Hacker News new | comments | show | ask | jobs | submit login
China, Addicted to Bootleg Software, Reels from Ransomware Attack (nytimes.com)
149 points by JumpCrisscross on May 15, 2017 | hide | past | web | favorite | 172 comments

I don't think it's really fair to suggest that average Chinese people have a choice in the matter.

I lived in China (Guangzhou) for several years, and it was literally impossible to buy a computer with a legal copy of windows installed on it (or, failing that, a standalone windows disc) in the main computer district of the city.

I eventually had to hop the border to Hong Kong when I wanted to buy a laptop.

I have lived in China forever and I have no idea what you are talking about.

Every laptop that I have owned came with legal copy of Windows with it. My family members have brought numerous legal copies (discs) from a local "computer district" as well.

I'm not sure how we can successfully argue about this when it's based on experience...

For the record, I was visiting Gangding in Guangzhou (the computer District) several times between 2012-14. Every vendor I found was baffled by my request and didn't know why I would ever want this.

I bought my laptop in 2014 in Hong Kong after my UK-bought one died.

Here are the instructions from HP[0], Lenovo [1] and Dell [2] respectively on how to reinstall the Windows that comes with the machine. So it's not really "based on experience".

[0] https://support.hp.com/cn-zh/document/c01902861

[1] http://iknow.lenovo.com/detail/dc_038423.html

[2] http://www.dell.com/support/contents/cn/zh/cnbsd1/article/Pr...

I'm not saying my experience is more correct or better than yours.

I have no idea where you were/are in China, but it was impossible to buy a genuine copy of Windows or a computer with it installed when I was in Guangzhou.

In Shenzhen, I have had both of your experiences. In buying mass market, name brand laptops, legit copies of Windows were normal. But from the same electronics malls, my experience was that almost nobody bought these [much more expensive] computers, and instead preferred the cheap knockoffs with tons of pre-installed pirated software. There were also -- always -- hawkers offering ripped copies of software, music & DVDs on the street outside.

those are not knockoffs,but DIY counter or shop,no named brand,Do It Yourself,at your own interest and risk.most these DIY shops only exist in electronic components shopping malls,visitors of such malls of course prefer DIY. Most normal people just buy named brand computers pre-installed OS in normal malls,electrical shops,brand stores,and even in big supermarkets such as Carrefour. so I am very strange and shocking that Apfel can not buy a named brand computer pre-installed legal OS in the third largest city of china

For the record, I also checked my local 大润发 and 国美电器, where they did the same shit.

This is not related to experience, but common sense, all big brands of computers should sell legitimate products, such as HP, DELL, as far as I know, they also occupy a large share of the Chinese market, they are large-scale piracy in the Chinese market? Perhaps there may be some misunderstanding or communication problems, as far as I know, some big brands of computer have pre-installed operating system on the hard disk recovery partition, does not provide the operating system install disc, but the restore disc.

I've said this in another comment, but here goes again:

Actually, the laptops I tried out were almost all Dell + Lenovo (I wanted a thinkpad or XPS). I think, as another commenter said, they were probably Linux + FreeDOS systems originally. What the store owners would do is use Norton Ghost to put whatever (illegal) OS I wanted on there.

I think maybe there are large regional differences in product availability or regulation. I know it was a lot harder to buy iPhones in certain tier 1 Chinese cities than others when I was there, for example.

Maybe you were not trying hard enough. https://microsoft.tmall.com/


We've banned this account for violating the HN guidelines despite our requests to stop.

The person you're repyling to explicitly told us his experience. If you say it's not based on experience, you're calling him a liar.

His experience is very shocking, he can not buy a HP or DELL computer with a legal copy of windows installed on it in GUANGZHOU.

Actually, the laptops I tried out were almost all Dell + Lenovo (I wanted a thinkpad or XPS). I think, as another commenter said, they were probably Linux + FreeDOS systems originally.

What the store owners would do is use Norton Ghost to put whatever (illegal) OS I wanted on there.

I think bgee was saying that their side of the argument (that legal Windows is available) is not based on experience.

Or maybe he had an experience not reflecting the reality, which often happens when someone fails to overcome the language barrier.

I speak Chinese and I was with my Chinese wife. Thanks for the patronising attitude though :P

I don't think you understand what "based on experience" means in this context.

I was trying to say that this argument can be based on fact instead of experience.

How do you confirm this?

Is the Windows sticker on a laptop good enough?

Why is this downvoted? I thought the Windows sticker on a laptop is the best proof that Windows is pre-installed...

The question isn't "Is Windows installed"... it's "Is the install of Windows on a laptop legal and legitimate".

A sticker says Windows is installed... it doesn't say anything about legality.

OP said "I couldn't find a laptop with a legal copy of Windows installed". Responder said "Everything I got was legal, and had no issues buying new discs with legal licenses".

OP said "it was literally impossible to buy a computer with a legal copy of windows installed on it".

Responder said "it is quite possible (even common) to buy a computer with a legal copy of windows installed on it" and asked "is a Windows sticker on a laptop good proof for legally installed Windows?" with the assumption that pirated Windows does not come with a sticker.

PS: That assumption turns out to be debatable [0].

[0]: https://item.taobao.com/item.htm?spm=a21m2.8232368.0.0.TlUMn...

Don't most manufacturers pre-image OS on computers at the factory now? They usually have an option to create recover disk/sb drive.

In Asia most brands sell the laptops without OS for cheaper price compared to the same model but with windows preinstalled. Some stores may install a bootleg version for free or even fake it as a genuine Windows install.

Holographic stickers are routinely counterfeited in China: http://www.bunniestudios.com/blog/?p=283

Last time I had to buy Windows install media I went directly to a Microsoft corporate store.

Systems that have already been infected with the NSA DOUBLEPULSAR rootkit are more vulnerable to infection [1].

The high prevalence in China (and Russia) might also indicate that these systems were hacked by the NSA prior to the Microsoft March 2017 update patch and the WannaCry ransomware.

[1] http://blog.talosintelligence.com/2017/05/wannacry.html

For reference, the specific quote "WannaCry appears to primarily utilize the ETERNALBLUE modules and the DOUBLEPULSAR backdoor. The malware uses ETERNALBLUE for the initial exploitation of the SMB vulnerability. If successful it will then implant the DOUBLEPULSAR backdoor and utilize it to install the malware. If the exploit fails and the DOUBLEPULSAR backdoor is already installed the malware will still leverage this to install the ransomware payload. This is the cause of the worm-like activity that has been widely observed across the internet."

Why doesn't the PRC make it's own operating system? It could be based completely off of western technology like Linux, but they could claim it's completely Chinese made and tout it as a huge technological advancement - like they do with their trains.

There already is an official Ubuntu distro for China.


Many prefer Deepin rather than Kylin. https://www.deepin.org/

They have made Red Flag Linux back in the days, which was possibly based on Red Hat, which I found amusing.


Not only amusing but also a failure.

Because we are lazy. Com'on, the US government hasn't banned Win10 export to China yet.

Home baked RTOSes prosper though.

There is currently a big push towards getting their own semi-conductor industry

They could run Linux. Or buy a mac. Or buy a windows license from abroad.

Seems like plenty of choices to me.

You forgot to add "Write their own OS" to your really good suggestions here.

Yeah, but keep in mind that not everyone's computer-savvy enough to do that. Often people will go the path of least resistance... and if it means your laptop/computer ships with illegal copies of Windows, that's what you're going to use.

I think Macbooks are pretty expensive in China (last I checked, this was a few years ago, so this might have changed), which is why people are gonna leap for the cheaper alternatives.

No idea why this is being downvoted. Pretty sure it's legal to run FreeBSD and Linux in China, if you can't afford an Apple. Convenience isn't an excuse for copyright violation.

The average poster on HN would be okay with doing this, but broader society would not. My mother, bless her heart, struggles with email. When she needs something, she goes to Best Buy and gets whatever the salesman tells her to get. Telling her "Oh, Best Buy is breaking the law, but you can install FreeBSD, and you'll be fine" is a little out of her comfort zone.

