Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Keep in mind this article makes... Little sense the way it was written. The DDoS attack at the time was done in a way that could be replicated by anybody. Multiple control networks gave jobs to IoT devices without real authentication. That means anybody known to pay off attackers would immediately get attacked by another group using the same sources. Maybe there's some stockpile of Bitcoin "just in case", but it would require a very special situation - not a common DDoS they talk about.


I was just pointing out that according to the article some London banks ARE buying bitcoin so that the ransom payment option is on the table in case of an emergency, and in fact they notified senior police officers about this activity (to get their blessing? to avoid the bitcoin buying look suspicious if they stumbled upon it?)


I understand. I'm just pointing out why the article smells like bs and is technically invalid in many ways. Including the fact that police will not help you with a DDoS and is largely irrelevant in the discussion (apart from post mortem / following up after the attack). Also banks are playing with cryptocurrencies for quite a while now. London banks have ideas of private blockchains as well. Nobody would think it's suspicious that they buy some.

The may be some truth in there, but this is a popular tech post. I'd look for more details than the guardian provides.


> The may be some truth in there, but this is a popular tech post. I'd look for more details than the guardian provides.

Can you provide some references for the positions you have stated in this discussion?


Mirai (not named that yet in the original article) source released -> anyone can take control. DDoS as a service was sold. Paying off one attacker doesn't stop others. https://www.forbes.com/sites/thomasbrewster/2016/10/23/massi...

Police will not help you with ongoing DDoS - I don't think you need a source for that one.

Canary Wharf playing with bitcoin / blockchain in 2015: https://www.ft.com/content/eb1f8256-7b4b-11e5-a1fe-567b37f80...

Ransomware can happen again, getting data back not guaranteed (FBI recommendation): https://www.fbi.gov/news/stories/incidents-of-ransomware-on-...


I wonder if there are regulatory requirements for them to register a policy for the handling of bank robberies, that extends to extortion and ransom? While it may not be relevant in this case, such a regulation might have been written with hostage situations in mind, when the police would be involved.


One of the security people quoted speaks of the concern over new models of attack that may be on the horizon. I agree that it does not make any sense to make being ready to pay a ransom your primary preparedness, but it seems reasonable as a last-ditch response if you have a generally sound security infrastructure. For one thing, the latter would reduce the chances of the sort of follow-on attack that you posit, and that risk may well be secondary to the certainty of being crippled by an actual attack-in-progress.

Anyway, regardless of the merits of the strategy, it appears to be an established fact in some cases.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: