I’d recommend avoiding at all costs but we all know these companies are brought in by non-technical people.
Yikes
This Reddit post hints that many shortcuts were taken, security not taken seriously when they should have, and now they reap what they sow.
The reality is that decreasing costs is a far easier lever to pull than increasing revenue so managers will be heavily incentivised to do this if you give them profit-based incentives. This happens every few years with listed companies in the UK now, no-one ever changes their behaviour (retail, in particular, is ground zero for bluffers in the UK, managers are exceptionally bad, and even worse are comp committees that set targets that cannot be achieved without damaging long-term value).
There is no efficient market here. It is as simple as managers understanding the world we now live in, and that is unlikely because all these companies view IT as a cost and their managers are people who rotate through executive roles and politics despite leaving a flaming wreck in their wake. Things will stay the same.
If the impact is large enough, they do.
This not a case where binary thinking works for most situations, though. The costs associated with the attack will hurt them by damaging their balance sheets a little bit, taking capital away from more productive opportunities, and distracting their employees from more fruitful tasks.
There’s always a public thirst for immediate blood in these situations, but the damage is more subtle and manifests more as opportunity cost than a sudden collapse of the company. The demand for sudden stock market collapse of companies is ironic, given all of the criticisms thrown at companies for putting too much emphasis on short term stock results.
... be replaced by more competent companies
How is it not the responsibility of senior management at a major retailer to ensure an exploit at a vendor can't take the whole house of cards down?
Many other major enterprise clients out there are all over vendor security/compliance ... auditing and reauditing vendors to minimise chance of this happening or worst-case, if does happen, containing it and recoverying quickly
It’s also unclear if this was everyone, or just who they caught. It’s not unknown for hacking groups to position the youngest (least experienced, most desperate for recognition) people in the most vulnerable positions.
I'm not saying the system wasn't poorly implemented but, society doesn't work when people abuse everything either. Maybe that just means we're doomed but most of society works because people don't go around smashing and/or taking everything they possibly can.
I hate to sound like my parents/grandparents but I absolutely knew that causing millions of pounds of damage and attempting to blackmail a major corporation could have huge negative consequences for people and myself at 17.
I'm sure they knew it could have major consequences, but when your risk taking pedal (limbic system) pedal is pushed to the floor all the time and your risk avoidance brakes (prefrontal cortex) is not fully developed that all goes out of the window, not unlike being intoxicated.
For example, I shudder to think how aggressively I drove when I first got a car - and I was very sensible compared to many people I knew! I hadn't actually drove for a couple of decades since I was an adolescent until very recently and I had to rent a car for something, but it was absolutely startling to me my frame of mind vs the last time I drove. All I can remember back then that driving was extremely fun and the more windy the road the better, this time all I could see was loads of giant risks.
Now if you compare this to the whole population, if you have a segment of it that are much more risk seeking either through genetics or environmental reasons, you can see the problem.
You can see this in all kinds of statistics at a societal level - crime, accidents, addiction risk. It is all much higher in these age ranges (and especially skewed towards males).
I don't think we should just dismiss good science like this "because I knew better". It has always been a very grave societal issue that has tended to be ignored or downplayed.
Obviously this doesn't give people carte blanche to do what they want - I'm not saying that. But hopefully societal views will catch up a bit with society and we can actually do something about it.
> But it is very well understood and accepted that teenage - especially male prefrontal cortexes don't fully develop until mid 20s.
Your statement here does not mean that the statement I quoted above is true. Just because biology predisposes one to doing stupid shit does not mean young people are incapable of understanding consequences and repercussions. The fact that most of us here never went out to cause millions of pounds of damage is testament to that.
This is not “behavioural immaturity” associated with an underdeveloped prefrontal cortex!
They bragged about it to the BBC as well. This is not a clever strategy to not get caught. Neither is not immediately fleeing to another jurisdiction than the very one you committed the crimes in.
This is what happens when you have extremely smart kids with high risk-taking tolerance. If they weren't as intellectually gifted, they might be driving a souped up 15 year old Golf like a maniac round country roads - but because they have these technical capabilities, their poor judgment scales up to cause millions in damage instead of just getting themselves arrested with a few grams.
For example, if someone says "I'm not racist, but" I'm already rolling my eyes before they've even said what they're about to say.
Similarly, when some people hear "prefrontal cortexes don't fully develop until" they start rolling their eyes pre-emptively at the infantilising, anti-personal-responsibility take that usually follows. Even if it didn't, in your case.
So with that story, some teenagers don't or can't comprehend the severity of their crimes or the trial and punishment that ensues. To them it's just a dumb credit card company write off and a free laptop or whatever.
I'll admit, I used to push limits. Used to do silly things with misfit friends. Got into a little incident where we pissed off some dudes, one who had a gun (no one shot but man having one pointed at you is scary AF.) Learned real fast not to do stupid "funny shit" that was really just jerk behavior. We never expected to have a gun pointed at us.
That's what teenagers do, they push limits without thinking because they're rebellious. Looking to carve out their independence. Sometimes, they learn the hard way. That's just life.
Sure but not all do. If you look at murders, most of them are in 15-24 range in United States so them being 17, 19 and 20 tracks with what you expect.
> Young people have little fear of repercussion as they cant really fathom the consequences.
is not true.
I’d be amazed, and I think the public would be outraged, if they got a slap on the wrist for this.
> Young people have little fear of repercussion as they cant really fathom the consequences.
Clearly, young people can. Maybe these young people couldn’t, but that’s a different claim.
There are plenty of teens selling dope, stealing cars, breaking into homes, yet nobody thinks they're just knuckleheads playing around. Why do we think because "but on a computer" makes it different?
Source: https://specopssoft.com/blog/marks-spencer-ransomware-active...
"After a frantic search that entailed calling hundreds of IT admins in data centers around the world, Maersk’s desperate administrators finally found one lone surviving domain controller in a remote office—in Ghana. At some point before NotPetya struck, a blackout had knocked the Ghanaian machine offline, and the computer remained disconnected from the network. It thus contained the singular known copy of the company’s domain controller data left untouched by the malware—all thanks to a power outage... So the Maidenhead operation arranged for a kind of relay race: One staffer from the Ghana office flew to Nigeria to meet another Maersk employee in the airport to hand off the very precious hard drive. That staffer then boarded the six-and-a-half-hour flight to Heathrow, carrying the keystone of Maersk’s entire recovery process."
https://www.wired.com/story/notpetya-cyberattack-ukraine-rus...
Can someone post a String Literal for us, please?
edit: wow, fun is cancelled for today it seems
Require software to be developed by licensed engineers. no more offshoring. no more importing of cheap labor. make tech corps pay instead of acruing mass wealth. Make the corps pay when the vulnerabilities they put in it are exploited.
Yes, the companies involved should take some responsibility for terrible security practice (though I'm sure they wish this had never happened!) but victim-blaming doesn't justify crime.