
The perilous life of a computer virus cracker making enemies online - happy-go-lucky
https://www.bbc.co.uk/news/resources/idt-sh/hated_and_hunted_the_computer_virus_malware_ransomware_cracker
======
londons_explore
I don't believe these people are 'cracking the encryption'.

Any virus writer is going to know how to use public-private crypto to encrypt
the files in a non-reversible way. Only an amateur would use a basic XOR key
or reverseable encryption with the key embedded in the binary.

Another commenter suggested the C&C server gets broken into. I doubt that too,
since the criminals private key can sit entirely offline - all they have to do
is periodically check for cryptocurrency payments and then publish the keys
for the users who have paid to somewhere like pastebin, IPFS, etc. No real way
to track the computer doing that, let alone break into it.

~~~
tgsovlerkhgsel
You are assuming _far_ too much competence.

There are certainly criminals who know what they're doing, but there are also
plenty of them that don't.

Also, the C&C kind of does need to be online because it needs to hand out keys
to paying "customers" instantly. I mean, it doesn't have to be, but not doing
it is probably worse for business than losing a couple days worth of ransom
from time to time.

Edit: Also keep in mind that the good people can often get decently paid legit
jobs. Ransomware is profitable, but when you consider how many people will be
splitting the loot, the need for tech support, the need to launder the money,
the higher risk (translating to higher costs) of being a criminal, it's
probably not even profitable enough to attract the best. Hiring competent
people for security jobs is hard even for legit companies, and being a
criminal gang won't make it easier.

~~~
ASalazarMX
It's an arms race. The incompetent criminals are being weeded out while the
system lets the apt ones thrive. It's telling that computer fraud has grown
while low-hanging fruit is being showcased.

Also, competent engineers are not employed by mafias, they are coerced into.
Money is just an added bonus.

------
Rexxar
Just a tangential question: How to people manage to have ransomware on their
computer generally ? Do they just run untrusted software on their machine ?

~~~
acct1771
Precisely. Either in the form of AIDS.exe they thought was "that jewel game
from the Yayhoos", or your secretary who received an email that said "I can't
believe this is you!" and then executed macros in a malicious MS Word or
PowerPoint file.

------
czr
> _To the untrained eye, the code of a computer virus is just a jumbled mess
> of letters, numbers and symbols._

> _But to Fabian Wosar, each line is a clear instruction. He knows and
> understands every digit and dot in the same way a pianist would read a page
> of musical notes._

This stood out to me as a strangely flowery description of reading asm, but
apart from that the article was quite engrossing. Props to Fabian.

------
classichasclass
It seems like a lonely, difficult existence. At least he appears to have a
good paying job, but it's already clearly taking a toll on him.

------
quickthrower2
I thought those viruses encrypted using a secret key. How could he crack it?

~~~
technion
The common way these are "cracked" is that the C&C server - which observes
payments and hands over keys - is itself compromised.

There are a lot of news articles I read about people "cracking ransomware
encryption" and, aside from some early versions that had basic crypto bugs,
I'm extremely suspicious of anyone claiming to do so. There are a number of
companies I'm aware simply pay the ransom, then charge a huge markup to claim
they "cracked the encryption", so it's better for their business to support
the view there are elite hackers somehow breaking RSA every time ransomware
uses it.

~~~
solotronics
That's not something I thought of before. Really interesting. I wonder if this
business model is legal in the US?

------
CodeBoyCode
Can anyone recommend good books to get into cyber security?

