Years ago I attended a conference that had a "fireside chat" with a DoJ official on the topic of these types of ransom payments.
He framed the issue as being similar to kidnapping ransoms: When an American is taken hostage each family is inclined to make payment but it fosters an industry around kidnapping Americans. Congress put a stop to it by making it illegal to pay the kidnappers. The industry shifted by ceasing the non-profitable American kidnapping and instead began targeting Europeans.
His proposal was to begin warning cybersecurity consultants and insurers who were often brought into these situations that payments to sanctioned countries were already likely illegal and could face scrutiny. The first people to suffer this might be burned, but eventually he believed the industry would move on and stop targeting US firms.
Not sure if anything ever came of his plans, but I always thought it was an interesting framing of the issue.
Instead of paying ransom, and creating a ransomware criminal industry out of thin air, its better to force companies to recover and restore from backups and remove monetary incentive for crime.
and the executives who failed to carry regular backups obviously should face the music
Our PII is leaked all the time. I am fed up with various businesses sending me a free credit monitoring subscription in lieu of actually having proper security controls or damages that incentivize viewing the issue as a serious going concern risk.
Leaks are inevitable, but the current situation is absurd. The liabilities and incentives to do anything about them are virtually nonexistent and security is almost always viewed as a cost.
Was it really a problem? Yes, voluntary release of that info by a school would normally likely be a FERPA violation, but this was a criminal act against a third party.
Infrastructure’s motivations must have lain elsewhere…
Who would of thought paying teenagers millions of dollars in crypto was a good idea?
They'll just use it on more exploits, more nonsense. It's a race to the bottom.
Sister group, Lapsus$ (parent group ShinyHunters) has published on their website they will pay for inside access to company networks. The group says they don't want data, they just want an avenue.
This is what happens when we keep paying these criminals millions in hard-to-trace crypto.
How is it not a violation of AML laws to pay a ransom like this? Surely they didn't verify that the recipient (a criminal) isn't sanctioned or associated with sanctioned organizations.
Money laundering is the action of obfuscating the origin of criminal proceeds; victims or clients of criminals do not generally commit money laundering, for example buying drugs is not a form of AML violation regardless of the legality of the purchase itself or the fact that the funds will later be laundered by the traffickers.
KYC is a tool to prevent money laundry and it's typically an obligation of financial institutions. Sending money to an anonymous (to you) recipient is generally not a KYC violation if you are not in the money transmitting business and you aren't doing the payment on behalf of someone else.
There are infinite shades of gray in this topic, of course, but I can't see AML being relevant in this particular case.
I think they mixed up sanctions (and any similar laws w.r.t. legal recipients) with AML laws. The legality of paying sanctioned entities doesn't depend on whether the money was laundered, but they were interested in how people get around the former.
How exactly would this fall into the purview of AML? As far as sanctions go the burden of proof would be on the government to prove the money went to a sanctioned entity and Instructure isn't a bank subject to KYC requirements.
All my corporate AML training says that not performing some KYC for large payments, directly or through a bank, is a crime in its own even if the recipient isn't sanctioned.
From Claude, maybe it's a little nuanced compared to conservative corporate policies, but doesn't feel very legal: "You can be charged with money laundering (18 USC 1956/1957 in the US, equivalents elsewhere) if you knowingly — or with willful blindness — process proceeds of crime. "I didn't ask" is not a defense if the circumstances were suspicious; deliberately avoiding KYC to preserve deniability is exactly what willful blindness doctrine targets. The recipient doesn't need to be formally sanctioned; the funds just need to be tainted."
Even if it already is, the DoJ can exercise discretion in choosing who to prosecute. There has to be political will to threaten an org who has just suffered from an attack with further consequences if they make a payment.
Probably not too relevant but off the top of my head, the New Zealand Government's guidance on ransomware payments is that you could technically be fined if you pay a ransom to an entity in a sanctioned country, although it doesn't go into specifics
Extortion and terrorism seem similar in many ways except the latter involves physical harm.
I’d asssume a company paying money to terrorists shouldn’t be acceptable.
It also seems especially egregious to pay ransom as a “solution” to the failings that made the attack both possible and consequential in the first place.
Might as well use a bank whose safe deposit boxes are made of cardboard… They can just bribe the thieves to give some things back.
>It also seems especially egregious to pay ransom as a “solution” to the failings that made the attack both possible and consequential in the first place.
You are paying an extra fee for not testing your own software and infrastructure. It was instead tested by a third party. Be glad it wasn't tested by a nation state actor or someone who wanted to do more harm to your customers than just asking for money.
Ideally they should now secure their infrastructure and take this as a gentle reminder that they should spend more on security.
>Might as well use a bank whose safe deposit boxes are made of cardboard… They can just bribe the thieves to give some things back.
You would hope they would then upgrade the cardboard.
When you frame it like that it sounds like the thieves are doing us a favor. Except it should be heavily fined and jailable for the entire executive team and maybe the board too.
Is it illegal to pay kidnappers in the united states? I've never heard of this and I can't seem to find anything that says any such law has actually been passed.
It's technically not illegal, but often is. You can't pay terrorist organizations or specially sanctioned orgs. See https://sanctionssearch.ofac.treas.gov
Probably should consult an attorney before paying a ransom (whether for kidnapping or other purposes).
The issue is that anything a hacker can do publicly a state actor can do silently.
Its a boon to both the company and the country when a hacker makes a big public deal out of it. Because they get the chance to repair something before its intentional damaging misuse by a hostile state actor.
The hackers here deserve every cent plus possibly more.
And theres always the problem that the hackers would still get paid, they just wont report the payments making tracking difficult.
Calm down, extremist. There's a difference between someone doing something vs someone paying someone else to stop doing something. If the latter were truly bad then the same should be applied to people handing over their wallet to muggers. The only difference in that scenario and the above is saving yourself vs saving a family member. Would you really deny people the ability to save their loved ones?
> then the same should be applied to people handing over their wallet to muggers
Not really. Muggings are both more common and less traumatic than kidnappings. This is reflected in the fact that common and maximum sentences for kidnappings are universally more extreme than those for muggings.
> Would you really deny people the ability to save their loved ones?
...yes. Because it means significantly fewer kidnappings. "Deny people the ability to save their loved ones" is tantamount to "help others to lose their own."
> You decide it should be criminalized before you identify any harms?
No. We have a measure of the harms. We haven’t balanced them for sentencing. Again, deciding something should be illegal doesn’t require obsessing over the sentence ex ante.
> Maximum sentence for mugging is 30 years
Not the norm, either for maximums [1] or usual sentences.
Maybe, but it’s harder to profit from it. A firm may be reputationally damaged, but what’s the incentive to cause that damage?
I think the Bloomberg Odd Lots guy wrote a blog post on this: you could attempt to short the stock but a) this leaves a paper trail b) the market might not know about the breach or believe you if you post you’ve done it. IIRC some hackers have tried to tell companies that they are legally required to disclose the breach to their shareholders to force market movements.
How much value is in the data. It is embarrassing if some kid gets a D in class, and shouldn't be public - but most of the people who care already know or have ways to find out.
Not sure sanctions are a relevant reason not to pay here. We don’t know where everyone involved with ShinyHunters is located, but those arrested in the past have been American and French.
Americans and French (and most other "first world") countries will investigate and arrest anyone involved. It doesn't matter if foreigners are the only victim, most countries do not want their citizens involved with this and will send anyone caught to whatever country was affects for criminal prosecution.
Russia, and North Korea are the main names that come up as exceptions, they will protect their own people.
Not that I disagree but it also incentives attackers to steal and resell data to other nefarious actors.
After all a lot of the data companies have isn't their own, it's their customers. They are the ones who suffer because businesses don't bother securing their crap.
It's built around multiple different types of agents:
- Coding Agents are placed into cloned repos with a ticket (Jira/Linear/Notion/GH), and work until they open a PR, are resumed on CI failures or github feedback, and work until they can merge the PR.
- Standalone Agents are reusable, parameterized agent runs with no repo checkout. Generate reports, triage alerts, audit dependencies, query a database, post to Slack, etc.
- Persistent Agents are long-lived, named, message-driven agent processes. Each has a stable slug, an inbox, and a cyclic state machine. Wake on user messages, agent messages, webhooks, cron ticks, or ticket events.
What is the major and minor semver meaning for these models? Is each minor release a new fine-tuning with a new subset of example data while the major releases are made from scratch? Or do they even mean anything at this point?
Nothing. The next major increment is going to happen when marketing department is confident they can sell it as a major improvement without everyone laughing at them. Which at this point seems like never.
I think Anthropic fearmongering and "leaks" of Mythos was them testing the ground for 5.x, which seems to have backfired.
Shameless self promo but, I've been working on Optio specifically for coding, it works by taking any harness you want and tasking it to open Github/lab PRs based on notion/jira/linear tickets, see: https://news.ycombinator.com/item?id=47520220
It works on top of k8s, so you can deploy and run in your own compute cluster. Right now it's focused only on coding tasks but I'm currently working on abstractions so you can similarly orchestrate large runs of any agentic workflow.
@jawiggins saw your repo it looks like openAI symphony but better as it works across multiple agents and issue trackers and the feedback loop is great . One feature request though - can you add plan mode ? Your issues are so detailed it becomes plan to implement (but I guess your plan mode is currently happening outside of GitHub issues ) but let’s say issue is “implement support for plan mode” there should be back and forth with agent with issue tags pointing to opus max and/or plan mode - so we can correct agents plan back and forth and once tag is removed it can start implementing or something similar ?
Thanks for the feedback. Earlier I expected I'd need to do more back and forth with the agents before accepting their work but in general I've found it isn't needed.
I do have some features coming up that will improve the ability to converse with the agent as it's running. I'll make a note to add in a plan setting so you can have that run and converse before it gets going.
Do you just add the Issue Title like this "feat: CLI improvements — status dashboard, workflow commands, shell completions" and it generated the plan in issue body and started working on it OR is the plan generated by another ai agent and copied to issue body for pickup by optio ?
Really interesting to see Google's approach to this.
Recently I shared my approach, Optio, which is also an Agent Orchestration platform: https://news.ycombinator.com/item?id=47520220
I was much more focused on integrating with ticketing systems (Notion, Github Issues, Jira, Linear), and then having coding agents specifically work towards merging a PR.
Scion's support for long running agents and inter-container communication looks really interesting though. I think I'll have to go plan some features around that. Some of their concepts, make less sense to me, I chose to build on top of k8s whereas they seem to be trying to make something that recreates the control plane. Somewhat skeptical that the recreation and grove/hub are needed, but maybe they'll make more sense once I see them in action the first time.
One pod is an instance of a repo, you can set the number of instances of each agent/task that can be running on a pod at a time. For >1, each agent should be using it's own worktree.
Maybe - I do think as the model get better they'll be able to handle more and more difficult tasks. And yet, even if they can only solve the simplest issues now, why not let them so you can focus on the more important things?
Yup. MCP can be configured on a repo level. At task execution time, enabled MCP servers are written as a .mcp.json file into the agent's worktree. Enabled skills are written as .claude/commands/{name}.md files in the worktree, making them available as slash commands to the agent
He framed the issue as being similar to kidnapping ransoms: When an American is taken hostage each family is inclined to make payment but it fosters an industry around kidnapping Americans. Congress put a stop to it by making it illegal to pay the kidnappers. The industry shifted by ceasing the non-profitable American kidnapping and instead began targeting Europeans.
His proposal was to begin warning cybersecurity consultants and insurers who were often brought into these situations that payments to sanctioned countries were already likely illegal and could face scrutiny. The first people to suffer this might be burned, but eventually he believed the industry would move on and stop targeting US firms.
Not sure if anything ever came of his plans, but I always thought it was an interesting framing of the issue.
reply