Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Using Distributed Computing To Thwart Ransomware

CmdrTaco posted more than 6 years ago | from the much-less-satisfying-than-a-shovel-to-the-face dept.

Security 361

I Don't Believe in Imaginary Property writes "The folks at Kaspersky labs are turning to distributed computing to factor the RSA key used by the GPcode virus to encrypt people's files and hold them for ransom. There are two 1024-bit RSA keys to break, which should require a network of about 15 million modern computers to spend a year per key factoring them. Unfortunately, there appear to be no vulnerabilities in the virus' use of RSA, unlike some previous cases. Perhaps more interestingly, there's some debate over whether people should bother cracking it. After all, what if they were trying to trick us into factoring the key for a root signing authority? Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk."

Sorry! There are no comments related to the filter you selected.

Seems rather futile.. (5, Insightful)

FluffyWithTeeth (890188) | more than 6 years ago | (#23747941)

Surely all the have to do is start using a new key every so often, and the task becomes pointless?

Re:Seems rather futile.. (5, Insightful)

SQLGuru (980662) | more than 6 years ago | (#23748077)

Surely all you have to do is make frequent back-ups of your critical data and the virus becomes pointless.

Hacker - You must pay me $100 or your files will be forever encrypted by my nigh-unbreakable RSA code.
User - Meh, I just wiped my system of your virus and restored my important files from back-up. Piss off.

Layne

Re:Seems rather futile.. (5, Informative)

oldspewey (1303305) | more than 6 years ago | (#23748213)

As has been pointed out in the past - the people who are most likely to become infected with a ransomware virus are exactly the same people who are least likely to have backups available.

Re:Seems rather futile.. (4, Insightful)

Silver Sloth (770927) | more than 6 years ago | (#23748277)

Good, sometimes there's only one way to learn about why we have backups. After all, they're just as much at risk from hard disk crashes.

Re:Seems rather futile.. (2, Insightful)

pla (258480) | more than 6 years ago | (#23748555)

As has been pointed out in the past - the people who are most likely to become infected with a ransomware virus are exactly the same people who are least likely to have backups available.

Back in my youth, I never made regular backups.
Then I got a virus.
Since then, I make regular backups.


As annoying as it seems, sometimes people need to understand first-hand the need for regular, offline backups. Until they have the experience of data-loss, they just won't appreciate what could happen.

Re:Seems rather futile.. (1)

oldspewey (1303305) | more than 6 years ago | (#23748657)

It took a hard drive failure to get me into the habit of running regular backups ... I was running two drives in RAID0 for performance, and I used to keep everything on that RAID.

Other way around (5, Interesting)

DrYak (748999) | more than 6 years ago | (#23748669)

Back in my youth, I never made regular backups.
Then I got a virus.
Since then, I make regular backups.
Back in my childhood I did regular backups of my family's computer.
Then we got a virus.
Then we realized that the virus was a time bomb that was already present in dormant form even in the oldest several-months old backups.

Sometimes you have parents that are both computer geeks, and they teach you the important of offline backups. Never the less, shit happens anyway.

Re:Seems rather futile.. (2, Insightful)

pegr (46683) | more than 6 years ago | (#23748637)

I'll assume someone paid the ransom at least once. So what key did they use to decrypt? Do us a favor and post it.

As for it being a trick to crack a root signing key, would they not have to have the private key to encrypt with to start?

Re:Seems rather futile.. (1)

Spy der Mann (805235) | more than 6 years ago | (#23748283)

Surely all you have to do is make frequent back-ups of your critical data and the virus becomes pointless.
While keeping backups regularly is something we must do, I'd like to add that surely all you have to do is install an Operating System with decent security (such as GNU/Linux) and all the viruses become pointless.

My dad is still using Windows. His application icons have some desktop below them - pardon, i meant to say that his desktop is filled with application icons, all installed by third party applications (which I don't know are virus-free, but most of them have a GPL equivalent in GNU/Linux), he's reinstalled Windows twice and is still constantly complaining of his computer slowing down. Finally, when trying to go to Google, an error message pops up on Firefox. I'm sure it's the Google bar, but he doesn't know how to uninstall it.

It's been almost a year since I dumped Windows, and now I've began to wonder why people still decide to keep up with this sh**.

Re:Seems rather futile.. (0)

Anonymous Coward | more than 6 years ago | (#23748691)

FATAL ERROR: This is a small window with an OK button.

Re:Seems rather futile.. (1)

Deanalator (806515) | more than 6 years ago | (#23748575)

Of course, but the point is that users that lost data can tuck their harddrives away someplace safe, and hopefully someday recover their data.

I've got a better idea (5, Insightful)

elrous0 (869638) | more than 6 years ago | (#23747971)

Encourage people to make backups of their data on disc, tape, or portable harddrives. I know that's a radical idea, but it just might be crazy enough to work.

Re:I've got a better idea (-1, Flamebait)

DaedalusHKX (660194) | more than 6 years ago | (#23748087)

Stop using windows for anything other than gaming? Yeah, what a novel concept!

Wait, I think I know this... its like... oh wait, its like... ummm... ahem... having a brain and using it?

I think, personally, that human stupidity is a gold mine, and I'm slowly losing any inhibition and cashing in on it. The people who created governments realized this. The people who created religions realized this. The people who run fear based vaporware businesses realized this. Surely the only REAL issue at hand is human stupidity, which, as many have said, is possibly the ONLY boundless thing in existence. Why not tap into such a boundless resource to create "free resources" ??

Re:I've got a better idea (5, Funny)

Opportunist (166417) | more than 6 years ago | (#23748147)

I think, personally, that human stupidity is a gold mine, and I'm slowly losing any inhibition and cashing in on it.

Way ahead of you. I went into IT security years ago. It is a gold mine. You can basically sell snakeoil and people will kill each other to buy it from you.

Re:I've got a better idea (1)

DaedalusHKX (660194) | more than 6 years ago | (#23748351)

Yeah, I find that if they want to be afraid, why not setup a vaporware business to cater to their whims?

Oh crap, the TSA beat me to it!! Dammit!

P.T. Barnum was right on his analyses of the sucker... "one born every minute and two to take care of him," and "nobody ever went broke betting on human stupidity."

Re:I've got a better idea (2, Funny)

DaedalusHKX (660194) | more than 6 years ago | (#23748189)

As a result, I am shortly going to be announcing my new "Remain Safely Stupid, (tm)" product line. We harness the power of human stupidity for profit.

It will be absolutely nothing more than a box filled with paperwork. After filling out said paperwork, the client is guaranteed paper "rights" to be "free" and "protected" with said freedoms and protections guaranteed by the pieces of paper, and through no action or knowledge of his own. The client thus receives all the benefits without any of the actual risks of actually BEING free, or the hardships of actually BEING safe. Some have derided my product lines as "security theater" or "vaporware" but they are merely upset because I beat them to market with such a brilliant idea.

Patents pending.

Re:I've got a better idea (1)

robo_mojo (997193) | more than 6 years ago | (#23748285)

Now all we need to do is figure out how to turn stupidity into energy. No more coal, oil, or nuclear fission. The future will run on Stupid Energy(tm), the cleanest, cheapest, most reliable energy source known to man. It is completely renewable, too!

Re:I've got a better idea (1)

alx5000 (896642) | more than 6 years ago | (#23748135)

Or the good ol' common sense that tells ya not to open those .exe and .scr that your MSN buddies try to send you as "my funny holiday pics" (in another language, of course)...

But since we can't really trust the average Joe to take preventive measures such as safe browsing, or using antivirus and firewalls, I'm not too convinced that your idea is gonna be as popular as one may expect...

Re:I've got a better idea (1)

zappepcs (820751) | more than 6 years ago | (#23748371)

there is something to be said for that:

But since we can't really trust the average Joe to take preventive measures such as safe browsing, or using antivirus and firewalls, I'm not too convinced that your idea is gonna be as popular as one may expect...
I find this to be the case. Questions like
"Why can't I install software on this machine?"
"Why do I need a different login to surf the web?"
"Why is the computer so slow at 3:30 a.m.?"

Even after explaining rights/permissions and how to keep from giving the wrong ones to malicious websites, I still get those questions. After explaining that protection/scanning software is running while you are supposed to be asleep and that is why it's slow at 3:30 a.m. I still get the complaint.

19 year olds 'know' everything so never have to read about how to protect themselves. As they grow up they only decide they need to read more when their personal computer grinds to a halt and they have to pay someone to fix it. When they are forced to learn a couple things, the big picture and overall practices of security do not sink in because it is inconvenient. Malware will always exist because of this.

sad but true

Re:I've got a better idea (1)

alx5000 (896642) | more than 6 years ago | (#23748509)

Kinda like STDs, I guess. They're not a problem unless you know they're there or you get one...

Re:I've got a better idea (1)

houghi (78078) | more than 6 years ago | (#23748161)

My though exactly. The partition I use for backups is read-only. Just during backup is is writable by just one user. The fact that this user is called root and I run Linux might make it even harder to crack.

But still, read-only partitions for your backups.

Re:I've got a better idea (4, Funny)

mweather (1089505) | more than 6 years ago | (#23748307)

You backup to the same computer? I don't even backup to the same state!

Re:I've got a better idea (1)

jimicus (737525) | more than 6 years ago | (#23748433)

I don't even backup to the same country!

Re:I've got a better idea (3, Funny)

Daimanta (1140543) | more than 6 years ago | (#23748531)

I don't even backup to the same planet!

Re:I've got a better idea (5, Funny)

TheRealFixer (552803) | more than 6 years ago | (#23748615)

Psh... backups? I restore my data from a parallel universe, where I didn't get hit by a virus in the first place.

Re:I've got a better idea (3, Funny)

Anonymous Coward | more than 6 years ago | (#23748719)

I don't see the allure of backup. This one time I tried backing up my computer, I backed it up all the way, and then it kept shutting off. So I brought it back forward and it runs far cooler now that the fan isn't sealed off by the wall.

Re:I've got a better idea (1)

Enoxice (993945) | more than 6 years ago | (#23748723)

I don't even back up to the same Dimension!

NASA, is that you ? (1)

DrYak (748999) | more than 6 years ago | (#23748729)

Although, you have to admit, retrieving your backup tapes from the Phoenix Lander is going to be a tad more expensive than the usual backup plans. More so if civilisation on earth has collapsed.

Re:I've got a better idea (1)

Drakonik (1193977) | more than 6 years ago | (#23748595)

You all suck. I backup to Pluto.

Don't forget the corollary. (5, Insightful)

khasim (1285) | more than 6 years ago | (#23748229)

Don't forget the corollary.

Encourage the application writers to make their applications EASY TO BACKUP.

The problem I keep seeing is that TELLING someone to back up their data is easy to do. FINDING ALL of the data is just about impossible.

You'll never know if you got it all until AFTER a problem.

Or even ... how about just including a simple script that will look at how it's installed TODAY and back it up to a location chosen by the user? And then that script will generate a script to install that backup should you need it to. Along with license keys and decoding keys and unlocking keys, etc.

Re:Don't forget the corollary. (1)

hoggoth (414195) | more than 6 years ago | (#23748425)

> Encourage the application writers to make their applications EASY TO BACKUP.
> The problem I keep seeing is that TELLING someone to back up their data is easy to do. FINDING ALL of the data is just about impossible.

It drives me crazy that it is nearly impossible to back up applications under Windows.
I want to back up a directory tree and know that I can reinstall that appliction by restoring that backup.
But under Windows, the application consists of files in the applications 'Program Files' directory, plus entries scattered around the registry, plus files dropped into the 'Windows' directory or 'Windows/System32' or other Windows directories, plus files in 'Documents and Settings/User/Application Data' and/or 'Documents and Settings/User/Local Settings'.

Do I just not know some Windows Admin secret magic, or is it true that I really can't back up my applications. I'd like to be able to reinstall Windows and then restore all of my applications.

There is a LITTLE magic involved. (3, Informative)

khasim (1285) | more than 6 years ago | (#23748641)

Do I just not know some Windows Admin secret magic, or is it true that I really can't back up my applications.
There is a little magic that you can try, but you are pretty much correct. You cannot EASILY backup your Windows apps.

For the Registry, you can "export" the entries for that app to a file and, later, you can import that file into the Registry.

The problem with the Registry is the same as you've noted with the file system. Stuff gets put EVERYWHERE. And there is no way to KNOW that you have EVERYTHING until AFTER you attempt to restore it. AND that doesn't include anything "updated" when you get a patch or point-zero-one release "upgrade".

Now, the installer can put that stuff everywhere ... and in theory it can remove that stuff when you un-install it ... but it cannot COPY that stuff to a backup directory/device?

And I don't want to hear that that is to prevent "piracy". Just encrypt the stuff with the unlocking key or whatever. That way I can keep a TEXT file of app-name -- key code on my USB drive along with the backups.

Re:Don't forget the corollary. (0)

Anonymous Coward | more than 6 years ago | (#23748547)

Listen to this man.

I recently spent my weekend figuring out WHAT to back up on a server that needed a reformat. I hate these stupid applications that store data in C:\Program Files\$NONSENSICAL_ABBREVIATION\Some Folder\Qwerty\Yu.iop. God forbid you replace that with $HOMEDIRECTORY\$APPLICATION's Data

And don't get me started on a certain application that required me to call tech support for a password to restore data through their lame backup program.