Actually, I'd say "go buy a laptop from the shop in Melbourne that sells systems with Linux pre-loaded, they'll look after you".

Not only is that a viable approach, I'd take any bet you'd like that she'd get better support from them than any 'big brand' supplier of Windoze boxen.

(Actually, I'd probably say "holy shit I thought you were dead", but that's specific to my mother).

The problem is that most of the software that Chinese people use from day to day are typically only available on Windows.

So? That sounds like a bad decision on their part.

The decision to try to use FreeBSD or Linux would probably leave them unable to type in their own language.

I have tried what passes for an IME for Linux desktop applications (formerly SCIM, now IBus). It doesn't work with some applications. It crashes some applications sporadically. And one technology was replaced by another that doesn't work the same way without a smooth upgrade path.

If you are a power user who has been using *nix for years and reading lots of documentation in English, you can come up with the right configuration and workarounds for occasional typing in CJK. That's no way to actually use a computer to do things if your primary language is Chinese.

The IME situation in modern X frankly sucks. Back in the day I regularly contributed to the relevant projects, but our efforts were continually thwarted by people who had no idea about CJK requirements and worse, won't listen to us ("why do you need to pass keystrokes to a separate process?", "users don't need a choice of IMEs per language", etc). It got so tiring that eventually most of the regular contributors moved on.

And now I have no idea what's going to happen with Wayland.

>Convenience isn't an excuse for copyright violation.

Why does one need an excuse for copyright violation?

Heh. I'm a little sympathetic to that view, myself:


Still an area I'm mulling over.

I'm opposed to it beacuse it is censorship, while I reject private property altogether. Different ways of reaching the same conclusion, I suppose :)

Indeed. I think private property is one of the foundations of civilisation, but I'm not entirely convinced that IP is a legitimate form of property.

You can install Windows for free, and then buy a license for it. You have some time to use the OS before the trial period expires; then some annoyances kick in.

(Of course, if it's cracked in some way to circumvent that without paying then it's illegal.)

Surely running old Windows that you have to pirate and block from updating is less user friendly than a simple Ubuntu setup. I get that many people don't even think it's an option, but if I were looking for a market for more desktop linux users, people suffering through windows piracy would be one of the top.

Sensible option for someone in the west. Wouldn't make sense at all for the ecosystem of digital needs one would want to fulfill in China.

Also, you're thinking of 'pirating' as equating going to the pirate bay, digging through the slew of junk in there, getting a whole bunch of complicated key gen and activation blockers or what not and ending up with a crippled system. Pirated Windows in China is very much a commercially finished product fully packaged as a consumer friendly product that's probably easier to install than vanilla licensed Windows.

Cross compatibility, binary drag and drop, games, Chinese language tools, browsers required by banks. Same old Asian Windows needs

Pure curiosity: What is "binary" drag and drop?

Sorry, I just mean that binary compatibility from one Windows system to another is not a big problem. Here's a USB full of software, drag the files over to your system, done.

Interesting. How come it's worse than in the west?

Some banks still require activeX plugins. When you are paid into a bank and you only have an online account (not that rare) then you have to suck it up and use really, really insecure access methods (or change banks which isn't always an option for everyone).

You don't have to block Windows XP from updating; it just doesn't, any more. (When I tried to get a copy set up recently in a VM to do some ReactOS cross-compatibility debugging, it was very hard to get it to even talk to the Microsoft Update service—the website version of Windows Update is seemingly just gone now, and yet XP insists on using the website to bootstrap-update the native Microsoft Update agent. You have to download and install the updated agent .msi manually.)

We have tried desktop Linux there over 10 years ago, both commercial and open source. Remember Red Flag? They were one of the many competitors.

Turned out nobody wanted Linux on the desktop.

Most Chinese software are only available for Windows.

You can update pirated Windows, from XP to 10. It just has to be pirated with a "supported pirate kit" for a lack of a better title. As in supported by the hacker community which created it.

I bet the malware author is really regretting not translating the ransom note and payment instructions into multiple languages now.

