Hacker News new | past | comments | ask | show | jobs | submit login

It's as direct any other revenue => business activity connection. More direct than how buying coffee causes fields to be planted with coffee trees.

Of this $5M, expect $4M to be spent on salaries in the next year or 2, funding 20 person-years of malicious hacking. 20 skilled people paid to hurt the internet instead of building it up. A terrible crime.




Now we have one less critical piece of infrastructure that could be trivially knocked out by a hostile state.


How do you know that? What evidence is there that it's any more secure than it used to be?


These pirates have committed to not hitting the same target again?


Ah yes, the code of the pirates. The epitome of ethics and morality.


I dont think it's a code. It's more of a guideline.


I’m sure at some point they must have just asked if they’d give them the password for free on account of all the collateral damage.. but it looks like they were disinclined to acquiesce to the request.


As someone who had their home broken into twice in the same week, probably by the same people, I prefer to subscribe to the theory that there's no honor among thieves.


And what about the others?


But they could have made holes in the system or not disclosed all system holes which other hackers might take advantage of in the future


Can you name some examples of orgs getting hit twice?


The 5M ransom plus all the other damage such as reputation loss, increased government scrutiny and potential damages to pay to partners (I'm sure they provide some sort of SLA for their oil delivery services?) is a good enough deterrent from allowing this to happen again.


5M is nothing to that pipeline management firm. I think nothing will change because the "fine" is tiny and later, when a VP of opsec gets to decide between a massively expensive hardening of security which includes big recurring costs to keep an opsec team on payroll and just pocketing a multimillion dollar bonus for optimizing the opsec budget, he will choose the latter. There's no risk of getting jail time and any reputation damage won't be to his personal reputation, but to that firm he will have left long ago.


> keep an opsec team on payroll and just pocketing a multimillion dollar bonus for optimizing the opsec budget

This is not how companies actually work. This is a fun “incompetent executive” fantasy that floats around but in real businesses you don’t pocket a huge bonus solely by cutting costs.

You’re gonna have a lot of explaining to do on why that money was being spent in the first place and why it’s not needed now.


They are installing more software from the hacker voluntarily after paying the ransom. At this rate it looks more like they just hired a competent and highly unethical vendor..


That’s one hell of a way to provide “red-team” security testing services


They didn’t need security experts for that- all they had to do was not connect it to the Internet ...




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: