Peruvian basement dweller triggers collateral... damage, murder, collapse... possible says paragraph 5. ---------- Forwarded message ---------- From: Ray Dillinger <bear@sonic.net> Date: Sun, Sep 25, 2016 at 1:55 PM Subject: Re: [Cryptography] Yahoo is sued for gross negligence over huge hacking To: cryptography@metzdowd.com What's happening to Yahoo is more or less exactly what we've been telling businesses will happen if they don't start fixing their crap. I hope that significant commercial losses will motivate a significant widespread investment in security, because the consequences of failing to make that investment go FAR beyond mere business losses. This election cycle we've seen a huge spike in international politically-motivated cracking, and that's problematic on a whole different order. Up to now it's been common for intra-national powers like political parties and crooked politicians to penetrate opposing candidates or parties in an effort to influence elections. But in the last two years or so, the world has seen more international cracks by nations and organizations actively trying to subvert electoral processes, and that's a whole different order of concern. No matter how sleazy an intranational political cracker is, a political hack wants there to be a functioning nation to take control of. International crackers such as North Korea, ISIL, China, the People's Liberation Front of Lower Slobovia, etc who are fundamentally opposed to democratic processes in the first place have no such constraint. Should Americans trust Russian hacks on the email of their political parties, or Vladimir Putin's apparent interest in the Trump campaign? Are the British quite certain that the Brexit vote wasn't rigged by Mideastern players deliberately working to undermine the EU? Democracies across the globe now have sophisticated, persistent, highly motivated security opponents whose goal is to weaken them in negotiations, make them militarily vulnerable, or just plain burn them down. We're not talking about business losses any more, nor even about the straightforward attempt to take high offices fraudulently. We're now talking about hacks by people who see the destruction of nations as either a primary goal or acceptable collateral damage. If Yahoo loses a few hundred million in an apparently well-deserved lawsuit, and financially motivated people around the world start paying attention to software security? I couldn't say that would be a bad thing. An improved security infrastructure would improve the ability of nations to defend their political processes, and I for one happen to like living in a world with some global stability. Bear