EDIT: Sorry, my mistake. It's already in 28 languages, like the posters below pointed out. I only ever saw the English screenshot and made the incorrect assumption.

Few people are paying up. The Bitcoin transactions are logged.[1] Current total is US$60K.

[1] https://whitesunset.github.io/wannacrypt_balance/

For some perspective, CryptoWall made over $300mm in it's first year [0] and CryptoLocker made $30mm in 100 days [1].

[0] http://thehackernews.com/2015/10/cryptowall-ransomware.html

[1] http://www.pcworld.com/article/2082204/crime-pays-very-well-...

Why are these orders of magnitude more profitable than WannaCrypt? More computers infected? Bigger percentage of targets paying the ransom? Larger ransom amounts? Something else?

People have started taking better backups, now they have the option to restore, plus it's too big, the UK government is never going to pay $300 per computer when you may have 10,000 computers locked up. When you get a small firm with 5 pcs and the cost is $1500 it's a cheap lesson so you pay up.

Isn't the decryption key the same? You pay once and are able to devrypt all the 10k computers?

Why would it be? Usually Ransomware has a unique btc address per infection (per machine) so the decryption key is linked to the payment, that doesn't seem to be the case with this malware.

It seems they accepted alternate methods of payment aside from BTC, which suggests technical difficulties in acquiring BTC.

Maybe 'cause it wasn't a commercial operation, but a "retaliation at a time and place of our own choosing" that spread outside Russia before the killswitch could be hit via their cutout.

I've read that even after paying you don't get your files back. Might just be buggy software.

That's not really a lot of money compared to the risk he/she is running...

$60K so far, and a lot of people are still probably figuring out how to get Bitcoin. If they had reasonable opsec in making/distributing it and act a bit careful in cashing out the coins they're probably OK. If they end up collecting $200K or so, and Bitcoin continues to go up and they live in a cheap country ... could be well worth it.

They only get to live if the FSB isn't after them.

Wow, I calculated $40k a day ago (https://news.ycombinator.com/item?id=14339002). It's growing pretty quickly.

That's only a difference of like 65 people. It's just that the ransom is quite high.

taking people a few days to figure out how to buy a bitcoin i guess

It's also not clear how the attackers will be able to launder the Bitcoin, given how many eyes are now on those addresses.

The attackers can run their bitcoins through a "bitcoin mixer". But those mixers may have been penetrated by an intelligence agency. It doesn't matter which one; all the major powers are annoyed with this attacker.

Yeah we can just imagine the scene in a movie: dude lives like a poor hermit for five years, carefully mixing those BTC, and then when he flies to Vietnam and buys a nice boat, drives a few miles offshore, then he finds a pissed-off assassin who kills him in some painful fashion just for "being an asshole for taking so long to surface".

They can easily tumble them using various services and buy Monero with it.

Wait, so does that mean we can follow the money? (find out who converts those specific bitcoins to a physical currency?)

It's hard though, there are money laundering techniques that split the coins into thousands of small packages and tumble the bad coins with good ones.

Now up to $71K.

They did though. See screenshot with the language pulldown: https://i.kinja-img.com/gawker-media/image/upload/s--mLMZ86w...

According to wikipedia it was translated into 28 languages.

But he did? I think there were 28 RTFs for different languages..

i18n from the get-go, ladies and gents. Don't be this guy, leaving millions on the table.

Has anyone read any article on how this vulnerability is spreading via SMB V1? With the Robert Morris worm/I Love you/Conficker we knew exactly how the worm spread.

From a programmers perspective, what is this thing doing? Is there an nmap filter to find vulnerable clients yet? If not, how do I create one. I'd like to be pro-active with my current customers concerns.


It uses a buffer overflow in the SMBv1 message block to.

Effectively to filter it you need to block all SMBv1 packets. Which you should do already because the modern SMB is v3

Let alone you shouldn't be listening for AD management commands from the wide internet.

when those hit you probably read about it on slashdot and heard something on the late nite news.

now you get noise coverage everywhere.

It's amazing (and sad) the amount of mental gymnastics people are going over in the comments to justify piracy.

Even the companies agree with it if the alternative is not using their product at all.

