Share Button

Image source: https://www.flickr.com/photos/105644709@N08/

Image source: https://www.flickr.com/photos/105644709@N08/

In most situations, the news that a group of Russian hackers broke through the security of two major websites and downloaded massive user databases would cause significant panic. Most users, ambivalent about online security best practices, will reuse user names and passwords tied to their email accounts, meaning that a user database could be a treasure trove for anyone hoping to make a quick buck from an identity theft scheme. But when CNET’s database was hacked into by the Russian hacktivist collective known as w0rm last week, something seemed a little … odd. Instead of demanding tens of thousands of dollars through private messages to CNET executives, w0rm posted their proof and demands to Twitter with the surprisingly low ransom of 1 BTC.

The w0rm ransom clearly wasn’t exactly what it seemed at first. The warning allowed CNET ample time to address the problem, and there appear to have been no takers for the offer. The database itself was encrypted, and w0rm didn’t seem terribly interested in cracking it. Clearly, the ransom was a warning: Fix your security issues, or the next time it won’t be from someone so altruistic. It will cost you far more than 1 BTC when that happens.

In the week since, w0rm has clearly been hard at work. The hacker collective has posted two new hacked databases for the bargain-basement price of 1 BTC: Wall Street Journal and Vice.com. Although the WSJ has thus far been silent about the hack, Vice did confirm that their database was compromised, and that they had forcibly reset their user passwords as a precaution.

Given bitcoin’s decentralized, one-way nature, it still makes an ideal system for such ransom attempts. A growing trend of “ransomware” malicious programs have been insisting in payment in bitcoin, revealing one of the great tradeoffs to all innovation: It can also innovate crime. In a less-than-ideal way, it also hints that bitcoin is becoming a true world currency, as w0rm has yet to express any interest in being paid in U.S. dollars, rubles or euro.

Share Button