Good advice: "Employees should not be storing anything that could harm a firm reputationally on company servers. Training around this should be provided by organisations to all their staff."
I never though about telling other employees not to store porn on my servers, i will bring that up in the next meeting...i bet it's gonna be a blast :)
In the company I worked for hackers uploaded porn to our disks so I was told. Not sure why maybe they wanted the free disk-space. Or maybe they were planning to blackmail us. Or maybe it was the IT admin who got caught and then claimed it was the hackers.
Some pirate release groups will compromise servers with public IPs to use as FTP hosts. The people that actually post the torrents then download from the FTP host, create a torrent, and upload it to the tracker (from their own PC).
Those hosts usually have fat internet pipes, allowing a bunch of people to download a copy over FTP at once, letting you claim credit for the first rip. There's also probably less of a paper trail; most of the hosts I'm aware of require some kind of ID, and would almost certainly hand that data over to law enforcement.
In my best knowing such topsites are in most cases using colo with excellent peering. In comparing, most company file shares are local in office for best transfer speed. A other possible similarity situation is useing for XDCC bots: such bots have similar idea of usage compromised machine but are mostly lower grade computer than a topsite.
The last time I had a "work-laptop", I was fired (for boring reasons) suddenly and without prior notice, and had to immediately hand my laptop over. I wasn't even allowed to go back to my desk and gather my things, because the HR manager at that time was so paranoid.
I'm pretty confident I didn't have anything personal on there, but just to be certain I wasn't leaking passwords, I did a quick
rm -rf ~ &; disown
Point being: employers have all the leverage over their hardware, and you never know how or when they will use it. Encryption is your friend.
You had time to enter that command (with or without sudo) before they took your machine back?
That said, I've heard of cases where an ex-employee was sued by their employer for deleting the drive, for example salespeople who maintain contact lists.
So I was told I was at a 1-on-1 meeting with my boss, and that the HR person needed to be part of that meeting. I brought the laptop in expecting to take notes or whatever.
I essentially got lucky, but they were a bit concerned when they saw me hastily typing, even though they had already revoked all of my credentials.
Isn't the takeaway "never store or do anything on company hardware that you want to keep to yourself"? I wouldn't trust personal material to a company laptop even if it was encrypted.
Yes, but my main concern was the data from my password manager, which existed elsewhere.
I don't remember for certain, but I may have set my password store to be permanently open, which leaves a copy of the encryption key in the user directory.
Really, the practice should already be, "if you have data you care about, then always have offsite backups".
I did something like this once. There was this critical bug in a system I had designed. It was no big deal, 2 days to fix.
Privately, the management had forbade me from fixing the bug. Literally forbade me, and assigned me lots of support work (that didn't have tickets-- it would look like I wasn't working). Then a month later the project manager makes a show of coming over to yell at me in front of everyone for this bug not being fixed.
I zero'd my personal data, walked out of the building and never went back.
This piece is oddly copy-edited. Paragraph 7 refers to "the infamous hacker group" and paragraph 5 "the cyber-criminal gang", but both of these expressions are serving as a pronoun reference to a previously named group. Then you look up to see if you missed the actual name of the hacking group, or even a link to the post, and... nope!
Then below the headline "The New Normal", a second group is introduced as "another ransomware group". I assume "another ransomware group" is the group subsequently referred to as "the relatively new gang". Also, relative to whom or what?
I am assuming the author of the piece originally named the groups or provided the detail you'd expect to have it make sense. Then editorial/legal spiked the names but did not copy-edit the rest of the piece to flow around the changes? I mention this because the article also weirdly edits around the nature or name of the firm targeted in the first story.
In many jurisdictions or some online discussion boards, one can name by name the already famous, but not the unknown, behind which is certainly a measure of thought.
Maybe had a perfectly assorted archive build over years, and even digitized from old VHS's, and to have a bulletproof Backup store it on the company's servers ;)
Sure they do, for the same reason that I store all the mp3s of the music I buy. If it's not on storage you control, you didn't buy it, you're renting it.
PornHub is like YouTube was 10 years ago. Even 4K videos are encoded at a painfully low bitrate. The rest of the "tube" sites are essentially the same. There are a couple sites (2 that I know of) that offer high-bitrate videos (mostly direct copies from pay sites) either to stream or download.
There is also a relatively large community for torrents, just like with movies and music. Sure, you can be a total l33ch and "stream" a torrent, but most content is shared on private trackers that demand high seed ratios.
There is also mega, which has its own limitations.
One of the biggest reasons for someone having local copies of data is when actually paying for porn: Subscriptions are relatively expensive, but practically always allow downloading. It makes sense to get a subscription for a short period of time, and download as much content as you can before it runs out.
All of the same goes times 10 for VR. Good bitrate/resolution VR content tends to run 5-20gb per video. SLR has managed to find a good balance for streaming - very impressive IMHO - but it still runs into the same motivations that other subscription-based services do.
It’s definitely still pretty big for the reasons others mentioned as well as the growing popularity of indie 18+ material (whether it’s photos, videos, or art) on sites like Patreon. If you pay for something like that it makes sense to save a copy in case you unsubscribe later or if the creator deletes their account.
I don’t even think extorting money out of the victims is even the worst thing they can do. What if they use it to coerce the victims to act as pawns or sleeper agents in crimes? You could get them to plant weapons, rob banks, kill people, all in ways that have the actual mastermind several degrees removed.
I think you are overthinking it. Most folks just want the money, and aren't some mastermind sitting in a lair looking for pawns. The only exceptions I can think of would be intelligence operations, where such blackmail could pay longterm dividends, but in that case the money isn't the goal.
Right now. However there are a few nations with the resources and motivation to pull this off. You might not personally be worth a lot to them, but when the cost is low they can make something of it.
From what I’ve seen these are mostly very unsophisticated. They basically grab a previously exploited user/password combo and then email that person with the extortion message. It’s usually just a bitcoin address too, you can’t even email them back for some fun ;P
This only works because many people are sensitive to this kind of content. But in few generations, this will be like trying to expose someone's stamp collection. That of course unless we get an event like in Iran, where extremist will take over and enforce their views upon population.
I don’t know. Do all your porn videos feature enthusiastic consent? Do any of your porn videos have racial stereotypes? Are all your porn videos showing safe sex practices? Are all your porn videos showing a diverse group of actors, or are they just mainly from a single ethnic group? Do all your porn videos celebrate people with different body types at the same time not fetishizing them?
Looking at current trends, I suspect that all those questions will be asked about any porn stash that is revealed a d people with problematic porn stashes will be called out.
I don't know why you're being downvoted this is way society is going... Unless the Islamists take over (which after what's happened in the UK the last few days I wouldn't be terribly surprised with this either.)
The overwhelming majority of sex-positive people understand that fantasy is not behavior, and that the interests of an individual are rarely diverse. The only sort of porn that is ubiquitously "problematic" features people who were either underage or did not consent.
This technique isn't about porn, per se. It's about finding something you think the mark thinks is embarrassing, or shameful. The message is easily changed and could change to whatever the taboo du jour is.
I don't think we're a few generations away from high level managers having done nothing online that they're ashamed of.
I think a major extortion growth industry will be things like off-color jokes which were benign and harmless 20 years ago, but now are considered cancel-able. If someone with an axe to grind had access to every USENET post you made two decades ago, or a forum discussion you had, how easily could they find that one nugget that could get you fired by today's tightened standards?
Related: What topics do you freely talk about today which will get you fired in 20 years when society's expectations and sensitivity level changes? (Hint: It's impossible to know)
I think it doesn't matter if it would actually get you fired or not, as much as if you think it could possibly get you fired.
In an alternate world, labor would be strong enough that a worker could be comfortable knowing that their managers can't just fire them at-will for frivolous reasons. Labor is not at that point, in the US, at least.
If you're worried about this, vote for pro-labor politicians & judges when you can. Collectively bargain for protections or procedures for individual dismissals for this, etc.