A young student uses pirated Photoshop at home instead of Paint.NET, and many years later, if he becomes a graphic designer he will demand his employer to buy him a Photoshop licence.

It's just another way of doing price segmentation, with a special segment of "price 0".

Yes let's make a movie about it. We can call it Pirates of Silicon Valley [1].


Silicon Valley is getting real weird, man.

Makes me wonder about all the customers of ours, on every continent, that were running unactivated/cracked versions of Windows server for critical infrastructure (SQL servers, domain controllers, Exchange boxes, Lync servers)...

I am pretty sure that pirated Windows can update without problems. Source: someone I know pretty well since I was born.

No, there is a good reason why they cannot be updated without issues and it has little to do with product activation or anything on Microsoft's part.

A lot of these cracked copies of Windows were installed by cloning a master image, which was heavily customised using unofficial tools such as Dism++ and did so aggresively that the many of the underlying dependencies were left permanently damaged. The system will appear fine however many official patches could break it.

A number of homegrown security suites actually blocked the installation of the relevant patch in March due to a correct if not misguided decision that this patch would make many cloned installations unbootable unless the user was capable of performing a manual repair process.

Patching is never that simple in the real world. I've had to roll back a few patches myself after them made various production software fail to run (in one case, Microsoft Office). A number of streamers also had their line of work affected after a Windows 10 update borked certain aspects of sound capture - if they had any faith in the updating process they probably won't have any left after it gets in their line of work.

Or use a MSDN image that you verify a hash of, and KMS activator.

In Brazil Windows is sold in DVDs with the official installer.

The newly installed Windows asks for activation and you just ignore it forever.

You can't choose a desktop background and are greeted with a "You may have been victim of software piracy" every now and them, but Windows Update works pretty fine.

You are probably right about the DVD containing modified images (with malware, probably) but they work OK.

Not the case in China when you could buy a "customised image" of windows that installs in 10 minutes and without all the nagging notification about activation and patching.

There is a huge shady industry of preloading applications that were often borderline malware so the competition between different brands of custom image is quite fierce. Once of the reasons of aggressive patch installer pruning is because "my installation is 500MB smaller than yours" would take a great selling point.

Newer versions can. But older versions of windows, I believe are still gated by Genuine Windows check.

Hmm, the article is light on stats for western countries. I know the NHS in England got hit hard but I haven't heard much about the he rest of Europe or the US.

If I were more paranoid than I am I would wonder if this NSA "leak" was by design.

But probably not, never attribute to malice what can be explained by ignorance I guess!

In the Netherlands all that got hit was a few parking garages, along with a bunch of random people caught in the line of fire.

FedEx got hit, but I haven't heard about much spread over here. I guess people here are more likely to have installed a windows update in the last month and a half? :p

Renault has been infected. They had to shut down factories.

Maybe to drive users away from Windows to SELinux! ;)

That's a conspiracy I can get behind.

Reports suggesting North Korea may be source of ransomware attack: "Kaspersky and Symantec both said on Monday that technical details within an early version of the WannaCry code are similar to code used in a 2015 backdoor created by the government-linked North Korean hackers, who were implicated in the 2014 attack on Sony Pictures and an $81m heist on a Bangladeshi bank in 2016." https://www.theguardian.com/technology/2017/may/15/wannacry-...

North Korea and Russia are always fingered as the source of any hacking/malware activity that hits the news, regardless of actual proof.

The entire Sony hack attribution to North Korea was already shady, at best.

Saying a nation-state actor hacked you makes it look a lot less worse than "some disgruntled ex-employee" or a 20-something year old student.

I'm not saying this attribution is incorrect, but it's very hard to separate the wheat from the chaff with these kind of news articles, even from sources I'd normally consider reputable.

This is kinda funny, I must say. Not right, but funny.

Oh I'd say it's pretty righteous. They (including major institutions who could afford legit software) chose to steal their software, got locked out of critical functionality (security updates) as a result, and are now suffering the consequences.

The end result will be that they'll get much more efficient at distributing patched bootlegs. This story is far from over.