Re:I've got a better idea (1)

nurb432 (527695) | more than 6 years ago | (#23748505)

unless the virus doesn't show itsself for months, then you have managed to backup a virus infested file.

Re:I've got a better idea (3, Interesting)

SatanicPuppy (611928) | more than 6 years ago | (#23748693)

If we had a backup, wouldn't it be possible to break the encryption using the backed-up data as a crib? Why force the key directly when you know what is in a large chunk of the cyphertext?

Die! Die! Die! (-1, Troll)

GottliebPins (1113707) | more than 6 years ago | (#23747973)

Track them down and kill them.

Re:Die! Die! Die! (1)

MrMr (219533) | more than 6 years ago | (#23748089)

But, surely the writers of the malware are also partly to blame.
Oh, wait...

Offtopic, was Re:Die! Die! Die! (0)

Anonymous Coward | more than 6 years ago | (#23748141)

Is ti just me or does anyone else see the irony of a Russian dating service ad on /. shortly after the conclusion of the Reiser trial?

Re:Die! Die! Die! (0)

JCSoRocks (1142053) | more than 6 years ago | (#23748179)

*BOOM* HEADSHOT!

track down the people who wrote the virus and for (4, Funny)

jalet (36114) | more than 6 years ago | (#23747987)

Where's Jack Bauer when you need him ???

Re:track down the people who wrote the virus and f (0)

Anonymous Coward | more than 6 years ago | (#23748201)

Perhaps in jail, on DUI charges?

Interbank Data Recovery Services (5, Funny)

wagnerrp (1305589) | more than 6 years ago | (#23748219)

Fortunately, we had Interbank Data Recovery Services. And Interbank does more than just acquire the decryption key.

That's because Interbank vows to find out who sent you the ransom and hunt them down like animals. Like filthy, dirty animals. That's the Interbank difference. See, I don't care how Interbank's secret police get things done. I just care that they get things done. For us.

Plus, because we'd enrolled in their Premiere Membership program, Interbank also hunted down friends and relatives of the guy who had encrypted our data, dragged them from their beds in the middle of the night, and set fire to their homes.

recuperating (1)

Ungrounded Lightning (62228) | more than 6 years ago | (#23748737)

Where's Jack Bauer when you need him ???

Recovering from post traumatic stress disorder, a number of wounds, and radiation poisoning.

Damn it (4, Funny)

alx5000 (896642) | more than 6 years ago | (#23747997)

Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk.

If only I hadn't erased Jack Bauer's cell from my contact list after the last season...

Re:Damn it (2, Funny)

Spy der Mann (805235) | more than 6 years ago | (#23748387)

Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk.

If only I hadn't erased Jack Bauer's cell from my contact list after the last season...

I had his number in my PC, but somehow I can't access it all of a sudden. I think a virus encrypted it.

Backup (1)

name*censored* (884880) | more than 6 years ago | (#23748035)

I'm glad at the enormous figures involved here (one year x 15 million computers). Hopefully, it'll teach people to backup systematically, cleanly and frequently - after all, the arms race on malware/virii has led to better computer security policies and techniques, even if there were many casualties.

That all depends ... (1, Interesting)

El Cubano (631386) | more than 6 years ago | (#23748055)

Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk.

That depends on whether you think it is acceptable to compel someone to reveal something like that. If, as for example in the US, someone cannot be forced to incriminate himself, then he can just refuse and there is no further recourse. That is, if the only way of getting information out of someone is to ask them nicely for it.

Re:That all depends ... (2, Funny)

alx5000 (896642) | more than 6 years ago | (#23748199)

... or bribing them! Hah! Foiling their plans of locking peoples files down! Oh, wait...

Re:That all depends ... (1)

joshamania (32599) | more than 6 years ago | (#23748287)

Well, Dubyuh's already pretty much told the whole world he doesn't give a rats ass about the "rights" of his own citizens, let alone those of a foreign national running an extortion campaign against citizens of the US and other western nations.

My personal opinion is that these guys have a bullet with their name on it, its just a matter of time before stuff like this starts getting people killed on a regular basis. If the governments are not powerful enough or unwilling to tackle such criminal issues...one of these encryption bugs is going to hit the wrong CEO with too much money and/or spite and volia...you have a new episode of CSI Moscow.

