I love reading stories about good people who step up and do what’s right. It seems most of today’s media is slanted to highlight those people who make the immoral, self-serving choice. Thank you, Tesla employee. Thank you for doing the right thing.
To be fair, today's media is slanted towards audience engagement the same as it ever was. The only real difference is that now no one producing the content pretends anything but emotional engagement matters. It's unfortunate but coincidental that the most engaging emotions happen to be anger and fear.
Sign of a new trend? Most ransomware teams use traditional tactics: phishing to establish beach head, pivot to hunt down admin creds, game over. Some teams make opportunistic use of perimeter vulnerabilities (ie pulse VPN).
Most companies struggle with basic security controls like patching. Very few would survive insider threats with admin creds.
Buried in the footnotes of the criminal complaint:
> CHS1 [Confidential Human Source] is cooperating with the FBI because of patriotism to the United States and a perceived obligation to Victim Company A. CHS1 has not asked for and has not been offered any form of payment, including consideration regarding immigration or citizenship.
Does that mean this person is a foreign national? Would it be risky for this person to return home (perhaps to Russia?) after assisting the US government in this way?
From the sounds of it CHS1 is probably a Russian national. I'm honestly surprised s/he hasn't asked for compensation or a visa; although we don't know who they are the ransomware group certainly does and I would be scared they are plotting revenge (especially if they end up having to leave the US).
If I were the FBI I would be putting this dude in witness protection and building them a new identity.
I really wish sites would stop using scribd to host primary documents, which requires an account to be able to download them. Use something like DocumentCloud instead - which is both leaner, and does not require account to download files.
10 comments
[ 3.9 ms ] story [ 32.1 ms ] threadwe often theorize about / present a threat model of an insider becoming malicious in exactly this way. rare that we hear of it actually occurring.
the number used in such threat modeling scenarios is typically $1MM. maybe we need to up that to $4.5MM. (per TFA)
note the simplification in the headline: the $1MM was merely the insider’s share, not the proposed ransomware amount.
Most companies struggle with basic security controls like patching. Very few would survive insider threats with admin creds.
> CHS1 [Confidential Human Source] is cooperating with the FBI because of patriotism to the United States and a perceived obligation to Victim Company A. CHS1 has not asked for and has not been offered any form of payment, including consideration regarding immigration or citizenship.
Does that mean this person is a foreign national? Would it be risky for this person to return home (perhaps to Russia?) after assisting the US government in this way?
If I were the FBI I would be putting this dude in witness protection and building them a new identity.
https://news.clearancejobs.com/2020/08/26/tesla-insider-work...
https://www.justice.gov/opa/pr/russian-national-arrested-con...