For private individuals that move makes sense. For nation states (with the exception of NK because they're so broke) - a financial incentive isn't enough.
Petya with M.E.DOC is a good example, Russians burned quite a significant attack infrastructure there. They could have sold that access to "someone" but the price (under $1mil in my opinion) isn't worth the sort of chaos it caused in ukraine (majority of companies in ukraine used that software I believe). My point is, if they did backdoor kasperskyOS, it wouldn't be used for a financial end, maybe to "show off" their capability, a retaliation to your government screwing with them,etc... but certainly not a financial end.
Frankly, I'd be happy if governments stay out of securiing civilians when it comes to computers and the internet. Tired of being a meaningless pawn to be discarded whenever convenient to do so.
They do plenty to protect what they consider is worthy of protection. which often leaves me out. Protection in their sense includes depriving me of basic rights and freedoms (so long as I'm "Safe").
It's not their official duties that I find dubious but their historical and ongoing ignorance of them. If they simply did their job I wouldn't even need to ask that question.
I'd probably ask the same of SVR/GRU if I lived in Russia.
If the NSA/CIA were doing their job, they wouldn't spy on their own people and they certainly wouldn't make secret deals with security companies and inflitrate their ranks to have a strategic advantage. Letting security companies independently do their job would be "protecting America" backdoors, hoarding exploits, influencing weak crypto,etc... I'm sorry but the russians don't even have the ability to do some of that even if they have the will.
GRU or NSA for both "ends justify means" , if you're on the "ends" side, pick software backdoored by your home country. if you're on the "means" side, pick the other guy.
I suppose it's time to consider what "collateral damage" in the sense of geopolitical computer security is.
Nein, the story is about a crime, why fish or something else?
> Why wouldn't they?
Because it happens all the time and nobody says "Oh, <insert corp> are atheists,that's why they're so bad, hypocrits!" maybe that's just because their beliefs has no moral standards at all.
>"Come on... leave some room to reason." Except that none of the actions or claims by the Hobby Lobby stand up to reason, which is why they lost in court.
I wasn't defending hobby lobby, "reason" in that context means accusing someone of a different crime when the evidence/context is for a present crime. You're calling a thief a hypocrite because he said he doesn't approve of murder. that is unreasonable.
Crowdstrike, FireEye ,Cobaltstrike,symantec,etc... are they CIA fronts as well?
As an american, why would I trust the CIA/NSA over the SVR/GRU? I wish I didn't have to ask that. but the fact is, and I'm sure some will agree - It is the CIA/NSA machine that can make my life here in America hell, not the SVR/GRU.
I can understand the concern when it comes to critical infrastructure and government software. However in the private sector and for individuals - "A tyrant 3000 miles away" is less of a threat than "3000 tyrants a mile a way".
TV ads targetted demographics not individuals. I'm fine with that,that's actually what I'm promoting. targetting of demographics based on the content being viewed (as oppose to tracking information on the individual viewing it)
I think a lot of people on here are "fishing for a hypocrisy story" as one commentor said.
What's the point in that? what if you're right,is it a surprise that hypocrisy exists? it only speaks to the character of the individual(s) not the quality or correctness of their belief. A person did something criminal. period. what point is there to be made with respect to their religion? Did they claim their religion mandated the importation of the artifcats or the ignorance of the laws involved? or is the expectation here that people of certail beliefs or moral values are incapable of committing crimes?
Regardless, I hope the people making this about religion also hold other corporations who commit crimes to the same standard and associate their beliefs or religion with their crimes.
I for myself won't correlate an unrelated moral or ethical stand someone is making to a separate crime they've committed. Would you call a theif a hypocrite because he said he was against murder? or the same accusation to a murderer because he was against rape?
Why is targeted advertising acceptable? it is not ok for a seller to stalk potential buyers.
I get that everyone has accepted this as a "fact of life" but consider how TV advertising was done. The advertisement is tailored to the show you are watching and the time of day.
In other words, if I'm on a tech blog, advertise to me tech products, if I'm reading a cooking recipe, advertise kitchenware,grocery delivery and the like.
As a consumer, I am more likely to remember an advertised product if the AD is within the context of the web page I'm visiting.
Target pages not users! not even as precise as I mentioned above but statistical approximations can be made, much like with TV ads (for example, "ycombinator visitors are likely to buy artisnal cookware compared to people visiting nytimes" )
The problem at the end of the day is that users in general don't like to be tracked. some may sacrfice the privacy for the convenince but most will prefer if the sacrifice wasn't neccesary.
I think better advertising solutions are what is needed. It is unfortunate how much money is instead spent on technology to stalk users, as if using a complex computer system makes it more accpetable or ethical.
Petya with M.E.DOC is a good example, Russians burned quite a significant attack infrastructure there. They could have sold that access to "someone" but the price (under $1mil in my opinion) isn't worth the sort of chaos it caused in ukraine (majority of companies in ukraine used that software I believe). My point is, if they did backdoor kasperskyOS, it wouldn't be used for a financial end, maybe to "show off" their capability, a retaliation to your government screwing with them,etc... but certainly not a financial end.
Frankly, I'd be happy if governments stay out of securiing civilians when it comes to computers and the internet. Tired of being a meaningless pawn to be discarded whenever convenient to do so.