Just hilarious
"According to them, the created ticket was repeatedly assigned to additional people, including Red Hat's legal and security staff members."
Summarized: Given enough eyeballs, all extortion demands are fallow.
Thanks, hadn't encountered this word before.
“Since RedHat doesn't want to answer to us,” the hackers wrote in a channel on Telegram viewed by 404 Media, suggesting they have attempted to contact Red Hat. [...]
“We have given them too much time already to answer lol instead of just starting a discussion they kept ignoring the emails,” the message added. In another message, the group said it had “gained access to some of their clients' infrastructure as well, already warned them but yeah they preferred ignoring us.”
https://www.404media.co/red-hat-investigating-breach-impacti...
First rule of having someone reply: spell their name correctly.
What you must do immediately is notify the affected customers, bring down or lock the affected services, and contact the authorities.
If an attacker make an extortion threat, but then still follows through on the release/damage after being paid, then people are not incentivized to engage with you, and will go into attack mode right away, making it riskier for you.
HOWEVER, if the attacker make the extortion threat, takes payment, and then honors the agreement, and ends the transaction, then parties are more inclined to just pay to make the problem go away. They know that the upfront price is the full cost of the problem.
I've seen that there are 'ethical attackers' out there that move on after an attack, but you never know what kind you're dealing with :-/ "Never negotiate...."
Reputation isn't all that useful for extortion.
Running all your crimes as the "Wet Bandits" makes it much easier for law enforcement if they do catch up with you.
I sincerely hope that the game doesn’t become prophetic in the manner Idiocracy has.
(title fixed now)
Title needs updating
INTPenis•4mo ago
ExoticPearTree•4mo ago
And, never forget: what a company preaches and advertises is not the same with what the company is actually doing.
zingababba•4mo ago
Also, here is some more information about this breach: https://x.com/intcyberdigest/status/1973422846396473765
everdrive•4mo ago
Spooky23•4mo ago
90% of the time, they are checking boxes. But if they are fishing, you have to be careful because they generally are bad at understanding anything, but good at manipulating the audit rules to frame things in such a way so they can “catch a big fish”.
behnamoh•4mo ago
delusional•4mo ago
ExoticPearTree•4mo ago
Is it really OK? Not necessarily, but on the other hand you don't want to spend the rest of your life answering even more questions from other people the auditors might bring in to help them understand your helpful explanations.
I learned this the hard way, assuming auditors are logical and understand technology.
dijit•4mo ago
A person who is used to interviewing people will be able to tell right away.
unethical_ban•4mo ago
Yes, it is highly adversarial and the best compromise I've seen is to have an internal audit team that is separate organizationally from IT, but has to withstand peer review if they claim anything is a real problem.
baobun•4mo ago
Your boss is bad apple and so are you if you adopt their ways.
jandrusk•4mo ago
mmh0000•4mo ago
In theory, being ISO27001 means that you're environment follows best practices and has a somewhat sane security posture.
To the business people, a new customer demands that you have ISO27001 certification before they'll sign the $$$$ contract. The salesperson does not care HOW you get the certificate, just that you have it, they need this contract signed!
The department wasn't designed with security in mind, so implementing everything required by ISO will take many months. But sales needs $$$$ now! The CEO, CFO, and CTO are aligned: money now!
So, there's high pressure to pass the audit quickly. You implement what you can, you weasle your way around the things that will take too long. Those things are "out of scope" or "testing databases". You implement MFA while the auditor is auditing, but you know it breaks developers' workflows and there isn't a quick fix, so you turn MFA back off once the audit is complete....
TA-DA! We're ISO27001 certified! But we're no more secure than we were before.
throwaway127482•4mo ago
array_key_first•4mo ago
Depending on how dysfunctional the org is, there's no super dev anywhere who can fix it. You just shut up, do bad things knowing theyre bad, or get fired.
anthk•4mo ago
typpilol•4mo ago
I had a sales guy sell a a company a replacement for their terminal server, with OneDrive lol
I almost died laughing when he explained to me the project.
I said.. you want to run cad files off OneDrive in place of a terminal/storage server?
"Yes"
Let's just say we ended up just moving their server to the cloud and VPN access onsite and for external developers.
latchkey•4mo ago
Grikbdl•4mo ago
Nah, it just means you have defined, documented processes and document that you stick to them. They actual processes can be shit and maybe you also have something on the side the auditors don't get shown, but ultimately the certification is a total joke. Source: Worked at a place that got certified despite being a security joke.
johannes1234321•4mo ago
Yes and no. Even if it is a joke there is one thing it qualifies: You at least spent time looking at the process. This already is a gain over complete wild west.
1oooqooq•4mo ago
do you mean you rather be lied to than not be lied to?
quicksilver03•4mo ago
lima•4mo ago
Woodi•4mo ago
"Aligned" :)) The IT terminology FTW! Very very realistic description. Of not delivering value to customers.
Was this a case in this RH breach ? Maybe. But just putting multiple "repos" and other client stuff in same place is modern IT insanity.
At least they could put that Navy stuff somewhere else. Resonable idea, right?
baobun•4mo ago
> After publishing our story, Red Hat confirmed that the security incident was a breach of its GitLab instance used solely for Red Hat Consulting on consulting engagements, and not GitHub.
> While Red Hat did not respond to any further questions about the breach, the hackers told BleepingComputer that the intrusion occurred approximately two weeks ago.
6c696e7578•4mo ago