• 0 Posts
  • 8 Comments
Joined 9 months ago
cake
Cake day: March 16th, 2024

help-circle





  • Over the last several years, I have had opportunities or at least contemplated opportunities to make lots of money while exploiting others or being a completely useless finance bro.

    The thing that keeps me from moving in those directions is moral character. If you can’t bring yourself to bullshit your fellow human and take from them to enrich yourself without providing any real value, you won’t get as rich as a CEO. Think of all those get rich quick YouTubers who do nothing but sell digital bullshit or ebooks about how to sell ebooks or some other digital bullshit to get rich quick.

    There are, of course, exceptions, but what did Brian Thompson really do for society? Moreover, what harm did he cause to society?

    These people know they are doing the wrong thing and are cashing in on their ability to take from society while enriching themselves. In the context of health care, they’re literally hurting and killing people.

    Remember when the arguments against nationalized health care were mostly about how we would have death panels? How fucking ironic.



  • The problem, as I see it, is that telcos have simply way too many silos and technologies in use to even begin to understand their entire attack surface. I don’t think the Lawful Intercept functions on the devices that are likely compromised are even capable of sending logs to a SIEM. It’s a black box that only a small subset of people at the telco work with and law enforcement has essentially automated access to it once a warrant (or warrantless) wiretap commences.

    What if the bespoke hack the CSO is describing is something like backward serialization of a circuit emulation method or some other tunneling technology leveraging a legacy protocol? There’s all kinds of crazy shit in telco networks with lots of capabilities, lots of which go unused. The folks securing those networks do not understand the devices and protocols well enough to ask the right questions, probe the right directions, get the right people to do the right things…

    Combine all that with what’s typically an adversarial relationship between security teams and the people building and operating the network and you get a nice shit soufflé waiting to be eaten by APTs.

    It was reported long ago that foreign adversaries had compromised telco and financial networks so deeply that they would likely never be eradicated. I don’t think the situation has improved much.