Seriously? Would it cost more than a coupla hundred dollars to bribe the right people over at egold or whatever "bank" these asshats are using to find an address? Or a postoffice box, or a forwarding bank account somewhere with a name on it?

There is no recourse right now in the current criminal justice system for crimes of this nature. So my question is when is the rich guy going to make his own recourse...or does it start with the CIA? I have zero problems with the CIA going and finding homes for bullets in Russian spammers or Nigerian scammers or any other criminals who attack US citizens from outside the US.

This type of interhuman conflict is completely new to western legal systems and the source is coming from places where Western "justice" is scoffed at. Dont think I'm crazy...this is the kind of shit wars are started over.

Re:That all depends ... (1)

xaxa (988988) | more than 6 years ago | (#23748445)

There is no recourse right now in the current criminal justice system for crimes of this nature.
Really? In the UK there's things like the Computer Misuse Act, and since the scammer has accessed a computer without permission (with the virus) he's clearly breaking the law. A UK citizen was extradited to the USA last year for hacking a government computer, I think you have the laws.

I have zero problems with the CIA going and finding homes for bullets in Russian spammers or Nigerian scammers or any other criminals who attack US citizens from outside the US.
And you trust the CIA to do it right? Ha!

Re:That all depends ... (1)

joshamania (32599) | more than 6 years ago | (#23748655)

And I'm sure the Russians and the Chinese are just lined up outside their respective United States embassies with armloads of computer criminals who's main source of income comes from US citizens.

Western "laws" dont extend to most of the world, and yet just about every square foot of this Earth can receive internet access without all that much trouble. I could probably set up a wifi hotspot just about anywhere in Namibia for under $3000 USD. But that's nothing because these idiots made 20 grand in the first fifteen minutes of this hitting the wild because farming stupidity has always been an *extremely* lucrative trade throughout history and now the internet adds wonderful economies of scale to those activities.

American credit card companies have already proven more then willing to forgoe little things like, oh, gambling laws to allow them to generate more transaction fees overseas so how do you think you're going to get them to stop doing business with every unlicensed foreign financial institution? Set up a small bank in Africa/Arabia/Asia for six months, pay off the local government or mafia plenty to be left alone...farm stupidity for as much of that time as you can get away with, rinse and repeat.

I really doubt this particular encryption virus is the work of some random russian hacker sitting in his parent's basement. Computer fraud has been the realm of organized crime for quite a while now...especially in the eastern bloc. It may not be the "russian mafia", but it could very easily be a small russian dotcom that had a crazy idea, talked to a couple of financial people or already were a part of their organization...a well connected businessman in Russia could probably pull off such a scheme quite easily without attracting any attention at all on a local level.

Re:That all depends ... (1)

Xest (935314) | more than 6 years ago | (#23748447)

This sort of scenario is one of the few where I think plea bargains are probably a good thing. The rest of the time they seem rather a stupid idea to me.

If the guy isn't willing to let hundreds of people have their data back then throw the book at him, if he's at very least decent enough to give it up then cut his sentence a fair bit.

Re:That all depends ... (1)

MozeeToby (1163751) | more than 6 years ago | (#23748529)

On the other hand they could just say, "Tell us the keys and you'll only get 10 years in prison."

Force? (0)

Anonymous Coward | more than 6 years ago | (#23748065)

Nobody has the balls to use force anymore.

Us: Pretty please give us the private key so we can get our crap back
Them: stuff it
Us: oh, ok. thanks anyway

Re: Force? (1)

Alwin Henseler (640539) | more than 6 years ago | (#23748721)

Nobody has the balls to use force anymore.
You mean physical force, the force, or brute force?

Make them talk? (2, Funny)

JCSoRocks (1142053) | more than 6 years ago | (#23748073)

How are we going to do that? Everyone knows that things aren't nearly as fun as they used to be... people are even complaining about waterboarding now! what's this world coming to? Shoot, I remember when you could put a man on the rack - no problem.

Re:Make them talk? (5, Funny)

Opportunist (166417) | more than 6 years ago | (#23748191)

Simple. Lock them in a cell with a person whose complete pr0n collection is now encrypted. Then go out and come back about an hour later. They talk. They will confess everything, including the assassination of JFK, just as long as they don't have to spend more time with someone whose jackoff material is gone and they're to blame for it.

Talk about motivation!

Re:Make them talk? (0)

Anonymous Coward | more than 6 years ago | (#23748223)

They probably have the key saved somewhere on their computer, so the police could just confiscate it and find the code. Alternatively, you could just take all their keyboards/mice. They would be willing to hand over the code within a week.

Re:Make them talk? (1)

michrech (468134) | more than 6 years ago | (#23748583)

OR, they'd just buy a new keyboard/mouse with the money fools have paid them to "get their data back".

They probably have the key saved somewhere on their computer, so the police could just confiscate it and find the code. Alternatively, you could just take all their keyboards/mice. They would be willing to hand over the code within a week.

Tag: Goodluckwiththat (4, Interesting)

Opportunist (166417) | more than 6 years ago | (#23748107)

The people who did that sit in a country ending in -stan. Countries ending in -stan have real problems and don't care for problems their citizens cause abroad.

You can trust me on that one, I've tried. I've even had so much as the name of the person to prosecute. Nothing came out of it. Despite including our federal police and interpol.

Re:Tag: Goodluckwiththat (0)

Anonymous Coward | more than 6 years ago | (#23748375)

I am not siding with you here.

People that live in the stan countries do not want to come to the US. The SEALS keep the people in line.

Who are the Federal Police?

- The Demetrius -

Force them to talk? (1)

nurb432 (527695) | more than 6 years ago | (#23748111)

How? I thought torture was disallowed.

Re:Force them to talk? (2, Funny)

jeiler (1106393) | more than 6 years ago | (#23748353)

You must be new here.

Re:Force them to talk? (1)

Thyamine (531612) | more than 6 years ago | (#23748391)

Tattoo random 1024 bit keys on their body until they tell us the right one?

Re:Force them to talk? (1)

david@ecsd.com (45841) | more than 6 years ago | (#23748403)

Only to the government...

15 million modern computers?? (3, Insightful)

iamacat (583406) | more than 6 years ago | (#23748121)

They are best off using a large botnet then. Perhaps modify the extortion virus itself so that it's part of solution rather than part of the problem.

Lets put some Iraqis to work on this. (1)

leereyno (32197) | more than 6 years ago | (#23748143)

The sadists who ran Saddam's network of torture and death chambers are out of work at the moment.

Surely they could be employed to .... persuade these people to talk.

15 million CPU years (3, Interesting)

robo_mojo (997193) | more than 6 years ago | (#23748175)

15 million CPU years per key? And the attacker can just make up new keys as often as he likes. He could even make a different key for each target if he wanted.

15 million CPU years is a lot to spend when you could just restore from backups.

1024 bits is big (2, Insightful)

steveb3210 (962811) | more than 6 years ago | (#23748177)

The size of the keyspace doubles per bit, 2^1024 is the size of keyspace.. Brute factoring the key is not happening..

Re:1024 bits is big (2, Informative)

Daimanta (1140543) | more than 6 years ago | (#23748315)

But you don't have to check them all. You can start at the root of the number and go down, skipping even numbers and then some.

It is a good devlopment, Don't help them (4, Insightful)

140Mandak262Jamuna (970587) | more than 6 years ago | (#23748227)

We should not help people whose data is held at ransom. Finally they will see the folly in using cheapest software, in the cheapest platform with no regard for security. Companies will start taking insurance against data loss. And the insurance premium will be more for insecure closed proprietary crapware like Windows.

As long as security is valued at zero dollars when the IT bean counters are evaluating platforms and vendors crapware will proliferate.

Got to be a link to the extortionist (3, Interesting)

uab21 (951482) | more than 6 years ago | (#23748237)

The screenshot at http://news.cnet.com/8301-10784_3-9965381-7.html?tag=nefd.top [cnet.com] says that the victim pays to download a 'decryptor'. Either the decryptor contacts, in real time, the extortionist (at a server location that can be linked to them), or the private key is included in the decryptor program, and should be able to be sussed out...

Re:Got to be a link to the extortionist (4, Informative)

steveb3210 (962811) | more than 6 years ago | (#23748281)

The explanation I found on the site isn't quite this simple. The data is encrypted with a randomly-generated symmertic key that is protected with RSA.. You send the bad guys the file with the key in it, they decrpyt it and write a program to decrypt everything..

Re:Got to be a link to the extortionist (3, Insightful)

Kjella (173770) | more than 6 years ago | (#23748673)

Quite simple and very effective and can be done using standard tools:

1. Encrypt victim's data with random AES key
2. Store key in body of a PGP message for yourself
3. Get victim to send you the PGP message
3. Decrypt PGP message using private PGP key, find AES key
4. Send AES key to victim - for a price...

