Discussion in 'other security issues & news' started by ZMsiXone, Aug 6, 2019.
OK, so is this a surprise?
These were probably not high-level professionals. But who knows?
not really, it is how industrial spying works too, bribing people. You have loads of cash, you will access any datas you need right from the source.
But these are likely relatively low-level people, right? I mean, is some engineer making $200K per year going to put their career at risk by accepting a $100K per year bribe? And that was the largest bribe -- less than $500K over five years. The rest were much less.
Maybe it's a "plata o plomo" kind of offer...
Of course low level people will be mostly the ones who will take the bribe.
But threat actors don't need more, once in the network, they will climb the ladder and compromise high level employee's machines.
Sometimes calling a low level employee with a strict speech and tone is enough to get its network account credentials.
Yeah, that was my thought too.
Gotta restrict access to the minimum necessary to do the job. The NSA, for example, learned that with Snowden. Really, you'd think that they knew better, no?
The right amount of money was enough for them to take the risk. They got caught and now it depends on the consequences they will face. The most obvious being that they are no longer employed and their prospects going forward will be limited. Lawyers do not come cheap and if convicted, the judge may order them to pay reparations - bye bye bribe money!!!
Since they reported that it was bribes, that eliminates threats. Someone said, 'Everyone has their price'. Consider a high level employee in crippling debt or a low level employee behind on the rent. A large sum of money would be an incentive to either. Also consider a disgruntled high or low level employee wanting to get even - they get a pile of cash and the promise that the edifice will crumble.
It is never worth the risk.
Separate names with a comma.