$ curl http://www.ascii-art.de/ascii/s/skull.txt -s | awk 'NR >= 635 && NR <= 657' . . .n . . n. . .dP dP 9b 9b. . 4 qXb . dX Xb . dXp t dX. 9Xb .dXb __ __ dXb. dXP .Xb 9XXb._ _.dXXXXb dXXXXbo. .odXXXXb dXXXXb._ _.dXXP 9XXXXXXXXXXXXXXXXXXXVXXXXXXXXOo. .oOXXXXXXXXVXXXXXXXXXXXXXXXXXXXP `9XXXXXXXXXXXXXXXXXXXXX'~ ~`OOO8b d8OOO'~ ~`XXXXXXXXXXXXXXXXXXXXXP' `9XXXXXXXXXXXP' `9XX' `98v8P' `XXP' `9XXXXXXXXXXXP' ~~~~~~~ 9X. .db|db. .XP ~~~~~~~ )b. .dbo.dP'`v'`9b.odb. .dX( ,dXXXXXXXXXXXb dXXXXXXXXXXXb. dXXXXXXXXXXXP' . `9XXXXXXXXXXXb dXXXXXXXXXXXXb d|b dXXXXXXXXXXXXb 9XXb' `XXXXXb.dX|Xb.dXXXXX' `dXXP `' 9XXXXXX( )XXXXXXP `' XXXX X.`v'.X XXXX XP^X'`b d'`X^XX X. 9 ` ' P )X `b ` ' d' ` ' $ cat legalizeit.txt _ __ ___ __ _ _ __ _ _ _ -|-|- | |_ /__ /\ | | / |_ |_) /\ |\ | (_ / \ |\/| \ / /\ |_) |_ -|-|- |_ |_ \_| /--\ |_ _|_ /_ |_ | \ /--\ | \| __) \_/ | | \/\/ /--\ | \ |_ We see it every day in the news, some new company has fallen victim to the growing scourge of *ransomware*, but what is the real problem? [[ RANSOMWARE FACTS ]] 1. In a typical ransomware scenario, no customer data is exposed. 2. Targets of modern ransomware are often fully insured megacorps. 3. Ransomware is only a problem for criminally negligent companies. People's livelihood is put in danger every day by irresponsible corporations and their reckless handling of user data. As it stands, the incentives to protect user data are insufficient. We need to ensure that the profits that can be derived from financial crimes from compromised user data remains lower than potential gains from ransomware. [[ HISTORY LESSON ]] In 1905, Upton Sinclair released "The Jungle", a scathing exposé of the US food industry. In 1906 congress passed the Federal Meat Inspection Act and the Pure Food and Drug Act, and the Food and Drug Administration (FDA) was born. About 30 years later, the "Restaurant Sanitation Program" was created, and soon health inspectors were given the power to proactively audit restaurants for code violations, which could lead to heavy fines and/or shutdowns for restaurants who endangered the health of their customers. Today we face a similar crisis. Financial and identity crimes are undermining the public's confidence in technology. Criminal organizations are amassing troves of private information to be used for everything from advertising the latest cereals, to nation state level electoral manipulation. As it turns out, there exists an elegant solution which solves several problems at once. !! Ransomware as we know it should be LEGALIZED, REGULATED, and ENCOURAGED. !! There is no stopping the criminal gangs from continuing their unregulated onslaught, so why not create a framework where skilled attackers can legally extract value from companies who fail to protect their own customers? The status quo, where ransomware targets are protected by US law enforcement, turns out to only further enable bad behavior. This leaves customers vulnerable to more surreptitious attacks that steal personal data and IP without alerting the target. These attacks are much more dangerous and represent a far more significant threat to the general public and to the target organizations. The choice is clear. Do we continue enabling recklessly insecure megacorps at the expense endangering the general public, or do we ensure that the PEOPLE are kept safe, and that megacorps need to pay to secure their networks, either by investing in security best practices, or by paying for an occasional data ransom when their investments are insufficient. This proposal, while seemingly unusual, creates a fully functional incentive structure for decentralized bug discovery and remediation. Organizations who decide not to invest in security will now be met with serious, tangible consequences, and the people of the world will be safer. Notably, no new governing bodies need to be created. Law enforcement just needs to not do anything, which is something they excel at, and intelligence organizations can continue wasting tax dollars on million dollar 0day that they'll never even get to use. Everyone's a winner.