The group, calling itself Radiant, had posted images of children attending the Kido nursery chain in London on the dark web and demanded a ransom from the company.
The stolen information on the children includes medical records, incident reports and the allocation of drugs and medicine given to the children.
They’re trying to intimidate the group into protecting the privacy of the children - while there’s other ways to get the information, those other ways aren’t actively threatening to release the information publicly. It’s a decent enough move I suppose, though I doubt it will work since this company doesn’t care about the children and their reputation is going to be fine given how widely reported the hacking is. They’d have had a much better chance of getting a payout by going after the parents of kids with medical conditions or any other compromising information. How much could you have blackmailed the parents of an intersex kid for, given the current political climate, for example? Or one with an inheritable STD?
Please don’t try to whitewash these criminals as heroes in this story. They know their target, chose it deliberately and chose to release sensitive information about the victims of their own accord for their own gain.
Doing cybersecurity 100% right 100% of the time is damn hard work. Anyone that says ‘lol their security sucked, they deserved it’ has no idea how much work it takes to keep not only a complex system free from compromise, but also keep the users from shooting themselves in the face and taking the network down with them.
Okay I’m being genuine here - how was that your takeaway from my comment? I don’t know if there’s a way to sound sincere over text, but I promise I’m not even being slightly snarky, 100% sincere: what?
My understanding of your first sentence in the first comment was that you were saying that the hackers were trying to ‘intimidate the group (the company) into protecting the privacy of the children’.
That is what I based my response on. If I misunderstand, I apologize. (also, I didn’t down vote you, for what it’s worth, I appreciate the sincerity).
Nah that’s 100% right, it’s just that that’s not a good thing. They’re putting the children’s privacy in jeopardy, then trying to intimidate the company into protecting that privacy by threatening to release it (to great fanfare) if they don’t pay up. No heroics involved. And on top of that it’s just a really boneheaded strategy, that company just does not give a fuck about children, why would they ever pay out when they can point to all this coverage of the evil evil hackers to deflect from their doubtlessly rampant security failures.
But they’ll just slow drip the release anyway, going back for more and more ransom if they do pay.
I guess my thing is (not knowing the company from Adam) I’d assume they’d rather not have the kid’s info released rather than simply not caring about it. Being hacked doesn’t necessarily mean they’re careless - I think that is what I was trying to convey.
I’m almost solely responsible for cyber security at my job. I do my best, make the case for better protections, and secure things as best I can. If we got ransomwared, I’d be tempted to blow my head off. I have to get it right every single time. They have to get right or lucky just once.
They’re trying to intimidate the group into protecting the privacy of the children - while there’s other ways to get the information, those other ways aren’t actively threatening to release the information publicly. It’s a decent enough move I suppose, though I doubt it will work since this company doesn’t care about the children and their reputation is going to be fine given how widely reported the hacking is. They’d have had a much better chance of getting a payout by going after the parents of kids with medical conditions or any other compromising information. How much could you have blackmailed the parents of an intersex kid for, given the current political climate, for example? Or one with an inheritable STD?
Please don’t try to whitewash these criminals as heroes in this story. They know their target, chose it deliberately and chose to release sensitive information about the victims of their own accord for their own gain.
Doing cybersecurity 100% right 100% of the time is damn hard work. Anyone that says ‘lol their security sucked, they deserved it’ has no idea how much work it takes to keep not only a complex system free from compromise, but also keep the users from shooting themselves in the face and taking the network down with them.
Okay I’m being genuine here - how was that your takeaway from my comment? I don’t know if there’s a way to sound sincere over text, but I promise I’m not even being slightly snarky, 100% sincere: what?
My understanding of your first sentence in the first comment was that you were saying that the hackers were trying to ‘intimidate the group (the company) into protecting the privacy of the children’.
That is what I based my response on. If I misunderstand, I apologize. (also, I didn’t down vote you, for what it’s worth, I appreciate the sincerity).
Nah that’s 100% right, it’s just that that’s not a good thing. They’re putting the children’s privacy in jeopardy, then trying to intimidate the company into protecting that privacy by threatening to release it (to great fanfare) if they don’t pay up. No heroics involved. And on top of that it’s just a really boneheaded strategy, that company just does not give a fuck about children, why would they ever pay out when they can point to all this coverage of the evil evil hackers to deflect from their doubtlessly rampant security failures.
(Lol ty, I doubted it had been you)
All good… I mistook the attribution of intent.
But they’ll just slow drip the release anyway, going back for more and more ransom if they do pay.
I guess my thing is (not knowing the company from Adam) I’d assume they’d rather not have the kid’s info released rather than simply not caring about it. Being hacked doesn’t necessarily mean they’re careless - I think that is what I was trying to convey.
I’m almost solely responsible for cyber security at my job. I do my best, make the case for better protections, and secure things as best I can. If we got ransomwared, I’d be tempted to blow my head off. I have to get it right every single time. They have to get right or lucky just once.