> If you're worried about this, vote for pro-labor politicians
Not many people know that here in the UK we got something like IR35 which innocently says that if someone works as an employee should be taxed as an employee (this was introduced by Labour to tackle employees registering a company on Friday, and going to work for the same company on Monday on b2b basis and paying less tax as a result). Now current government (Tories) added changes to this law so that now a client has to determine whether you are a genuine contractor or a disguised employee and then tax you at source. Still nothing sinister at the first glance, right? The problem is that because of that change employers will be able to construct their contracts in the way that contractor / employee will be always classed as a disguised employee, but only for tax purposes. This means workers hired this way will legally not have any employment rights - I mean their only recourse will be against their own company, that will not have any profits to care for employment benefits and so on. So for example if your de facto employer fires you when they learn you are pregnant, you only be able to take to court yourself (your own company).
Anyway - I think much simpler explanation is here - https://norightsemployee.uk/step-by-step
What I want to say though - our Labour party and unions did absolutely nothing to stop this. This not only can render unions obsolete in the hands of crafty corporations, but essentially strips away decades of what Labour was fighting for.
So even if you vote Labour or pro-labour parties - there is no guarantee they will not sell you down the river.
Are you sure that trend is towards more tolerance? New generations have less sex, are more conservative... And governments are less and less tolerant to anything "disrespectful".
Threatening to send fabricated evidence of your scandalous kink to people in your work or social circles should be enough. If "that isn't mine" actually works, it works against an actual hack too.
Society will experience a brief but painful moment in the near future when Zoom recordings deepfaked to show you into scandalous kinks are easier to create than the public thinks.
I've got custom domain names with catch-all emails, and I've seen this kind of phishing scam / spam emails sent to <random letters>@<domain name> from time to time. Just yesterday one arrived and was in a different language (Japanese) from any I'd ever registered as knowing on any web site (just English!). It obviously did not successfully hack the any accounts belonging to or associated with the completely made up email address the scam was sent to.
I have seen others sent to real email addresses with real (terrible, previous breached) passwords. But again there was no real access to anything, since those emails/passwords only belonged to the breached web sites (i.e. Adobe.com!)
Obviously these are different from some of the attacks in the article.
> It also posted a screen grab of the computer's file library which included more than a dozen folders catalogued...
I get these sometimes, usually they want some bitcoin dumped in an address, and reference your "password" which is clearly one from an old account that was hacked. Usually I look online for the address and find the other people they sent it to. But these are the amateurs looking for easy victims.
Plus the other approach is: hack, insert porn/embarrassment, extort.
I hope the ultimate outcome is the rise of shamelessness - such as Jeff Bezo's response a while back, "sure, you have a picture of me, go ahead, so what".
62 comments
[ 6.5 ms ] story [ 127 ms ] threadAnd I don’t blame them, most of the time it works, even if they do it wrong.
Those hosts usually have fat internet pipes, allowing a bunch of people to download a copy over FTP at once, letting you claim credit for the first rip. There's also probably less of a paper trail; most of the hosts I'm aware of require some kind of ID, and would almost certainly hand that data over to law enforcement.
The template is to get a credentials dump, email the user's email, offer the password from the dump as proof (most people re-use the same password).
I know what you've been watching (no they don't), I recorded you on cam (doesn't matter if you have a camera or not).
It doesn't have to be bullet-proof. It only has to work once to pay off.
I'm pretty confident I didn't have anything personal on there, but just to be certain I wasn't leaking passwords, I did a quick
Point being: employers have all the leverage over their hardware, and you never know how or when they will use it. Encryption is your friend.That said, I've heard of cases where an ex-employee was sued by their employer for deleting the drive, for example salespeople who maintain contact lists.
I essentially got lucky, but they were a bit concerned when they saw me hastily typing, even though they had already revoked all of my credentials.
I don't remember for certain, but I may have set my password store to be permanently open, which leaves a copy of the encryption key in the user directory.
Really, the practice should already be, "if you have data you care about, then always have offsite backups".
Privately, the management had forbade me from fixing the bug. Literally forbade me, and assigned me lots of support work (that didn't have tickets-- it would look like I wasn't working). Then a month later the project manager makes a show of coming over to yell at me in front of everyone for this bug not being fixed.
I zero'd my personal data, walked out of the building and never went back.
Then below the headline "The New Normal", a second group is introduced as "another ransomware group". I assume "another ransomware group" is the group subsequently referred to as "the relatively new gang". Also, relative to whom or what?
I am assuming the author of the piece originally named the groups or provided the detail you'd expect to have it make sense. Then editorial/legal spiked the names but did not copy-edit the rest of the piece to flow around the changes? I mention this because the article also weirdly edits around the nature or name of the firm targeted in the first story.
Weird.
That would be bizarre too. You can name Al-Qaeda and ISIS, but not ransomware groups?
If your niche does not involve ID-verified videos from the big studios, I guess it would be useful to have backups.
There is also a relatively large community for torrents, just like with movies and music. Sure, you can be a total l33ch and "stream" a torrent, but most content is shared on private trackers that demand high seed ratios.
There is also mega, which has its own limitations.
One of the biggest reasons for someone having local copies of data is when actually paying for porn: Subscriptions are relatively expensive, but practically always allow downloading. It makes sense to get a subscription for a short period of time, and download as much content as you can before it runs out.
All of the same goes times 10 for VR. Good bitrate/resolution VR content tends to run 5-20gb per video. SLR has managed to find a good balance for streaming - very impressive IMHO - but it still runs into the same motivations that other subscription-based services do.
https://slatestarcodex.com/2015/04/07/no-physical-substrate-...
i took it to mean it was extreme trollcraft, rather than money motivation.
But if the kompromat is child porn-level illegal than you could be right.
Looking at current trends, I suspect that all those questions will be asked about any porn stash that is revealed a d people with problematic porn stashes will be called out.
The overwhelming majority of sex-positive people understand that fantasy is not behavior, and that the interests of an individual are rarely diverse. The only sort of porn that is ubiquitously "problematic" features people who were either underage or did not consent.
I don't think we're a few generations away from high level managers having done nothing online that they're ashamed of.
Related: What topics do you freely talk about today which will get you fired in 20 years when society's expectations and sensitivity level changes? (Hint: It's impossible to know)
In an alternate world, labor would be strong enough that a worker could be comfortable knowing that their managers can't just fire them at-will for frivolous reasons. Labor is not at that point, in the US, at least.
If you're worried about this, vote for pro-labor politicians & judges when you can. Collectively bargain for protections or procedures for individual dismissals for this, etc.
Not many people know that here in the UK we got something like IR35 which innocently says that if someone works as an employee should be taxed as an employee (this was introduced by Labour to tackle employees registering a company on Friday, and going to work for the same company on Monday on b2b basis and paying less tax as a result). Now current government (Tories) added changes to this law so that now a client has to determine whether you are a genuine contractor or a disguised employee and then tax you at source. Still nothing sinister at the first glance, right? The problem is that because of that change employers will be able to construct their contracts in the way that contractor / employee will be always classed as a disguised employee, but only for tax purposes. This means workers hired this way will legally not have any employment rights - I mean their only recourse will be against their own company, that will not have any profits to care for employment benefits and so on. So for example if your de facto employer fires you when they learn you are pregnant, you only be able to take to court yourself (your own company). Anyway - I think much simpler explanation is here - https://norightsemployee.uk/step-by-step
What I want to say though - our Labour party and unions did absolutely nothing to stop this. This not only can render unions obsolete in the hands of crafty corporations, but essentially strips away decades of what Labour was fighting for.
So even if you vote Labour or pro-labour parties - there is no guarantee they will not sell you down the river.
https://www.nbcnews.com/think/opinion/u-s-teens-are-having-l...
Threatening to send fabricated evidence of your scandalous kink to people in your work or social circles should be enough. If "that isn't mine" actually works, it works against an actual hack too.
Society will experience a brief but painful moment in the near future when Zoom recordings deepfaked to show you into scandalous kinks are easier to create than the public thinks.
I have seen others sent to real email addresses with real (terrible, previous breached) passwords. But again there was no real access to anything, since those emails/passwords only belonged to the breached web sites (i.e. Adobe.com!)
Obviously these are different from some of the attacks in the article.
> It also posted a screen grab of the computer's file library which included more than a dozen folders catalogued...
I hope the ultimate outcome is the rise of shamelessness - such as Jeff Bezo's response a while back, "sure, you have a picture of me, go ahead, so what".
everything is fine... I watch from ISP IP normal...
I assume, if you wish we can have talk about sex...
come on, I don't care your point about this...
however I'm very happy not to have a love for childs, you unlucky if you are :Ð
I'm terrible :)