In a recent book called "Malicious Cryptography", which is about cryptovirology, there was some interesting scenarios described where viruses would be used to transparently encrypt a targets data using a strong symetric cipher that uses a truely random key gerneated in-situ, which is itself encrypted to the attackers public crypto-key.

The virus then sends the cipher key through a Onion network to a publicly accessible bulletin board where the attacker then downloads the key file, decrypts it using his private key, and can then send it back to the victim so they can decrypt their data, which is being held hostage, upon reciept of the ransom.

This has already been done just recently, according to an article by Bruce Scheiner on his blog, though the attack was sorta half-assed. While that attack may not have been successful, that doesn't mean others in the future won't be.

An interesting variation on this that one of the respondants made was that a virus could encrypt the data in the background during idle CPU cycles, until the whole thing was encrypted.

Then it would flash a message telling you what had been done and that you had 15 minutes to give your CC/Debit info to the virus, which would forward it to the attacker through the Onion network, before the virus would self-destruct the key and render all the data useless gibberish. :p

Problem with this scenario is that, the moment the first virus copy did this, the victim would be screaming bloody murder on the net, and the game would quickly be up. :(

But...if the virus is designed to stay hidden at all costs, to prevent premature discovery, then the virus could lurk in the background, spreading itself far and wide, until a predesignated time, when ALL the copies would activate simultanously.

My way to ensure this, despite dumbfuck users who can't set the clock right, is to have the viruses synchronize using the US Atomic Clock site. Only virus copies that were online would activate, which is the only ones you'd want, as otherwise the viruses couldn't synchronize, and the victims couldn't fess up the ransom ASAP.

Because the virus is only activated simultaneously, regardless of user set time, or differing time zones around the world, there's no advanced warning, everyone is affected at the same time.

Because of the very limited time window for the victims to respond, they're under duress to fess up the ransom ASAP or lose everything.

Because the window of opportunity is so narrow, and the ransom so small ($20), and the means of payment so quick (CC/Debit), the attacker could have the money and disappear before the first victim has even gotten through the voice menus to speak to the first cop. :p

The profit comes from the number of victims.

If the virus spread as many copies as the Mellisa virus did (say 20M), and even 1/10 of 1% (0.1%) of the victims fessed up the $20 ransom, that's $400,000. :D

What would make this even better would be to make the virus selective. It'd infect any computer, but self-destruct if the computer had less than (for instance) 100GB of data, or files associated with financial and business data, like Excel and Powerpoint. The potential of lossing so much data would be more likely to compel compliance with the ransom demand.

Because only 'high-value' targets would remain infected for more than a few moments, the chance of premature discovery is lessened. The take would be less, but there'd also be higher probability of success.

This could tie-in quite nicely with the concept of the Autonomous Mobile Cyber-Weapon (AMCW), since only 'High Value' targets would be affected. For these targets, such as financial institutions/universities/businesses, the ransom would be significantly higher, which would compensate for their fewer numbers.

The virus uses public key crypto because this makes disassembly of the virus in an attempt to recover the sysmetric cipher key pointless, because the symetric key is no longer around by the time the virus makes itself known. The flaw of the virus retaining the symetric cipher key is common in todays encrypting viruses, which is why they've all been failures, failure being defined as the victim being able to recover data without fessing up the ransom.

You could even use this virus for attacking some organization you hated, by making the ransom payments all end up in their account, which you'll ensure is discoverable by including a deliberate but subtle flaw in the virus that would allow for eventual tracking of the funds to the account of the real target.

Say you didn't like the NAACP or ACLU...make millions of dollars of ransom money flow into their accounts.

When it's discovered that this terrible virus which destroyed so many peoples personal and financial data was for the benefit of some liberal group, backlash commences...freezing of accounts, audits, bad publicity, declining donations, etc.

You'll notice that nowhere do I mention actually giving the victims the decryption key. >)

You could, if feeling generous, upload a list of the decryption keys to some site, using some detail that would identify to the victims which key will unlock their data. They can then run the XTEA decryption algorithm using that key to recover their data.

Attached is a PDF scan of the XTEA cipher algorithm, OCR'd and proofed, that I got from the book. It's in C, I do believe, and is incredibly small and quite secure to-date. If someone can compile this into an exectable (not that I'd run it on MY machine! :p), that'd be handy.

In a recent book called "Malicious Cryptography", which is about cryptovirology, there was some interesting scenarios described where viruses would be used to transparently encrypt a targets data using a strong symetric cipher that uses a truely random key gerneated in-situ, which is itself encrypted to the attackers public crypto-key.

The virus then sends the cipher key through a Onion network to a publicly accessible bulletin board where the attacker then downloads the key file, decrypts it using his private key, and can then send it back to the victim so they can decrypt their data, which is being held hostage, upon reciept of the ransom.

This has already been done just recently, according to an article by Bruce Scheiner on his blog, though the attack was sorta half-assed. While that attack may not have been successful, that doesn't mean others in the future won't be.

An interesting variation on this that one of the respondants made was that a virus could encrypt the data in the background during idle CPU cycles, until the whole thing was encrypted.

Then it would flash a message telling you what had been done and that you had 15 minutes to give your CC/Debit info to the virus, which would forward it to the attacker through the Onion network, before the virus would self-destruct the key and render all the data useless gibberish. :p

Problem with this scenario is that, the moment the first virus copy did this, the victim would be screaming bloody murder on the net, and the game would quickly be up. :(

But...if the virus is designed to stay hidden at all costs, to prevent premature discovery, then the virus could lurk in the background, spreading itself far and wide, until a predesignated time, when ALL the copies would activate simultanously.

My way to ensure this, despite dumbfuck users who can't set the clock right, is to have the viruses synchronize using the US Atomic Clock site. Only virus copies that were online would activate, which is the only ones you'd want, as otherwise the viruses couldn't synchronize, and the victims couldn't fess up the ransom ASAP.

Because the virus is only activated simultaneously, regardless of user set time, or differing time zones around the world, there's no advanced warning, everyone is affected at the same time.

Because of the very limited time window for the victims to respond, they're under duress to fess up the ransom ASAP or lose everything.

Because the window of opportunity is so narrow, and the ransom so small ($20), and the means of payment so quick (CC/Debit), the attacker could have the money and disappear before the first victim has even gotten through the voice menus to speak to the first cop. :p

The profit comes from the number of victims.

If the virus spread as many copies as the Mellisa virus did (say 20M), and even 1/10 of 1% (0.1%) of the victims fessed up the $20 ransom, that's $400,000. :D

What would make this even better would be to make the virus selective. It'd infect any computer, but self-destruct if the computer had less than (for instance) 100GB of data, or files associated with financial and business data, like Excel and Powerpoint. The potential of lossing so much data would be more likely to compel compliance with the ransom demand.

Because only 'high-value' targets would remain infected for more than a few moments, the chance of premature discovery is lessened. The take would be less, but there'd also be higher probability of success.

This could tie-in quite nicely with the concept of the Autonomous Mobile Cyber-Weapon (AMCW), since only 'High Value' targets would be affected. For these targets, such as financial institutions/universities/businesses, the ransom would be significantly higher, which would compensate for their fewer numbers.

The virus uses public key crypto because this makes disassembly of the virus in an attempt to recover the sysmetric cipher key pointless, because the symetric key is no longer around by the time the virus makes itself known. The flaw of the virus retaining the symetric cipher key is common in todays encrypting viruses, which is why they've all been failures, failure being defined as the victim being able to recover data without fessing up the ransom.

You could even use this virus for attacking some organization you hated, by making the ransom payments all end up in their account, which you'll ensure is discoverable by including a deliberate but subtle flaw in the virus that would allow for eventual tracking of the funds to the account of the real target.

Say you didn't like the NAACP or ACLU...make millions of dollars of ransom money flow into their accounts.

When it's discovered that this terrible virus which destroyed so many peoples personal and financial data was for the benefit of some liberal group, backlash commences...freezing of accounts, audits, bad publicity, declining donations, etc.

You'll notice that nowhere do I mention actually giving the victims the decryption key. >)

You could, if feeling generous, upload a list of the decryption keys to some site, using some detail that would identify to the victims which key will unlock their data. They can then run the XTEA decryption algorithm using that key to recover their data.

Attached is a PDF scan of the XTEA cipher algorithm, OCR'd and proofed, that I got from the book. It's in C, I do believe, and is incredibly small and quite secure to-date. If someone can compile this into an exectable (not that I'd run it on MY machine! :p), that'd be handy.

Say you didn't like the NAACP or ACLU...make millions of dollars of ransom money flow into their accounts.


You, sir, are very intelligent. I think I'll pass this idea along and just see what happens.

Say you didn't like the NAACP or ACLU...make millions of dollars of ransom money flow into their accounts.


You, sir, are very intelligent. I think I'll pass this idea along and just see what happens.

I have thought of thigns like this, and the simultaneous thing is a good idea, and it's a one job run, however, I would be more inclined to actually have it so that it was more.....agressive in defence. Colonise the copmuter, encrypt it, but lay ina dormant area, of a chip, a piece of code that will call reinforcements to the computer to retake the computer if needed.

I have thought of thigns like this, and the simultaneous thing is a good idea, and it's a one job run, however, I would be more inclined to actually have it so that it was more.....agressive in defence. Colonise the copmuter, encrypt it, but lay ina dormant area, of a chip, a piece of code that will call reinforcements to the computer to retake the computer if needed.

Perhaps it'd be better to release a few copies early, just to prove that it is what it says it is. After all, if everybody thinks you're bluffing and that any halfdecent data recovery program will make it all better, you don't get rich. Of course, you'd have to build in differences between the early release viruses and the final version, so that any anti-virus software updates intended to kill the early release ones would do nothing to combat the final, nasty version.

Perhaps it'd be better to release a few copies early, just to prove that it is what it says it is. After all, if everybody thinks you're bluffing and that any halfdecent data recovery program will make it all better, you don't get rich. Of course, you'd have to build in differences between the early release viruses and the final version, so that any anti-virus software updates intended to kill the early release ones would do nothing to combat the final, nasty version.

One difficulty I see there is that most large corporations have a firewall that would inhibit the virus, both from spreading, and, more importantly, from reaching the clock signal. Therefore it wouldn't know it was connected, and so wouldn't trigger.

Unless you tunneled it through port 80 traffic (assuming they use 80 for the proxy) then it would be ok, and no-one would notice. The other option would be to look for a network time signal broadcast.

As for credit card payments, would they not be very easy to trace? I don't really know but then I'm not a card scammer...

You could make the payment amount a simple formula of $1 per gigabyte or something, and tell the mark. $200 dollars tops for most people, lots more for most companies.

If you had the crypto sit silent for a few days, a lot of backups would also be worthless... You could just say that they were, and, if checked and found working, that would be because the key was still in RAM!

One difficulty I see there is that most large corporations have a firewall that would inhibit the virus, both from spreading, and, more importantly, from reaching the clock signal. Therefore it wouldn't know it was connected, and so wouldn't trigger.

Unless you tunneled it through port 80 traffic (assuming they use 80 for the proxy) then it would be ok, and no-one would notice. The other option would be to look for a network time signal broadcast.

As for credit card payments, would they not be very easy to trace? I don't really know but then I'm not a card scammer...

You could make the payment amount a simple formula of $1 per gigabyte or something, and tell the mark. $200 dollars tops for most people, lots more for most companies.

If you had the crypto sit silent for a few days, a lot of backups would also be worthless... You could just say that they were, and, if checked and found working, that would be because the key was still in RAM!

If they all activated simultaneously, and only gave 15mins compliance time, what about time zones? half the people would be asleep when their computers suddenly clicked on.
Also, why would you want to make a measly $400 000 when you could single-handedly render the majority of the worlds computer contained information useless. You could screw over the entire business world on Earth. Now THAT is a thing of beauty: shutting down the world...
He He. :D

If they all activated simultaneously, and only gave 15mins compliance time, what about time zones? half the people would be asleep when their computers suddenly clicked on.
Also, why would you want to make a measly $400 000 when you could single-handedly render the majority of the worlds computer contained information useless. You could screw over the entire business world on Earth. Now THAT is a thing of beauty: shutting down the world...
He He. :D

One of the four elements of "The Perfect Crime" is that it is done for profit, not revenge.

CC can usually be run as a debit, which is the desired thing, as that is instantly transferred as cash through the worlds banking systems. Once it's transferred, it can be disappeared. :)

As for time zones, who cares? If you have millions of victims, then even half of that is still millions. :p

Again, only computers that are able to access the time-synch signal will activate the virus. All the others are simply dormant.

In fact, one could have the virus check in with another site, this site being an activator for the attack.

Since a virus has a curve to its life cycle, just like an other lifeform, where there's very few at first, then a rapid increase, a plateau, and finally decline, the activator site monitors the viruses check-ins and, when they're at their peak infection, activates the timed attack. :)

I'm not a virus writer, nor too terribly proficient in the neccessary internet protocols, but surely it can be done. And it will be done, eventually.

To help along anyone who would like to learn more about this, I've attached a PDF scan of the books bibliography, which covers the relevant details of the attacks and protocols.

One of the four elements of "The Perfect Crime" is that it is done for profit, not revenge.

CC can usually be run as a debit, which is the desired thing, as that is instantly transferred as cash through the worlds banking systems. Once it's transferred, it can be disappeared. :)

As for time zones, who cares? If you have millions of victims, then even half of that is still millions. :p

Again, only computers that are able to access the time-synch signal will activate the virus. All the others are simply dormant.

In fact, one could have the virus check in with another site, this site being an activator for the attack.

Since a virus has a curve to its life cycle, just like an other lifeform, where there's very few at first, then a rapid increase, a plateau, and finally decline, the activator site monitors the viruses check-ins and, when they're at their peak infection, activates the timed attack. :)

I'm not a virus writer, nor too terribly proficient in the neccessary internet protocols, but surely it can be done. And it will be done, eventually.

To help along anyone who would like to learn more about this, I've attached a PDF scan of the books bibliography, which covers the relevant details of the attacks and protocols.

Just write a book about it, you'll make more money and won't be chased around the world by a police organization. Most businesses make regular backups of their data and wouldn't be bothered by some bullshit like this on their office PC. Hard drives fail often enough these days that daily backups are the norm.

Just write a book about it, you'll make more money and won't be chased around the world by a police organization. Most businesses make regular backups of their data and wouldn't be bothered by some bullshit like this on their office PC. Hard drives fail often enough these days that daily backups are the norm.

I'm typically not very critical of the content of this forum... but that sir was one of the worst ideas I've seen purposed on this forum in a serious tone. Perhaps it's because I know a little bit more on internet security than most topics discussed here... ... Regardless... regardless... before I get off topic - That sir (with all my experiences in the topic) was one of the worst ideas I've seen purposed on this forum in a serious tone.

I know this is an explosives and weapons forums and with content and focus nowhere near what you'd expect in an internet security or blackhat forum... so I forgive the users here for encouraging the silliness. Additionally, I forgive nbk2000 for I understand internet security is not his primary interest; I do not think less of him (I'm well aware of his substantial intelligence) ... I just do not feel it is extremely versed in this topic as most forumites.

Now first lets not get into the nitty-gritty technicalities of this topic... for we don't need to since the poor (fallacious even) design is very apparent in the theory let alone the reality. So with that... let's assume we can make such a virus. We make a virus and by some mystical means we are able to transport it to millions of computers... (since we're using a high-spreading worm like Melissa as our model for propagation... we'll make-believe for now this model works). Ok we have access to millions of computers... people even talked about business networks ... oh my... so we are on home computers and e-commerce networks and controlling a plethora of online resources that process transactions and store information/records. So yeah... we are covertly powering the information module of the electronic world... and oh the information at this point is boundless... we have home computers doing purchases and accessing online banking while our corporate machines are processing databases with credit entries and merchandise directing. Ok we got to this phase 1 by our mystical means... so what do we do? We destroy all this information, be completly overt, and request $20......... Anyone else now looking at this the way I'm looking at it?

So hopefully you all see the problem in this thought... and should redirect your focus on information gathering rather hardware encryption... oh wait there already is a big project on this.... Spyware.

Just for food for thought - no one really knows how much scammed money is being funneled by the Spyware developers... but it was estimated $4 billion. Look for a securityfocus article on it. There's billions to be made in hacking of information security.... truly there is - so if that's your intent don't quit looking in this region. Just think your ideas more thoroughly.

Theres a great deal more to be said about your concepts of viral production and propogation. However there's tons of information out there to correct these false-perceptions. Just assume everything you know was taught to you from the anarchist cookbook... because there's just as many misconceptions about 'hacking' as there are about 'explosives' and if you all were to be on a blackhat forum... you would sound there what a 'kewl' sounds like here. So the information is abundant! http://www.securityfocus.com ... bugtraq.... good starts? I don't know the best start is a programming book.

So that was my first post after lurking forever... I should follow up here. And I'm always around.

-SiLenCe

I'm typically not very critical of the content of this forum... but that sir was one of the worst ideas I've seen purposed on this forum in a serious tone. Perhaps it's because I know a little bit more on internet security than most topics discussed here... ... Regardless... regardless... before I get off topic - That sir (with all my experiences in the topic) was one of the worst ideas I've seen purposed on this forum in a serious tone.

I know this is an explosives and weapons forums and with content and focus nowhere near what you'd expect in an internet security or blackhat forum... so I forgive the users here for encouraging the silliness. Additionally, I forgive nbk2000 for I understand internet security is not his primary interest; I do not think less of him (I'm well aware of his substantial intelligence) ... I just do not feel it is extremely versed in this topic as most forumites.

Now first lets not get into the nitty-gritty technicalities of this topic... for we don't need to since the poor (fallacious even) design is very apparent in the theory let alone the reality. So with that... let's assume we can make such a virus. We make a virus and by some mystical means we are able to transport it to millions of computers... (since we're using a high-spreading worm like Melissa as our model for propagation... we'll make-believe for now this model works). Ok we have access to millions of computers... people even talked about business networks ... oh my... so we are on home computers and e-commerce networks and controlling a plethora of online resources that process transactions and store information/records. So yeah... we are covertly powering the information module of the electronic world... and oh the information at this point is boundless... we have home computers doing purchases and accessing online banking while our corporate machines are processing databases with credit entries and merchandise directing. Ok we got to this phase 1 by our mystical means... so what do we do? We destroy all this information, be completly overt, and request $20......... Anyone else now looking at this the way I'm looking at it?

So hopefully you all see the problem in this thought... and should redirect your focus on information gathering rather hardware encryption... oh wait there already is a big project on this.... Spyware.

Just for food for thought - no one really knows how much scammed money is being funneled by the Spyware developers... but it was estimated $4 billion. Look for a securityfocus article on it. There's billions to be made in hacking of information security.... truly there is - so if that's your intent don't quit looking in this region. Just think your ideas more thoroughly.

Theres a great deal more to be said about your concepts of viral production and propogation. However there's tons of information out there to correct these false-perceptions. Just assume everything you know was taught to you from the anarchist cookbook... because there's just as many misconceptions about 'hacking' as there are about 'explosives' and if you all were to be on a blackhat forum... you would sound there what a 'kewl' sounds like here. So the information is abundant! http://www.securityfocus.com ... bugtraq.... good starts? I don't know the best start is a programming book.

So that was my first post after lurking forever... I should follow up here. And I'm always around.

-SiLenCe

I doubt this ransom thing would work too well. Most people would just think, “OMG, a virus! Better turn off the computer and call tech support!” Many others would ignore it, thinking the warning is only some popup add or something. Never underestimate the stupidity of the masses. I apologize if I’m preaching to the choir here.

One thing I don’t really get: why encrypt the data? If no-one will actually get the keys, wouldn’t it be easier to overwrite all files with random gibberish?

To those of you who are saying this isn't possible or would not work, there have been viruses that do this for years.

http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=ONE_HALF.3570 is one example. A much more recent one, is reported at http://www.cnn.com/2005/TECH/internet/05/25/ransomware/

It's been awhile since I coded, and even then it wasn't in C or anything Higher, But wouldn't it be more complex of a virus to include a tracking system to send you all this financial tracking information? It would seem that NBK's idea is the simplest.

A virus in say a popularly downloaded program, even mozilla, say the prog has plug-ins for the checksum being different. As its not doing anything malicious, no one would know until too late.

Its not monitoring anything, so no running processes until say a specified date, so once again undetectable. Maybe you could even force a system restore point so its in the backup on the computer.

Needless to say its not impossible. Hard, of course. But then it wouldn't be worth doing.

I don't travel a lot of 'black hat' groups and forums, but I will say that this is probable in my oppinion. Looking at how viruses like Mellissa spread and I love you and Happy '99, I can say that people are dumb enough to do that.

Now I will agree that people might not cough up for money if they are threatened or ransomed or somehting liek that, though I beleive a better way would be to offer them something to buy and get their information.

This would be a virus of sorts,it actually seems almost a lot more liek a trojan liek the AIDS trojan that wena round for a while, encrypted yoru hard drive, and then demanded a ransom be sent to a specific address to get the key to unlock it.

To spread it on the way you are talking though, in order to hit organizations, what is a program all organizations or a majority of the organizations use that is downloaded off the internet, that you can intercept in some way and upload a program that is exactly the same, but has a trojan on it?

Just osme thoughts.....

To those of you who are saying this isn't possible or would not work, there have been viruses that do this for years.

http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=3&VName=ONE_HALF.3570 is one example. A much more recent one, is reported at http://www.cnn.com/2005/TECH/internet/05/25/ransomware/

I am not all too sure if your reply was directed at myself... but taking the assumption that it was: My little rant was not really stating that the idea wouldn't really work at the scale mentioned (which it probally wouldn't)... but rather it was saying that if one could get to that point of control there are much more efficient covert, and enduring methods for retrieving money.

But wouldn't it be more complex of a virus to include a tracking system to send you all this financial tracking information?

Of course! But honestly as any proficient coder could tell you - anyone with the programming ability to design a worm that would covertly proliferate in the manner mentioned here would be MORE than qualified to code such a program with ease... and by ease I mean ease.

Looking at how viruses like Mellissa spread and I love you and Happy '99, I can say that people are dumb enough to do that.

Now there is a fatal flaw in this model that keeps being thrown around... We are conjuring a program that will spread without any public awareness... without setting off all the red flags. To do this would require much much care. Esspecially a program as outlined here... we can't have a single whistleblower it would require that not ONE person discover the program (which is a ridiculous requirement given the nature of computers and the feasability of reverse engineering).

From Melissa to ILOVEYOU to CodeRed to Blaster.... most of all examples of fast propogating malware were detected and reverse engineered and had the whistle blown before the pair of days of proliferation was over... if it was a widespread ransom virus Feds would have the Credit Card droppoint tracked before the first deposit. As all of you could probally recall you probally sat down at your TV watching their projections of a burst in action for CodeRed in it's second variant because anyone who mattered knew about it... there's people that monitor this sort of traffic and who are very well-skilled at their job. Sure you could get it on peoples computer - but the program will be long cracked before you get your first 1,000 infections... and at that point it's useless to you.

People are stupid - people are stupid - people are stupid... that's a big attribute we're exploiting here... but in the process we're being stupid ourselves. Again 1) there are more efficient methods to attack this problem... and 2) the original and inefficient idea is fallacious anyhow...

There are still many points to touch up on this... no one even mentioned the hell the money laundering with this sort of project will give you. And again if we went to make believe land and pretended this could work... if someone knew a way to collect and launder all this money in such a short time frame... I'd be very, very, very interested to hear.

SiLenCe
Transparent Entity

Someones been watching Swordfish too much..

Silicon doesn't wear out; microchips are effectively immortal. NBK took notice of the fact. Like every other child of the digital age, however, he knew that silicon became obsolete, which was worse than wearing out.

NBK reasoned that all that obsolete silicon had to be going somewhere.

Where it was going, he learned, was into any number of places struggling along with nascent computer users. Users so intellectually benighted that the concept of "Instant winner! Just click here!" was something still taken seriously.

After launching his extortion virus, he waited for it to propagate through the net, knowing that it would remain silent and invisible in the background, burying itself deeply in the target computers, doing everything possible to remain hidden (even committing sepeku if need be) while doing it's duty.

After a few weeks, at the appointed time, NBK punched himself through a couple of back-water ISPs and waited for the virus to make its presence known to the millions of victims it had infected.

NBK felt like a shark cruising a swimming pool thick with goldfish. Not that any one of those tasty tiny fish amounted to much, but he could just open wide and scoop, and it was easy and filling and it added up.

NBK worked the AOLamers for 15 minutes, incidentally bringing about the collapse of at least three ISP's, the extinction of hundreds of small businesses, and untold CIO and CSO suffering.

At the end of his run, fat with the cream of several million laughably tiny 'donations', he retired.

As he was going out, the script-kiddies were coming in; other people had gotten the crypto-ransom virus idea, an idea he had deliberately spread to add noise to any search for him.


You've now got the gist of the crypto-ransom virus concept. :p

You say 'Backup' like it's some magic charm that'll ward off the evil of the virus.

It won't.

You've failed to grasp the fact that the virus sits, invisible and patient, encrypting everything transparently in the background, including all backups, made from that machine, and doesn't make its presence known until some time later.

Anything that it's encrypted is decrypted when the user accesses it. There'll be a bit of a performance hit as it takes time to decrypt/encrypt, but that'd likely be discounted as a typical PC problem, not an extortional virus.

How many people keep running backup copies stretching back months? None that I know of. The usual idea of a backup for most people and businesses is a ZIP disk or a RAID mirroring that's only a day old or so, which doesn't save their ass. :p

Even if it's months back, how far back can a company go into its archives for an accessible copy before the data is too old to be useful. Imagine a mortage or credit company having no record of it's last month of payments due.

Even a few days lost data can translate to many tens or hundreds of thousands of dollars of lost real income, not the phantom dollars that are often quoted by reports about the latest e-mail worm.

And what about the millions of AOLamers who don't have backups of any kind, but have gigabytes upon gigabytes of stuff they've downloaded from i-tunes or such?

What would be cheaper? Paying someone $20 to keep your shit? Or watching it all disappear into pseudo-random ciphertext and now having to spend many days and dollars to re-aquire everything, a lot of which will never found again, the internet being as temporous as it is.

You suggest that my idea is trite, but trying to control the entire system, as you're suggesting, is both pointless and dangerous.

Pointless because it's unneccesary to control the system to get money, and dangerous because it transforms you from a criminal to a terrorist.

Criminals have rights and trials. Terrorists disappear into a black hole called Quantanamo.

Besides, people who think they've got control of the box usually find themselves locked out and with the FBI soon knocking on their door, proving they're not as skilled as they imagined themselves to be. Heeeeehehehe! :p

Also, I'd like to point out (again!) that this has already been done in a minor way, and has been discussed on Bruce Schneiers weblog (http://www.schneier.com/blog/)...you know, the guy who LITERALLY wrote the bible of computer cryptography (Applied Cryptography) and a recognized expert in computer security, who says this is coming?

Oh, and the guy who came up with the crypto-virus idea wrote a book about his research...the research he did for his computer sciences doctorate from MIT...but what the fuck does he know, he's just a script-kiddie wanna-be, right? :rolleyes:

Real blackhats (not script-kiddie posers) that may be working on this aren't going to talk about it in a public forum like this one, and I seriously doubt you have the chops to be implying that you're a serious black hat yourself, let alone openly claim it.

Putting me and others here down for not being 'real' H@X0Rz, when no one here is claiming to be one is just....*sigh*

Saying 'This obviously won't work!', while all the while not giving any counterpoints as to WHY it wouldn't work, just stinks of 'Instant Expert'.

I don't mind criticism as long as it's back by some kind of evidence or counter-proof or properly constructed argument to back it up, not just 'You SUK!' type statements, no matter how convoluted the phrasing may be.

I've provided the almost 400 references from the book that lay the technical groundwork to back up the concept, a concept conceived and seconded by experts in their fields, fields HIGHLY relevant to the topic being discussed.

You've provided a few vague statements and two URLs to sites that are distantly related to the topic at hand.

Your attempt at sounding scholarly just makes you sound foolish, since your syntax is akward and poorly constructed, the signature of a word-processed document created by a semi-literate user. Oh, and the copy/paste re-use of a sentence, especially in the very first paragraph, is just sheer laziness.

If you can't properly talk the talk, you need a big helping of STFU (Shut The Fuck Up!). ;)

And in the future, when something like this inevitably comes to pass (months or years from now), will you come back here and apologize for your foolishness, or will you just simply disappear so you won't have to admit to a 'Failure of Imagination' on your part? I think the latter.

Oh, don't worry, I'm not going to ban you. It's soooo much more fun to let an idiot dig himself deeper into his own grave with the shovel I provide 'em.

Feels good to have something juicy to tear into after such a long diet of generic K3wLz that left me feeling almost like a victim of winter-rabbit starvation.

+++++++++

PS: This post (and every other I make) is written in Notepad without the aid of word-processor spell-checking or grammer correction.

All me, all the time.

I'm not really impressed by the xtree algorithm. I think DES would work considerably better. Cast or AES would be right on. Also the gibsonesque quote is neat. I think the way to manage it would be to replace file system with something that replaces only some of the data w/ symetricly ciphered data. The key could then be sent (asymetricly chiphered) to wherever. You would also need to replace the backup drivers.

Dear SiLenCe,

Read it and weep. :p

http://www.schneier.com/blog/archives/2006/04/new_directions.html#comments