The Hack

What’s scary about the Capital One hack is that it was done by a clearly deranged and quite stupid individual. It shouldn’t be so easy that every illiterate fool with a couple of semesters at a community college can do it.

Advertisements

45 thoughts on “The Hack”

          1. Have you seen the pictures? This is somebody who hasn’t even tried to transition to anything. Who are we kidding here with all this?

            It’s funny how nobody takes seriously the hacker’s claim of being an illegal immigrant on the verge of deportation just because he says so.

            Like

        1. What do chromosomes have to do with it? It doesn’t take chromosomes to rape or commit violent crimes, yet 90% of people who commit them are male.

          It’s a socialization thing. Men are women get socialized differently. Men exteriorize violence while women interiorize it.

          Women also massively choose Humanities while men massively choose technical fields in college. Again, it’s not chromosomal. Women are a lot fewer in IT. Unless as receptionists. It’s not chromosomal but very real nonetheless.

          Like

          1. It’s very strange why the fields are so gendered in America, by the way. Men are still a majority in technical fields here, but the difference is much smaller – 1 student out of 3 is a woman, as opposed to 1 student out of 10 as in the US. It’s also decreasing as time passes, instead of increasing as happened in the US. Guess I flew a bit off the handle here because I’m very tired of Westerners of any gender acting as if it’s weird in any way for a woman to be good at her highly technical job.

            Liked by 1 person

            1. It’s still easier for a woman to get access to the earnings of a highly paid IT person by marrying him than trying to become him. I’m not criticizing anybody because I obviously chose this path. Twice. Not consciously but the result is the same.

              Like

      1. I never even considered living in St Louis because it’s ugly and unlivable. There is a couple of nice neighborhoods but that’s precisely the problem. It’s not a city but a collection of disjointed neighborhoods that are not tied to each other.

        Montreal, par example, also has all kinds of neighborhoods, but it’s undeniably a city. It has a spirit, a soul.

        I’ve lived here for ten years and I’ve been to St Louis maybe a dozen times. There’s just no reason to go. I’ve been to the surrounding stores, outlets and the hospital many times but as to going into the city, it makes no sense. They had one nice area I liked but it’s been dug up and turned into a construction site for some tourist-magnet atrocity. As if tourists would want to come to this city.

        Sorry for a rant but it’s a sensitive subject.

        Liked by 1 person

  1. She’s got a lot of training. And there have been some demos of elementary school kids, with a certain kind of expertise, hacking into stuff, including certain antiquated voting machines (that are still in use).

    Like

    1. It shouldn’t be so easy! They are a rich company and they are skimping on security measures because they don’t care. This should be the narrative: these are people who are maximizing profits by putting a hundred million people at risk. We are lucky this time it was a mentally unstable person and not a real evildoer. But they need to be forced to pay for good security.

      Like

      1. Yes, but people are smart and they will try. Half of Brazil, China, India, Russia wake up in the morning thinking of new ways to separate you from your money and identity via the Internet, and many in other countries as well. I was about to reiterate here my support for Federal election security but suddenly thought: what if they outsourced everything to Microsoft and there were one, easy to break key that would allow a hacker to change every vote? (We’ve got to get paper ballots again.)

        Like

        1. This wasn’t a Russian or an Indian, though. It was an American. It’s always, evil Russians are suspected but Americans are the ones who actually do the harm to themselves.

          I’m all for security but I do need to say that all of our problems stem from right here and not someplace else.

          Russians suck, though, I agree.

          Like

          1. As I say, many from elsewhere. BUT the hacking (actually, cracking) industry in BRIC is famous — all these underemployed experts, I’m not joking!

            Like

        1. That’s exactly what I’m banging on about. It can’t be that impossible to find specialists who will create serious security. I understand that my university can’t find any with pathetic salaries we pay. But large companies like these? Come on.

          By the way, since the hack, my university has had to hire an expensive private firm to repair the damage. This could have all been avoided by paying normal salaries to our own employees and keeping talented people around. But everybody of any value left or is trying to leave,so no work gets done.

          Like

          1. Bloody hell, absolutely. The amount of damage these companies can do is huge,and the security is completely inadequate. As Mike says, this is really common, and I wish people were discussing increased responsibility in cases like this rather than the gender identity or mental health status of a dime a dozen cracker.
            Wonder how many EU citizens had their data breached – haven’t looked at the exact situation but there might be a half-decent case to make under GDPR if they stored personal data unencrypted or demanded more than was absolutely necessary to get their jobs done. And GDPR comes with percentages-of-annual-global-turnover fines.

            Like

        1. Who cares what I know? The point is that Capital One clearly knows nothing about them, which led to this disgraceful event.

          We are all victims of these companies that cut costs at our expense. So why are you pouting at me, who’s as much a victim of these greedy bastards as you are, instead of at them? Who wins if we start barking at each other and let them evade responsibility?

          Like

          1. Because he is a troll. But it is true, the hacker isn’t illiterate, is skilled. No companies do enough about anything, you know — there are data breaches, oil spills, etc., and while some degree of it is unavoidable, much is not

            Like

              1. Seeing how well this kind of thing worked out for Chelsea Manning (who seems sincerely transgender), there’s no reason for somebody preparing a crime in a similar field not to try to fake being mentally ill and trans.

                Like

  2. It was an inside hack (kind of, former employee of Amazon), but it still had some decent technical chops to it. She (?) used web application firewall (WAF) creds to privilege escalate, and then did some clever AWS trickery to exfiltrate the data. On a hacking scale of 1 to 10, where “1” is being able to find your Start menu in Windows and “10” is launching a nuclear missile remotely from a Speak N’ Spell, I’d give it a solid 6. I’d estimate about 5% of IT people, even with insider access, would be smart enough to pull off the basic hack and then get the data out.

    Of course, Thompson also appears to be mentally ill, but it’s not exactly a trivial hack. Being a former insider, though, she had a huge advantage.

    Liked by 1 person

      1. Perhaps so. And that’s not to defend Capital One. This data was poorly-secured, but no more poorly-secured than a lot of other large corporations. They all spend as little money as they think they can get away with, and there are no real consequences for doing so.

        Like

      2. There are plenty of mentally ill people with very good computer skills. Hell, when I got in the field, I was majorly depressed and had serious anxiety issues. Part of the attraction of this field is that a lot of weird, erratic behaviour will be forgiven if you have the skills to put where your mouth is, so to say.

        Like

    1. On a hacking scale of 1 to 10, where “1” is being able to find your Start menu in Windows and “10” is launching a nuclear missile remotely from a Speak N’ Spell, I’d give it a solid 6.
      I thought “1” was cracking someone’s Yahoo! email password. No? “Remote nuke launch from a Speak N’ Spell” sounds like a rejected plotline from Stranger Things or Muppet Babies. I joke, but I’ve got to tell my Boomer parents to monitor their credit AGAIN. As if there is much on their end they can do to protect themselves.

      Like

      1. No one can protect themselves any longer in any real way. All my most private data is in Chinese hands now due to the OPM data breach in 2015 where SF-86s were taken.

        But, Muppet Babies! It was one of the few cartoons I liked, even as a kid.

        Like

  3. Also, as far as the community college thing goes? The really good ones don’t learn their stuff in college. It’s part of why the tech elite is so dismissive of universities. I’ve met plenty of people with unfinished Eastern European college degrees and amazing professional skills. They work for major Western companies and often prevent shit like this from happening. Getting good at this stuff is often a very self-directed process, and college performance has very little to do with this.

    Like

    1. Have you read the tweets at the link? This is either a raving lunatic or somebody faking madness as a future courtroom defense. I’m not seeing other possibilities.

      It also really bothers me that we are mentioning Eastern so much in a discussion of a crime by somebody 100% American.

      I spent these two days editing my new article on how Eastern Europeans are labeled as exceptionally criminal, so it bugs me.

      Like

      1. She’s trolling. Absurdist humor is a thing in milieus like her, and you kinda win at it by doing the sort of jokes outsiders can’t even parse, by saying absurd things with a very straight face, sometimes dropping slight references such as being deported to Tuvalu, of all places (they had highly affordable internet domain names that didn’t require residence, back when Paige Williamson was a teenager with little money) to mark a joke as such to those in the know even further.

        She’s also mentally unwell in a very histrionic, American way, but not significantly more so (or in a different way) than a lot of American internet so it didn’t even register.

        Sorry about the whole Eastern European stuff – I tried mostly talking about the subculture I know, which is very similar to the US one except for not doing the histrionic-exposure-of-vulnerability Williamson is doing, and it’s Eastern European because so am I 🙂 I know the vast majority of us aren’t criminal.

        Like

        1. I know you know. 🙂 And we all suffer because of the immediate assumption people make that we are corrupt, lazy and dishonest. And sure, we have our criminal types. But who doesn’t?

          Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.