Fwd: [Cryptography] Yahoo is sued for gross negligence over huge hacking

grarpamp grarpamp at gmail.com
Wed Sep 28 16:47:44 PDT 2016 

Peruvian basement dweller triggers collateral... damage,
murder, collapse... possible says paragraph 5.


---------- Forwarded message ----------
From: Ray Dillinger <bear at sonic.net>
Date: Sun, Sep 25, 2016 at 1:55 PM
Subject: Re: [Cryptography] Yahoo is sued for gross negligence over huge hacking
To: cryptography at metzdowd.com

What's happening to Yahoo is more or less exactly what we've been
telling businesses will happen if they don't start fixing their crap. I
hope that significant commercial losses will motivate a significant
widespread investment in security, because the consequences of failing
to make that investment go FAR beyond mere business losses.

This election cycle we've seen a huge spike in international
politically-motivated cracking, and that's problematic on a whole
different order.

Up to now it's been common for intra-national powers like political
parties and crooked politicians to penetrate opposing candidates or
parties in an effort to influence elections. But in the last two years
or so, the world has seen more international cracks by nations and
organizations actively trying to subvert electoral processes, and that's
a whole different order of concern.

No matter how sleazy an intranational political cracker is, a political
hack wants there to be a functioning nation to take control of.
International crackers such as North Korea, ISIL, China, the People's
Liberation Front of Lower Slobovia, etc who are fundamentally opposed to
democratic processes in the first place have no such constraint.  Should
Americans trust Russian hacks on the email of their political parties,
or Vladimir Putin's apparent interest in the Trump campaign?  Are the
British quite certain that the Brexit vote wasn't rigged by Mideastern
players deliberately working to undermine the EU?

Democracies across the globe now have sophisticated, persistent, highly
motivated security opponents whose goal is to weaken them in
negotiations, make them militarily vulnerable, or just plain burn them
down. We're not talking about business losses any more, nor even about
the straightforward attempt to take high offices fraudulently.  We're
now talking about hacks by people who see the destruction of nations as
either a primary goal or acceptable collateral damage.

If Yahoo loses a few hundred million in an apparently well-deserved
lawsuit, and financially motivated people around the world start paying
attention to software security?  I couldn't say that would be a bad
thing.  An improved security infrastructure would improve the ability of
nations to defend their political processes, and I for one happen to
like living in a world with some global stability.

                                Bear

More information about the cypherpunks mailing list