Charges for LastPass, MailChimp, Okta, and Twilio hacks
November 26, 2024 10:30 AM   Subscribe

Brian Krebs: Federal prosecutors in Los Angeles this week unsealed criminal charges against five men aged 20 to 25, alleged to be members of "Scattered Spider," a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.
posted by russilwvong (8 comments total) 10 users marked this as a favorite
 
According to prosecutors, the group mainly sought to steal cryptocurrency from victim companies and their employees.

The grift that keeps on grifting
posted by chavenet at 10:55 AM on November 26 [3 favorites]


Yesterday was incident-response day in my human-factors-infosec class. One thing I tell them about incident PR is never, ever to use the phrase "sophisticated attacker(s)," because you never know when it's a script kiddie... or what Scattered Spider and their ilk are currently being called in the infosec community, "Advanced Persistent Teenagers."

(For folks not steeped in infosec, that's a play on "Advanced Persistent Threat," a rather silly phrase with an elastic definition that usually boils down to "a skilled, well-resourced, and relentless attacker.")
posted by humbug at 10:56 AM on November 26 [9 favorites]


Yesterday was incident-response day in my human-factors-infosec class. One thing I tell them about incident PR is never, ever to use the phrase "sophisticated attacker(s)," because you never know when it's a script kiddie... or what Scattered Spider and their ilk are currently being called in the infosec community, "Advanced Persistent Teenagers."


And this is the sort of attitude that is why white collar crime isn't taken seriously. Never mind that they did real damage to actual victims (and even in one case had actual violence visited on them), we'll use language that dismisses their actual threat.
posted by NoxAeternum at 11:59 AM on November 26 [2 favorites]


My sense is that within infosec it's rueful rather than dismissive -- "security sucks so bad that yeah, we can get pwned by J Random Teen" -- but I can definitely see how it reads differently splashed across a headline.

But what to do about hackers is a longstanding question. Plenty of them eventually go straight and turn into infosec stalwarts. The younger they are, the more likely this outcome seems to be. And once they've gone straight -- well, see the Marcus "Stopped WannaCry Singlehanded, Promptly Got Arrested" Hutchins story for how being punitive with infosec pros over a less-than-licit past can get really senseless really fast.

There's also The Mirai Confessions from Wired, previously featured on the blue.

I don't have any orthodoxy here. There are serious questions about restorative justice; even hackers who go straight don't typically make their earlier victims whole.
posted by humbug at 1:19 PM on November 26 [10 favorites]


And this is the sort of attitude that is why white collar crime isn't taken seriously.

White collar crime isn’t taken seriously because of the wealth and status of the people doing it, or of the institutions that are supposed to protect people from it (but do not). Computer security has plenty of cultural problems, and people having an ego about their skills is one of them, but I don’t think the kind of people who banter about stuff like this are usually the weak links when it comes to taking security seriously enough.
posted by atoxyl at 2:01 PM on November 26 [7 favorites]


I have seen the effects of a few hacks from close range lately, and it makes me seethe. Given how dependent we are on computers now, attacking random organizations just because they are vulnerable -- without caring about the consequences -- makes me want to throw every hacker down a well.
posted by wenestvedt at 10:20 PM on November 26 [6 favorites]


wenestvedt, I'm with you. I naively imagined this stuff to be kind of rare and insubstantial until it intruded into my life over the last few years. First, my organization's email system was locked in a ransomware attack during the first year of the Covid pandemic. For something like 17 days, we just... had nothing. There was never much official explanation of what transpired to get it back. And then, last year, the British Library's online systems came down in another spectacular ransom attack. It's not restored and I don't expect everything will come back. That includes the in-system workspace, where I'd stored about two years' worth of research on a book project.

These instances make me feel so inept and vulnerable, especially when I fantasize about how vulnerable the people behind them might be in real life. If I think of these as amoral teenagers acting out only because they think of themselves as anonymous, I seethe at a rowdier boil than if I imagine them part of a hardened criminal cabal, for whatever reason. Maybe because it's so feckless an action with such intense consequences. On my worst days, I feel ready to do the well throwing myself.
posted by late afternoon dreaming hotel at 4:33 AM on November 27 [3 favorites]


Yeah, I use the phrase "garbage humans" a WHOLE LOT in my class, mostly though not exclusively of attackers.

(The infosec asshole who faux-phished a California university with an Ebola scare? ALSO A GARBAGE HUMAN. There's a lot of garbage humanning in phishing testing, because its guardrails are inadequate and too many of its practitioners think the goal is "con/embarrass the most people" rather than "assess reality blamelessly and helpfully.")

I'm hardcore not a fan of the whole nation-state vulnerability-hoarding APT-defending free-for-all, either. (That level of cyber isn't my thing; we have another person on our faculty whose area it is. I sat in on his course last spring, because he hella knows more than I do.) The knock-on effects -- which include the British Library hack; the Rhysida group is most likely Russian -- are severe and only getting worse.
posted by humbug at 7:45 AM on November 27 [2 favorites]


« Older Bad Influence   |   A pop song in classical dress Newer »


You are not currently logged in. Log in or create a new account to post comments.