$ curl http://www.ascii-art.de/ascii/s/skull.txt -s | awk 'NR >= 635 && NR <= 657'
. .
.n . . n.
. .dP dP 9b 9b. .
4 qXb . dX Xb . dXp t
dX. 9Xb .dXb __ __ dXb. dXP .Xb
9XXb._ _.dXXXXb dXXXXbo. .odXXXXb dXXXXb._ _.dXXP
9XXXXXXXXXXXXXXXXXXXVXXXXXXXXOo. .oOXXXXXXXXVXXXXXXXXXXXXXXXXXXXP
`9XXXXXXXXXXXXXXXXXXXXX'~ ~`OOO8b d8OOO'~ ~`XXXXXXXXXXXXXXXXXXXXXP'
`9XXXXXXXXXXXP' `9XX' `98v8P' `XXP' `9XXXXXXXXXXXP'
~~~~~~~ 9X. .db|db. .XP ~~~~~~~
)b. .dbo.dP'`v'`9b.odb. .dX(
,dXXXXXXXXXXXb dXXXXXXXXXXXb.
dXXXXXXXXXXXP' . `9XXXXXXXXXXXb
dXXXXXXXXXXXXb d|b dXXXXXXXXXXXXb
9XXb' `XXXXXb.dX|Xb.dXXXXX' `dXXP
`' 9XXXXXX( )XXXXXXP `'
XXXX X.`v'.X XXXX
XP^X'`b d'`X^XX
X. 9 ` ' P )X
`b ` ' d'
` '
$ cat legalizeit.txt
_ __ ___ __ _ _ __ _ _ _
-|-|- | |_ /__ /\ | | / |_ |_) /\ |\ | (_ / \ |\/| \ / /\ |_) |_
-|-|- |_ |_ \_| /--\ |_ _|_ /_ |_ | \ /--\ | \| __) \_/ | | \/\/ /--\ | \ |_
We see it every day in the news, some new company has fallen victim to the
growing scourge of *ransomware*, but what is the real problem?
[[ RANSOMWARE FACTS ]]
1. In a typical ransomware scenario, no customer data is exposed.
2. Targets of modern ransomware are often fully insured megacorps.
3. Ransomware is only a problem for criminally negligent companies.
People's livelihood is put in danger every day by irresponsible corporations
and their reckless handling of user data. As it stands, the incentives to
protect user data are insufficient.
We need to ensure that the profits that can be derived from financial crimes
from compromised user data remains lower than potential gains from ransomware.
[[ HISTORY LESSON ]]
In 1905, Upton Sinclair released "The Jungle", a scathing exposé of the US
food industry. In 1906 congress passed the Federal Meat Inspection Act and the
Pure Food and Drug Act, and the Food and Drug Administration (FDA) was born.
About 30 years later, the "Restaurant Sanitation Program" was created, and soon
health inspectors were given the power to proactively audit restaurants for code
violations, which could lead to heavy fines and/or shutdowns for restaurants who
endangered the health of their customers.
Today we face a similar crisis. Financial and identity crimes are undermining
the public's confidence in technology. Criminal organizations are amassing
troves of private information to be used for everything from advertising the
latest cereals, to nation state level electoral manipulation. As it turns out,
there exists an elegant solution which solves several problems at once.
!! Ransomware as we know it should be LEGALIZED, REGULATED, and ENCOURAGED. !!
There is no stopping the criminal gangs from continuing their unregulated
onslaught, so why not create a framework where skilled attackers can legally
extract value from companies who fail to protect their own customers?
The status quo, where ransomware targets are protected by US law enforcement,
turns out to only further enable bad behavior. This leaves customers vulnerable
to more surreptitious attacks that steal personal data and IP without alerting
the target. These attacks are much more dangerous and represent a far more
significant threat to the general public and to the target organizations.
The choice is clear. Do we continue enabling recklessly insecure megacorps
at the expense endangering the general public, or do we ensure that the PEOPLE
are kept safe, and that megacorps need to pay to secure their networks, either
by investing in security best practices, or by paying for an occasional data
ransom when their investments are insufficient.
This proposal, while seemingly unusual, creates a fully functional incentive
structure for decentralized bug discovery and remediation. Organizations who
decide not to invest in security will now be met with serious, tangible
consequences, and the people of the world will be safer.
Notably, no new governing bodies need to be created. Law enforcement just
needs to not do anything, which is something they excel at, and intelligence
organizations can continue wasting tax dollars on million dollar 0day that
they'll never even get to use. Everyone's a winner.