US Offers $10 Million Reward for Info on State-Sponsored Hackers Disrupting Critical Infrastructure (therecord.media) 30
The US State Department has announced today its intention to offer rewards of up to $10 million for any information that helps US authorities identify and locate threat actors "acting at the direction or under the control of a foreign government" that carry out malicious cyber activities against US critical infrastructure. From a report: Today's announcement comes after the US has seen an increase in cyber activity targeting its critical infrastructure sectors, including a spike in ransomware incidents. Some of these attacks, such as those on JBS Foods and Colonial Pipeline, impacted US food and fuel supply for days, even creating a small panic among the US population in certain areas. Many cyber-security companies and industry experts have blamed Russia, accusing the Kremlin of tolerating and allowing these gangs to operate from its borders on the condition they don't attack Russian organizations. Other gangs have been seen operating from China, Iran, and North Korea.
Through its announcement today, the State Department is looking for proof that these gangs are operating with some sort of help or guidance from local regimes. The reward is offered through the State Department's Rewards for Justice (RFJ) program, the same system through which the US previously offered a $5 million reward for info on North Korean state-sponsored hackers and a $10 million reward for information on any state-sponsored hackers meddling in US elections.
Through its announcement today, the State Department is looking for proof that these gangs are operating with some sort of help or guidance from local regimes. The reward is offered through the State Department's Rewards for Justice (RFJ) program, the same system through which the US previously offered a $5 million reward for info on North Korean state-sponsored hackers and a $10 million reward for information on any state-sponsored hackers meddling in US elections.
That isn't as generous as it seems (Score:1)
Follow the money works the OTHER way around (Score:2)
You're still feeding the AC troll if you propagate its Subject. Yeah, you ignored the content, but the Subject is part of the poison.
However my reaction to the story is sideways, as usual. The money that matters is on the other side. The general question of criminal motivation is "Who profits?" In this case, who is profiting from keeping Covid-19 spreading actively?
And yes, I have to acknowledge that "profit" is a confusing notion when you try to apply it to governments. Sometimes the primary profit for a g
Re: (Score:1)
Re: (Score:2)
After taxes and Novichok treatment, you'll go home from the hospital with just 3 million.
Not even that, it says "up to" $10 million.
That means you'll go home with a couple of grand if you're lucky.
It'll look good on your CV though... cough.
Re: (Score:2, Redundant)
Actually $0.01 is "up to $10,000".
Info ... (Score:2)
Re: (Score:2)
Interesting tug of war. Money tempting ratting out people. Culprits wanting to stay alive, and the nations that sponsor them.
Microsoft? (Score:1)
I put in first claim (Score:2)
I am putting in the FIRST claim. The culprit is CONgress and the WH. ALL they need to do is create a trivial bill that will give us digital certificates upon REAL ID vetting. IOW, get a passport, drivers licences or state ID, you get a DC. This would stop 80-90% of attacks.
Evidence free (Score:2)
Wait, we already know who these individuals are. We've identified them as guys with links to the Russian intelligence services, right? Why does the US want to give money away when we already know who they are?
It's almost as if the US has no idea who these hackers may be...
Re: (Score:2)
Why does the US want to give money away when we already know who they are?
I haven't RTFA, but these rewards are almost always conditional on "leads to a conviction."
So this is not about identifying which countries are backing the hackers but identifying individual hackers with evidence used to send them to jail.
Re: (Score:2)
Re: (Score:2)
If it requires conviction then most of them have nothing to worry about, they operate from countries that don't extradite to the US or where it's not even a crime.
Meanwhile (Score:4, Insightful)
"Vladimir Putin personally authorised a secret spy agency operation to support a “mentally unstable” Donald Trump in the 2016 US presidential election during a closed session of Russia’s national security council, according to what are assessed to be leaked Kremlin documents."
Link [archive.org]
Last month they reported on a British Naval vessel entering Crimean waters [archive.org] and the US Navy supposedly got driven away [archive.org] after entering disputed waters in the South China Sea.
I am sure there is more going on but the world seems to be a little testing at the moment and, quite frankly, if the documents are verified it would be very close to an act of war. Ukraine, Crimea, South China Sea...The US is getting push back in lots of places. I doubt they are going to allow election interference to get away with just a $10,000,000 reward.
Re: (Score:2)
We know who it was already, it was the Internet Research Agency. The accounts trace back to their known IP addresses, only posted during Moscow office hours etc.
There just isn't the political will to do anything about. Can't even get the Capitol insurrection investigated.
Take the mote out of your own eye... (Score:2)
Hmmm. "Actors" "acting at the direction or under the control of a foreign government" that carry out malicious cyber activities against US critical infrastructure".
Can you get the reward by turning in the NSA, CIA or other members of the alphabet soup?
Re: (Score:2)
Before anyone starts shrieking that the US federal government isn't "foreign", I strongly suggest that the "intelligence community" constitutes a foreign government. It certainly doesn't act in the interests of ordinary US citizens.
Re: (Score:1)
Re: (Score:2)
Neither does a lot of the rest of government ...
Fucking hell. My parents! Hello??? (Score:1)
My parents are acting under "acting at the direction or under the control of a foreign government" and have been all along. Please, President Biden, look into them for real this time. They're outsmarting your agents or they're bribing them. This is not a joke. The list of suspicious behavior adjacent to them can't possible have gone completely unnoticed. Just stop taking their lies at face value because they're church goers.
January 6th (Score:2, Insightful)
> rewards of up to $10 million for any information that helps US authorities identify and locate threat actors "acting at the direction or under the control of a foreign government" that carry out malicious cyber activities against US critical infrastructure
Dear State Department,
The 45th US President, puppet of a foreign government, carried out malicious activities against the US Capital, inciting an insurrection through cyber means like social media.
As for the $10M, cash is fine, or Venmo if you prefer.
Info on threat to critical infrastructure (Score:2)
predictable (Score:2)
This is a predictable outcome from the US government.
The actual solution to ransomware is simple and does not require participation from government:
1. Wait until you get hacked
2. Get reliable attribution that the hack was caused by the same group that targeted somebody else
3. Confirm that that somebody else paid the ransom (i.e. invested in the company)
4. Sue that somebody else for damages
A successful suit here entirely changes the economics of ransomware, and does not depend on useless attorneys general to