Hacker News new | past | comments | ask | show | jobs | submit login

”the whole cryptolocking business model falls down if the attacker isn't at least moderately honest”

Nitpick: it only requires most attackers to be somewhat honest. Having a few unscrupulous ones may make life harder for the “honest” ones, but they themselves can be better of, e.g. by, after receiving payment, demanding more money.




Is it more unethical to release an "honest cryptolocker" or one that lies and never gives the files, degrading the trust the entire cryptolocker grift relies on?


It's pretty obvious that it's worse to be an actual criminal, than someone who goes around and pretends to be one.

In the same way that it's worse to shoot someone with an actual gun than to threaten to shoot them with a Nerf gun.

The negative network effects on other scammers are also nice.


In this case both are actual criminals but one returns your data after payment while the other doesn't


I'm not so sure.

An "honest cryptolocker" helps support more cryptolocker use, as people trust that if they pay the criminal they'll get their stuff

If dishonest ones were the norm, than maybe cryptolocking would cannibalize itself as nobody would pay since they know its useless. So in a sense the dishonest one while having less ethical intention has more ethical results. But only at scale. Hmmm.


Sounds like we need a review site for extortionists.


Would you charge the extortionists to remove their negative reviews?


No, they just have to prove they're the real person with photo ID and admit they are the person being referred to as the criminal.


Or maybe an escrow service for extortionists who makes sure the amount is refunded if the extortionist does not deliver.


If I remember correctly, WannaCry had a small customer support call center =D


Very fair point.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: