Saturday, May 15, 2010

KHOBE extortion

not long after my last post on the subject of KHOBE, david harley posted a collection of links about it on the AMTSO blog and one in particular caught my eye. specifically the one by ralf benzmüller on the gdata blog.

what's interesting about it is that it shows the KHOBE media circus in a new light that i think deserves a lot more attention. 

it appears that there was a very good reason for the sensationalistic headline that matousec used when announcing their research (the reference to an 8.0 earthquake sounded positively cataclysmic) - they're looking to cash in. they're expecting the companies they claim are affected to fork out a ton of cash for the paper containing the details (and they're offering their services to those companies too). how much is a ton of cash? the combined amount for all companies will apparently be in the 6 figure range (ka-ching!). on top of that their correspondence is anonymous (what?!, why use anonymity in this context?) which, when taken with the money grab they're attempting and their sensationalism in announcing the attack, takes what once looked like just an irresponsible action (that happens altogether too often in security research circles) and makes it seem downright shady.

whichever way you look at it, if ralf benzmüller's account of events is accurate then it's clear that matousec's interests do not lie in helping the community become more secure and i can only hope the majority of the companies named in their initial release avoid the kinds of back-alley dealings these mustache-twirling individuals seem to have in mind.