I wonder how India is faring; the causal environmental conditions should be quite similar.

I saw a secretary in an hospital still using Windows 98

I believe NHS doesn't use pirated software, right?

They use software past its support lifetime, which from a security perspective amounts to basically the same thing

The Guardian reports that "some expensive hardware (such as MRI scanners)" may be locked into Windows XP.


Incredibly common for computers attached to expensive pieces of hardware to use very old operating systems. Even in very high tech places with a lot of money to throw around.

Can confirm, work at Intel. All of our electron microscopes run off of Windows XP.

I don't really care if an MRI scanner is running XP presuming it's airgapped. Your MRI scanner is airgapped...right??

Why? It sends scanned images to doctors so it can't be airgapped. It's not a Polaroid MRI.

Despite the potential inconvenience I would suggest airgapped + sneaker net is a far better option for anything running XP at this point.

How hard would it be to put a supported windows on the network right next to the XP box and transfer files via flash drives?

One would have to enforce this, because it would be quite tempting to simply switch the network cable from the new box to the old one. Users DGAF.

Wonder how much control the computer has over the machine. MRIs are heavy beasts. An uncontrolled quenching or erratic or unexpected protocol could injure or even kill.

An air-gap might indeed be inconvenient, but it doesn't need full network access just to send images. It can send the images to an up-to-date system over a "data diode" network.


How many MRIs were infected at the NHS? (I have seen 0 reports of anything other than receptionist and patient records computers)

It's not like companies in my industry can rewrite embedded tools on the fly. The costs can be way too prohibitive for class c software.

the windows monopoly is still hurting us. We need a reverse engineered gpl windows :) that doesn't leave gaping security holes.

a free OS is fundamental.

I think ReactOS was taking a stab at that.


not until it can run games with latest video card drivers. but when it finally can, I will already be able to do that in a vm solution

You might be interested in ReactOS



Pay now or pay later.

I hope people start considering alternatives to Windows after this.

There are many viable alternatives that do not suffer from any of these issues.

Windows gets hit on by viruses because it's popular. If Linux was more popular, it would get targeted instead so the problem would probably remain.

Assuming the vulnerability level is 1 to 1 (which I very much doubt) it still makes sense to avoid a mono-culture. It allows us to work around any single point of failure and improves the cost/reward structure for exploits.

No. Android is Linux and has a higher market share than Windows, so you are incorrect.

Ah, but mobile devices are usually hidden behind a providers NAT and nearly all applications that are interactable and could be semi-directly contacted (eg. messaging apps) are written in a managed language, so a spread like we've seen with WCry is less likely to happen.

Having said that, have you seen the amount of malware hiding in advertisements for Android? There's a lot.

Well then, if you're talking phones. The Windows phone is less likely to get a virus than Android phone. Like I said, it's simply a question of popularity - it makes more sense to target a popular OS if you're writing a virus.

Non-Windows systems are also susceptible to zero-days and poor security. However, Linux systems are typically managed by the technically competent, and Macs constitute such a comparatively small share of the consumer market that the economics of an attack against them just don't make sense.

> Macs constitute such a comparatively small share of the consumer market that the economics of an attack against them just don't make sense.

Is this really true though? Wouldn't they, on average, have way more disposable income than the average windows user? I'm thinking something along the lines of the Pareto principle in conjunction with your disposable income being correlated with owning a mac.

Good point -- I suppose that comes down to the real numbers. However, that probably only makes a difference for certain kinds of attack: it's probably not worth botnetting Macs.

Android is technically Linux, and has a higher market share than Windows. The economics of an attack actually do make sense.

This narrative was probably true years ago, not in 2017.

Where is the global Android ransomware scandal?

Malware targets Windows because Windows is the low hanging fruit.

There's ransomware, but if it had the same level of impact you would be hearing about it in the news. Except that you are not. What you are hearing about instead is WannaCrypt on Windows, because that has a more significant impact.

The difference is in the delivery method. Android malware gets distributed by 3rd-party (pirated) app stores and apk downloads, where every victim actually had to do something questionable to get infected. There haven't been many reports of malware attacks on Android from doing innocent things like opening emails.