Seriously, this could probably be hacked together in the matter of a few hours if explained to someone knowledgable. The private key never leaves the bad guys. And if they decide the heat is on and torch the operation and set it up elsewhere you're 100% screwed. Trying to crack this must be the most useless operation ever, they could easily make the keys stronger and thousands of years would pass to crack it. In one word: Nasty.

Re:Got to be a link to the extortionist (0)

Anonymous Coward | more than 6 years ago | (#23748399)

That's assuming the extortionist will give the key after payment, or even still has the key in his possession. It is entirely possible that the private key simply does not exist anymore.

Re:Got to be a link to the extortionist (1)

canuck57 (662392) | more than 6 years ago | (#23748519)

The screenshot at http://news.cnet.com/8301-10784_3-9965381-7.html?tag=nefd.top [cnet.com] says that the victim pays to download a 'decryptor'. Either the decryptor contacts, in real time, the extortionist (at a server location that can be linked to them), or the private key is included in the decryptor program, and should be able to be sussed out...

In which case, setup a sting operation and pay for one. Me, I have no intention of lending my CPU to crack keys for someone who didn't make backups.

Force them to talk. (1)

david@ecsd.com (45841) | more than 6 years ago | (#23748241)

Besides, there's a more direct method of breaking the encryption: track down the people who wrote the virus and force them to talk.

I've been an advocate for this method for quite some time. "Tell me Mr. Extortionist, how can your write a virus with ten broken fingers?..."

Leave it be. (2, Insightful)

Just Some Guy (3352) | more than 6 years ago | (#23748259)

So, there are two possibilities here:

  1. People are running crappy software that got hacked, or
  2. People did something dumb like running an .exe that someone mailed them.

Either way, this seems like a pretty strong (if harsh) lesson for end users. If #1, use better software, like your geek friends have been telling you this for years. That doesn't have to mean installing Ubuntu; it could just mean upgrading from IE6 to Firefox (or IE7), or from Outlook Express to Thunderbird (or Gmail). If #2, then haven't you been told about 1,000 times not to do that? Now do you see why?

I truly feel bad for people who get nailed for this, in almost exactly the same way I feel bad for my kids when they touch the stove after I've told them it was hot.

Re:Leave it be. (1)

Drakonik (1193977) | more than 6 years ago | (#23748747)

Hear hear. I'm all for tough love. My sister is one of those users whose eyes glaze over when you try to explain computer security, and once every year or two, I have to disinfect her computer. If I had my way, I'd make her live with it until she figured out how to clear it out herself and stop getting herself into the same damn situation.

Cryptography 101 (1)

lightneo (1288354) | more than 6 years ago | (#23748291)

Since the virus seems to only use one key, can't we just infect a file with known content and reverse the key by comparing the original/infected versions?

Re:Cryptography 101 (1)

Just Some Guy (3352) | more than 6 years ago | (#23748419)

Since the virus seems to only use one key, can't we just infect a file with known content and reverse the key by comparing the original/infected versions?

No. Plaintext isn't xor'ed with the key itself, but with a stream of data created using the key as one of the inputs. Similarly, I only have one GPG encryption key, but good luck reverse engineering it even given known plaintext.

Re:Cryptography 101 (1)

robo_mojo (997193) | more than 6 years ago | (#23748429)

That works only with horribly broken/inadequate encryption schemes. Where did you attend Crypto 101?

Let me get this straight (1)

Thelasko (1196535) | more than 6 years ago | (#23748329)

If we take known data and expose it to this virus, it will encrypt it so well that it takes 15 million computers to figure out the key?

I assume the folks at Kaspersky labs know what they are doing, but known data? Even if we get several samples of known data and compare it to it's encrypted counterpart, it takes 15 million computers?

I mean Colossus only had suspected known data, such as, "Nothing to report" and broke the enigma code. That's impressive!

Re:Let me get this straight (1)

Excelcia (906188) | more than 6 years ago | (#23748499)

A good thing it takes 15 million computers too, because some suspected known data like, say, your bank balance would be in for a world of hurt if encryption were as easy to crack today as Enigma was.

Re:Let me get this straight (1)

brunes69 (86786) | more than 6 years ago | (#23748539)

I think you need to re-take your "Encryption 101" course. Knowing the data is no help at all in discovering the private key in a public/private key system.

For example, do you think your SSH password is encrypted the same way every time it crosses the wire? No.

Re:Let me get this straight (2, Informative)

Anonymous Coward | more than 6 years ago | (#23748603)

If this is the least bit surprising to you, all I can say is that you are not very up to date with cryptography. Security against a so-called "known plaintext attack" is an absolutely stock standard criteria for ciphers these days. For the last few decades no serious cipher has been substantially weaker against known plaintexts than against random plaintexts.

Waterboarding (1)

mathimus1863 (1120437) | more than 6 years ago | (#23748355)

When we do find that guy, we can waterboard him to get the private key. According to the man, that's not torture!

Here's what I don't understand ... (1)

oldspewey (1303305) | more than 6 years ago | (#23748361)

Why are government bodies so busily working on pointless shit like this [slashdot.org] , when instead they could be doing work that actually brings value to society ... like shutting down the money pipe that keeps spammers and extortionists (of all kinds) in business? Can't somebody just invoke the specter of scary terrorists and money being funneled to Osama or something?

Data recovery (4, Insightful)

KevMar (471257) | more than 6 years ago | (#23748363)

So the encryption is sound, but did he just delete the old files after encrypting them or did he scrub the drive too.

Someone try to undelete the files with a disk recovery tool and see what you get. Just because the file is encrypted does not mean that the original was correctly destroyed.

Downgraded from dataloss to DOS (0)

Anonymous Coward | more than 6 years ago | (#23748383)

If it takes less then 15 megayears to generate a fresh key, the attacker has already won.

No trust, ergo, no reason to decrypt (3, Insightful)

mkcmkc (197982) | more than 6 years ago | (#23748437)

What seems to be missing here, is the realization that if someone has encrypted your files without your permission (supposedly for ransom), there is no reason to trust them to restore the files correctly, and very good reasons not to trust them.

I suppose if the file in question was something like a manuscript for a novel, where the owner can more or less verify it by eye, and (importantly) there isn't that much downside if our opponent sneaks some changes in, that might be worthwhile. But in general...

"force them to talk." (1)

xbytor (215790) | more than 6 years ago | (#23748451)

AKA Rubberhose Decryption. Works every time.

Jeebus (1, Flamebait)

blackjackshellac (849713) | more than 6 years ago | (#23748471)

There are a lot of idiots reading /. these days. i bow to all of your superior abilities to backup all of your files, constantly so that you will never, ever possibly lose a bit of data. Sorry, I meant to say that you're a bunch of wankstains.

Can't we 'follow the money' ? (1)

niks42 (768188) | more than 6 years ago | (#23748477)

Isn't that the way most frauds are cracked - by finding out where the money goes? Or is this particularly nasty SPECTRE-like extortion not illegal in the country of origin?

Make another virus (1, Funny)

Thelasko (1196535) | more than 6 years ago | (#23748557)

1. Track down the virus' creator.
2. Encrypt his/her data with a similar algorithm plus a key logger.
3. The keylogger phones home with the key the perpetrator used to decrypt his/her data.
4. Profit!

Talking (1)

Rinisari (521266) | more than 6 years ago | (#23748561)

They might talk, but if there are any passwords involved, they are protected by the 5th amendment from having to divulge them.

How does this malware propogate? (2, Interesting)

Savior_on_a_Stick (971781) | more than 6 years ago | (#23748577)

Is it targeted manually, or is it a specifically directed attack? If it's out in the wild being spread [cough] virally, rather than being inserted into specific targets, then what happens when a mobster's double book accounting system gets infected. Some people have mentioned ruthless CEO's - but if this infected the wrong system, these folks could have someone after them with no restraint, deep pockets, and the resources and experience to root them out. Do I smell a TV movie in the offing?

Who Cares (0)

Anonymous Coward | more than 6 years ago | (#23748585)

This virus only affects people running a Windows operating system. Having left Windows for Ubuntu Linux long ago, two phrases apply here:

1. Not my problem

2. A lack of planning on your part does not constitute an emergency on my part

Sorry, but that's the way it is. You want to wear the chains Mr. Gates has provided for your wrists? Be thankful for the scraps you get from the master's table, and don't cry about your floggings.

and... (1)

cosmocain (1060326) | more than 6 years ago | (#23748593)

...still there's no real proof for the authenticity of the keys. infections are rare... who tells me that these aren't keys used by some CA. or anything else important.

Slightly offtopic... origins of the IP address (2, Interesting)

New_Age_Reform_Act (1256010) | more than 6 years ago | (#23748753)

The article mentioned that despite the IP addresses of the email are from China, the fact is the people behind the GPcode campaign are Russian. That makes me wonder that how many computers in China has been turned into Russian zombies. That may well explain the reason why most attacks against U.S. Government networks are originated in China.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?