Share this page!

Cory Doctorow Profile picture
Twitter logo
18 May, 18 tweets, 4 min read
A truism in security is "attribution is hard." It's really hard to know who hacked you, first, because it's easy to deflect suspicion by leaving false clues, and second, because the bar for hacking even big, critical systems is so low.

1/ The Windows keyboard selection dialog.
The ransomware epidemic has been raging for years now, and it's quite a tangle. It includes idiots who download (or pay for) some off-the-shelf malware and turn it loose on whatever systems they can find, who don't even know WHO they've hacked.

2/
It includes sophisticated crime-gangs with high degrees of specialization: tooling, payment processing, even "customer service" for victims who can't figure out how to buy cryptocurrency to pay their ransoms.

3/
It includes state actors, who often pretend to be bungling idiots while infecting the systems of national adversaries - sometimes, they use fake ransomware that irretrievably trashes the target system, then claim to be too incompetent to recover them.

4/
And it includes all kinds of hybrids, like "state-sponsored" hackers (private criminal orgs on governmental payrolls) as well as state-tolerated "cyber-patriot militias" (high-tech mall ninjas who hack out of a sense of patriotic duty).

5/
This combination of adversaries accounts for the more bizarre ransomware turns, like the ransomware gang Darkside, who seized the Colonial Pipeline's billing systems (sparking petrol hoarding in the American south).

6/
The criminals then apologized for their crime, saying that they were just trying to do crime, not create a geopolitical incident. THEN they posted that they, themselves, had been hacked and lost control of their malware and the ransom they'd collected (!).

7/
It's not the first time that bad guys have pulled off a successful attack against a major target, only to react with public shame and horror at who they'd actually targeted - they're like muggers who discover that they just stuck up the Chairman of the Joint Chiefs of Staff.

8/
All this may explain why there is an easy way to protect yourself from many strains of ransomware: install the Russian keyboard option in your Windows system.

9/
As @briankrebs explains in his post, Russian authorities are pretty tolerant of hackers who target foreigners, but are notoriously tetchy if someone in their jurisdiction hits a Russian business (or worse, major government installation) for ransom.

krebsonsecurity.com/2021/05/try-th…

10/
Russian (and regional) malware gangs who want to avoid retaliation from powerful Russian security agencies have programmed their malware to check for the presence of a Russian (or other Cyrillic) keyboard in the system, and, if they find it, to leave the system untouched.

11/
It's like the climax of the Passover story, except for malware and authoritarian security agencies!

Krebs is at pains to point out that there's plenty of malware this won't work on, and there are already strains of Darkside-associated malware that don't perform this check.

12/
But it's a simple step you can take right now, for free, that will not impede your use of your system in any way.

Here's how: "Hit the Windows and X at the same time; select Settings, then 'Time and Language.'...

13/
"Select 'Language,' scroll to the option to install another character set. Pick one, then reboot. If for you need to toggle between languages, tap Windows+space."

14/
Alternatively, here's a two-line batch script that does it, from @lancejssc of @unit221b.

github.com/Unit221B/Russi…

15/
This is a neat, self-contained parable about measures, countermeasures, and counter-countermeasures. Earlier malware refused to infect computers running virtual machines, as their authors sought to avoid analysis by security researchers.

Today, that rarely works.

16/
Installing a keyboard associated with Russia or the Commonwealth of Independent States works for now. It probably won't for long.

Ultimately, we need more security competence in Windows design, to raise that low bar and exclude (at least) the dimmest dimbulbs.

eof/
ETA - If you'd like an unrolled version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2021/05/18/unh…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Cory Doctorow

Cory Doctorow Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @doctorow

Cory Doctorow Profile picture
18 May
"What Would Open Source Look Like If It Were Healthy?" That's the question @brainwane set out to answer in her @github talk earlier this week - a talk that considers #FLOSS in the broadest possible terms and still makes specific, concrete proposals.

harihareswara.net/sumana/2021/05…

1/ The title-card from Sumana Harihareswara's Github talk,'What
Harihareswara starts with the obvious proposition that "open source" can't be healthy if the programmers who create it aren't healthy, and draws a link between basic income, child care and universal health care and the health of open source.



2/
She also points out that the "health" of open source has been systematically poisoned by harassment, misogyny and racism, and names people who were driven out of OSS because of their gender and race - as well as people like @aaronsw, hounded to death by the FBI.

3/
Read 13 tweets
Cory Doctorow Profile picture
18 May
Bruce Schneier coined "feudal security" to describe the dominant Big Tech security model, in which you surrender your autonomy by moving into a warlord's fortress (Google, Apple, Facebook, etc) and in return get protection from the bandits that roam the badlands without.

1/ A medieval tapestry illustration of an overseer forcing peas
The historian Stephen Morillo pointed out that this is more like "manorialism" than "feudalism." As I wrote in January, digital manorialism works well (if the warlord wants the same thing as you) but fails badly (if they decide to sell you out).

locusmag.com/2021/01/cory-d…

2/
Google wants to kill third party cookies to protect you from randos doing tracking and targeting - but it wants to retain the ability to nonconsensually track and target you on its own:

eff.org/deeplinks/2021…

3/
Read 21 tweets
Cory Doctorow Profile picture
18 May
Last Jan, @NorthwellHealth was the subject of a viral @nytimes story about the thousands of patients it had sued over medical debt, in the midst of a pandemic. The publicity was so bad that the company abandoned its legal campaign of terror.

nytimes.com/2021/01/05/nyr…

1/ A comic-book drawing of a giant grim reaper bringing down a
But not every bloated, financialized hospital chain got the message. The massive chain Community Health Systems has long been addicted to suing the shit out of its patients, and the pandemic didn't change that.

edition.cnn.com/2021/05/17/us/…

2/
CHS's financial crimes are investigated in a must-read @CNN story by @caseytolan. While the company insists that it doesn't sue poor patients over their medical debts, Tolan debunks this claim, revealing the cruel and ugly lengths CHS has gone to during the pandemic.

3/
Read 25 tweets
Cory Doctorow Profile picture
17 May
Today's Twitter threads (a Twitter thread).

Inside: Paygo, false consciousness and the IRS; The Public Interest Internet; Concluding How to Destroy Surveillance Capitalism; and more!

Archived at: pluralistic.net/2021/05/17/dis…

#Pluralistic

1/
This Weds (5/19), I'm doing a talk called "Seize the Means of Computation," at the Ryerson Centre for Free Expression:

cfe.ryerson.ca/events/how-des…

And on Thu (5/20), I'm doing a keynote called "Privacy Without Monopoly," for the Northsec conference:

nsec.io/speaker/cory-d…

2/
Paygo, false consciousness and the IRS: Why we can't have nice things.



3/
Read 18 tweets
Cory Doctorow Profile picture
17 May
This week on my podcast, the seventh and final part of my serialized reading of my 2020 @ozm book HOW TO DESTROY SURVEILLANCE CAPITALISM, a book arguing that monopoly – not AI-based brainwashing – is the real way that tech controls our behavior.

onezero.medium.com/how-to-destroy…

1/ The cover of One/Zero/Medium's paperback edition of 'How to
The book is available in paperback:

bookshop.org/books/how-to-d…

and DRM-free ebook :

sowl.co/bm2F7c

and my local bookseller, @darkdel, has signed stock that I'll drop by and personalize for you!

darkdel.com/store/p2024/Av…

2/
Here's the podcast episode:

craphound.com/nonficbooks/de…

And here's part one:

craphound.com/nonficbooks/de…

And part two:

craphound.com/nonficbooks/de…

And part three:

craphound.com/nonficbooks/de…

2/
Read 6 tweets
Cory Doctorow Profile picture
17 May
I met @mala on 9/11/01, at a surreal dinner we pressed on with despite (or really, because of) the intense terror of the day. He was wearing a t-shirt from NTK, his seminal digital newsletter, bearing its slogan: "THEY STOLE OUR REVOLUTION. NOW WE'RE STEALING IT BACK"

1/ EFF's 'public interest internet' illustration: a 2.5-D gamel
Online culture has its roots in a strange swirl of hobbyists, the military, corporate misfits fooling around with their employers' vast computer labs and students and academics dabbling in the early digital world.

2/
It was no garden of Eden. There was plenty of fighting and plenty of difference, but there was, despite it all, a sense of mission: a collegial urgency to build a commons that would be part of the digital world that everyone could use.

3/
Read 15 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @doctorow has new unrolls!

Check out other threads from @doctorow!

Read all threads by @doctorow

:(