WannaCrypt on the other hand relied on NSA's ETERNALBLUE and DOUBLEPULSAR exploits so that computers sharing a network could get infected without doing anything.

Aside from that, most people would just reset their phone if they got ransomware since most of the important data on a phone is already backed up to the cloud. So there's less of a payout as well.

Federal agencies almost certainly have zero-days against Android, against the Linux kernel, what have you. What's the argument that Windows is inherently more susceptible to attack? I've heard that the kernel is more sophisticated than Unix-style kernels, so I suppose that perhaps the attack surface is higher -- but I've also never heard anything concrete to that effect.

Yes, they accumulate 0days, that's what they do. The NSA for example defines themselves as a "capabilities based organization", which is synonym for just accumulating ways to breaking into systems, whatever it is... hardware, software, cryptoanalysis... you name it.

But the difference is that if a vulnerability was found in Linux, people would quickly get it fixed then get their machines patched for free.

Now, this is a Microsoft insider talking about the development process in their kernel: http://blog.zorinaq.com/i-contribute-to-the-windows-kernel-w...

> If those behind the ransomware attack profited from the hacking, they may have figured out how to do something that has been beyond Microsoft: making money from Windows in China.

Pure gold

The amount of money the ransomware authors got is shockingly low.

They have about 150 transactions on their accounts, totally tens of thousands of dollars at max.

They've caused billions in damage though,and possibly death.

Yeah, and all for few thousands.

That still hasn't moved out from the wallets.

IDK. From a certain point of view, you could view them as doing a service.

What if a different kind of criminal had used these exploits? Not one that wanted $300 in bitcoin, but one that actually wanted to cause harm? They could have deleted files and never given them back, and they could have stopped any software running on the machines.

Well it looks like this malware doesn't unlock even after payment so they kind of have deleted the data.


I'm very curious it the attackers will dare to move that bitcoin given that now it's watched by half the planet.

If I would be LE I would spam tumblers with my own bitcoin, just to reduce the number of further leads.

I wonder what the legality is of microsoft writing a worm to disable windows installs until they pay.

They of course already have this feature, but it is not a worm.

microsoft has to operate under some form of law, and most countries have computer fraud laws (especially in the US, where it's a federal law). Writing a program to exploit someone else's machine for your own financial gain is certainly computer fraud, so they would be prosecuted for it.

How would this be different from say, a pirated copy of MS Office/Adobe PS that detects it has been pirated and stops working?

Pirates have no rights whereas paying customers do.

It's also bad publicity for them. I suspect many companies will look into Linux/Mac in certain cases.

Sort of? Microsoft makes a lot of money from Windows in China. The value is the fact that they use Windows, not that they paid for it.

It's a zinger though, I guess.

But I imagine Microsoft makes most of the money selling preinstalled versions of Windows that come with new computers, instead of direct sale to users. So I suppose Microsoft does in fact make quite a bit of money from Windows in China.

Ironically, Microsoft benefits in another way, which is that the pirate software prevents anybody else from developing a viable commercial alternative. This reminds me of a story. In the mid 90s, a friend of mine was shopping for a computer. Being an Apple fanboy at the time, I recommended a Mac.

He said: "Mac won't run AutoCad."

I said: "You can't afford AutoCad."

He just laughed. Pirate software drove his choice of platform.

> 2007: Jeff Raikes, head of the company's (Microsoft) business group, said at a recent investor conference that while the company is against piracy, if you are going to pirate software, it hopes you pirate Microsoft software.

Buying from well-known OEMs is rare in China. Many laptops, desktops and tablets are domestically made, even OEMs in China preload computers with pirated Windows.

If it was from a well-known OEM, it would be the Linux/freeDOS version, and the retail store would help install a pirated copy of Windows for you.

You're assuming that OEMs in China sell systems with licensed windows on them. I'd wager most people don't know they're running pirated software.

I think the assumption is that many/most of the computers in China that are sold with Windows preinstalled are using bootleg versions

iirc there were reports that even govt agencies in China are running pirated copies of Windows.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact