Ransoming a city with no money...
... sounds like a bad plan.
Hackers seized a database from the City of Detroit earlier this year before unsuccessfully demanding $800,000 in Bitcoin. The failed extortion attempt back in April was disclosed by Detroit mayor Mike Duggan at the North American International Cyber Summit conference on Monday. The stolen database wasn’t needed by the cash- …
Feel free to be smug but Office 97 is :-
1... Free of DRM and can be copied ad-infinitum....
2... Runs fast, and still probably does 90% of what most users actually need...
3... No Ribbon...
4... Free or has minimal M$ UX montioring & NSA backdoors...
I imagine that the techies tried explain to him that XP and win2003 servers were unsupported, unsecure and unstable and he was all "don't care, fix it!". Then one on them noticed his iPhone, streched the truth slightly and said that if they upgrade, they will be able to use a version of Office that can sync to the iPhone, and he was all "Do it now!"
OK, they broke in somehow, but then what? Did they just change the passwords, locking out legitimate users and demanding the ransome to let them back in? Delete the database, having downloaded a copy? Threaten to leak any sensitive data the database might contain?
If the database is unwanted, the first two of these is no threat, but the last could still be a problem.
From the way this is written, I assume it was a cryptolocker type scheme.
But given how Detroit is run, the third option could still be in play. The hackers might not be able to get any money out of them, but they might just plaster the data to jack up Detroit.
"The stolen database wasn’t needed by the cash-strapped city so the ransom was never paid, according to local reports."
It doesn't matter if the database is needed or not, but what is in it. If you are talking about personal information contained in it, then if that was ever leaked, the city could face lawsuits and could easily cost them more than 800,000.
I thought the US government declared Bitcoin an un-currency (or immoral or fattening or something). It must have been a grand joke to ask for payment in Bitcoin where there would have been no legal way for Detroit to comply if they had the bucks.
I agree that it sounds more like a crypto-locker job than somebody removing the files from the server completely. The NSA has a few big computers, maybe they could be put into useful service by decrypting the files. Or, will the USA cease to exist if they aren't fully occupied hoovering up everybody's cell conversations and texts?
"I thought the US government declared Bitcoin an un-currency (or immoral or fattening or something)."
I think the only thing they've declared is that they're keeping an eye on Bitcoin-related activities for potential money laundering and consider money exchange between Bitcoin and dollars a taxable capital event (IOW, changing large amounts of Dollars to/from Bitcoins means you owe Uncle Sam).
I just have to laugh about someone trying to extort a bankrupt city. I guess it doesn't cost them anything to do it, but... .they (finally!) formally declared bankruptcy a year or two ago, they would be unable to pay this ransom no matter how important the database is.
===========
My trip to Detroit
Seriously, it's possible Detroit is in better shape now (and I have heard some of the TARP bailout money that was not wasted paying off incompetent banks did go to road repair specifically in the Detroit area)... but when I was there about 10 years ago, the highway (this was 100% overpass, i.e. elevated roadway, bridge) was so rough I hit my head on the rough of the car; I was a bit alarmed to look out and realize some of the potholes had NO CONCRETE LEFT AT ALL and the tires were running on metal rebar, I could see THROUGH the bridge*. When I got to my friend's house and we went to get on the highway, we found nearest onramp to my friends house had a "road closed" sign with a pile of rubble, the onramp had collapsed. The next one, my friend and I debated if we should go fast and get up the ramp before it (potentially) collapsed, or go slow to minimize the chance of collapsing it (he went for slow.) Off the highway, I drove through blocks of cracked road with what looked like 5 or 6 foot grass on each side, the buildings had collapsed and grass grown back over the foundations. One street was flooded due to a broke water main -- when I left a few days later, the water had not even been shut off let alone any repairs being done. The buildings that were left, about 1 or 2 per block were in good shape, the rest had broken out windows and so on. To me, it seriously looked like I was driving through a post-apocalyptic city that had been leveled by an atomic bomb 30 or 40 years previously and never rebuilt. It didn't look as bad as the random rubble in the Terminator movies, but worse than the "post-disaster" cities I've seen in most any other movie; amusingly the supposedly run down due to bankruptcy Detroit in Robocop looks WAAAAY nicer than the reality.
*Two other people I know who went there around 10 years ago... one did major damage to his front end, he hit a piece of concrete that had broken out and was sitting on the road... probably he should have seen it, but what can I say, he is the kind of driver that would not notice. The other person bent up all 4 rims on his Acura on the way into Detroit, got them replaced, and the replacements got all bent up on the way *out* of Detroit and he had to replace them a 2nd time when he got home.
end trip to Detroit
===================
"Feel free to be smug but Office 97 is".. actually I wouldn't object to that, although they probably should be using LibreOffice or the like.
But, they shouldn't be running that old of *server* software (the server software was branded "Office" or "BackOffice" back then), and should probably not be running Microsoft server software to begin with if cash strapped; since, after all, running an e-mail server and calendar sync is simply not rocket science, and you can (legally) get up to date, secure software to do it if you stay away from Microsoft products.
"How do you seize a database? " Probably either encrypted it, or deleted it and said they'd give back a copy. The concern about confidential data being leaked is of course legitimate.
This post has been deleted by its author