Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Deal reached with hackers to delete data stolen from the Canvas platform (nbcnews.com)
25 points by fortran77 17 days ago | hide | past | favorite | 16 comments


This is a duplicate of the following discussion 2 days ago with 258 points and 249 comments:

https://news.ycombinator.com/item?id=48103668 Instructure pays ransom to Canvas hackers


The parent company should face severe penalties for allowing this kind of breach to happen and also for terrorist financing. We are really living in the Stone Age of information security.


I disagree with this path, there is no guarantee, nor can there be, that the data will be deleted. It can be divided up and sold to others with no recourse. The hackers got their money, they are under no obligation to comply with th agreement, and there's no one can could enforce it.


Right, however it's not really true in practice and we have stats for it. Generally it's enough money to set them for life and there is some sort of "moral code" around it as well, the same thing that allow darkmarkets to run.


> The company didn’t provide any details on the agreement, including whether it involved a payment, and didn’t elaborate who was behind the hack.

Oh, cool! Maybe they all just sat down with a nice cup of coffee and the hackers decided to delete the data out of the goodness of their hearts.


They're paying them to delete the data?

> The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals.

How stupid can they be?

> The company acknowledged that there was no way to be sure that the data was erased for good, and said it took action because of concerns about potential publication of the data.

Why is the U.S. allowing Canvas to fund North Korean or Russian cyberterrorists?


If I were the hackers, why would I not release the data in this case?

Dumb move from Instructure.


Because then they'll have a reputation of not doing what they're paid to do, which would be the end of their hacking careers.


If they release it now, no one else will pay the ransom


The alternative would be to ruin a part of the life of shitload of students, you find it better? It's not a dumb move at all, most companies pay ransom because the alternative is worse.


any active legislation on this? great point


So stupid, they will pay but have no proof that the hackers will not keep it to leak or sell it again in a few years...


These deals should be illegal.


Really dumb. Just a way to cover their own ass. Of course the hackers won’t actually delete the data. This is just so they can claim it was deleted when everyone knows better.


I'm almost sure they do, for the sole reason that when you get a few M$ to set you for life like this, you'd rather start erasing all kind of proof possible (even if your opsec is really excellent) to slowly start building-up your new life, maintaining evidences anywhere is stupid and those guys are far from stupid for being able to pull stuff like this.


That's not always the case.

If all hackers would do that ransomware attacks would essentially become worthless.

It's not uncommon for companies to pay the ransom. They often have insurance that covers it. It's slightly controversial, because paying them essentially makes ransomware attacks worth doing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: