720-891-1663
Return to the list of client alerts
Ignore for the moment that the government – and everyone else – always has an agenda. That is just a fact of life.
You probably remember that back in August, remote network management software vendor Kaseya announced they had been hacked and they had been distributing malicious software.
This affected somewhere around 50+ managed service providers and more than a thousand of their customers.
These customers had to either figure out how to pay the ransom (which was supposedly in the $25 to $50 million range) or rebuild their systems.
Managed service providers went crazy getting their customers back online.
Ultimately it cost everyone, collectively, tens of millions of dollars to put the wheels back on the train.
After about 3 weeks, Kaseya announced that somehow they had obtained a master decryption key.
This is about the same time that the hacker’s web site disappeared from the dark web.
No one, especially the government or Kaseya, explained what was going on.
Well now it has come out after the Washington Post wrote a story.
It turns out that the FBI had hacked the hackers and had a copy of the master decryption key for weeks before THEY gave it to Kaseya.
They didn’t want anyone to know that they had hacked the hackers because they wanted to do the hackers in.
Then the hackers spoiled the FBI’s fun by shutting down their web site. Now the FBI had a back door into, well, nothing.
So at this point, they decided to release the key.
But since was three weeks after the attack and businesses were not going to stay shut down for an unknown amount of time hoping a key would magically appear, they spent, collectively, a LOT of time and money rebuilding and restoring their systems.
Congress, apparently, can read the newspaper so they asked FBI Director Wray WTF.
He said well, ya know, we discussed it. All us govmint agencies did, and we decided that it was better to cost a couple thousand businesses tens of thousands of dollars each to not go out of business because we had a better plan. A more important plan. At least to us.
Bottom line seems to be that even when the government has the ability to help us, they may have their own agenda that is more important than saving businesses millions of dollars.
There is nothing illegal about this. Maybe it should be, but it is not. We have no idea how often this occurs. It does occur often enough that the intelligence community has a formal process called the vulnerability Equities Process to decide whether they should tell people or whether they should keep the information to themselves.
Lends a new understanding to We’re from the government and we’re here to help you.
Credit: Data Breach Today