Wednesday, March 9, 2016

Ransomware: In Which Izabella Goes All 14th Century Condottieri

Years ago I got into an online argument at what was then the Wall Street Journal's flagship blog, MarketBeat, with someone over the ineptitude of the behemoth pension fund CalPERS and I somehow took a meander into the mid-1300's:
8:28 am June 3, 2008  
Climateer wrote :
Re: Classical Economics,
Why only go back to Ricardo or Smith? 14th century Classical econ. says what’s yours that I can take by force of arms is mine.
Now that’s classical, baby.
Human society develops rules of conduct to facilitate the greater good.
The intellectual field was called “Political Economy” for a reason....
12:02 pm June 4, 2008
Climateer wrote :
Thanks for the econ lesson. Here’s one for you.
The use of force verbiage is short-hand for the evolution of economic thought in just the last 700 years. The economics of the 14th century was the econ of the Condottieri.
Force of arms trumped all.
In response societies developed rules of conduct, laws, to codify what constitutes acceptable (and unacceptable) commercial behavior....
CalPERS got crushed in the financial débâcle that was already apparent in 2007 (quantquake, Northern Rock), underperforming 90% of its peers and resorting to amateur behavior like selling liquid assets to maintain losing positions in the illiquid.

Anyhoo, I was reminded of John Hawkwood and his merrie band of freebooters by this at FT Alphaville:

On the economic power of ransom
Controlling something other people want gives you power over them.

Sometimes this control is considered “legitimate”, such as a tribe’s or family’s inherited influence over fertile land. Other times it’s thought of as “illegitimate”, because control comes from violence or threats of violence. The distinction is inherently subjective, and indeed, throughout history, the client-protector relationship has been defined by the deployment of such tactics, whether by common bullies, regional strongmen or hegemonic states.

As Augustine put it in Book IV, Chapter 4 of City of God:
Justice being taken away, then, what are kingdoms but great robberies? For what are robberies themselves, but little kingdoms? The band itself is made up of men; it is ruled by the authority of a prince, it is knit together by the pact of the confederacy; the booty is divided by the law agreed on. If, by the admittance of abandoned men, this evil increases to such a degree that it holds places, fixes abodes, takes possession of cities, and subdues peoples, it assumes the more plainly the name of a kingdom, because the reality is now manifestly conferred on it, not by the removal of covetousness, but by the addition of impunity.
Indeed, that was an apt and true reply which was given to Alexander the Great by a pirate who had been seized. For when that king had asked the man what he meant by keeping hostile possession of the sea, he answered with bold pride, “What you mean by seizing the whole earth; but because I do it with a petty ship, I am called a robber, while you who does it with a great fleet are styled emperor.”
But the wise oppressor — indeed, one such as Rome — never takes more than he needs out of fear of killing the client off completely or rendering the relationship uneconomic. To the contrary, he gives just enough back (roads, aqueducts, know-how) to ensure the relationship appears worthwhile to the subjugated party — the ultimate aim a form of Stockholm syndrome wherein the subjected party learns to love his oppressor. The relationship in that sense becomes more symbiotic and reciprocal (even if for a long time it remains socially engineered to favour one party more than another so as to be preserved as an economic interest).

Whether a party ends up the oppressor or the oppressed in the end comes down to one of two things: naturally having something of value to exert pressure with and being able to defend it (the legitimate model) or seizing that thing by force, cunning or manipulation and presenting the notion the victim will lose out if he fails to cooperate (the illegitimate model).

So how do these relationships translate into the modern computer era?

Not dissimilarly.

As per the age-old model, we find both legitimate and illegitimate mechanisms in play for exerting economic pressures on associated parties. The former involves the naturally endowed receiving tribute payments (in the form of free services) for rights to access their data (although there are questions as to whether those payments are substantial enough to make it a non exploitative arrangement). The latter illegitimate model, meanwhile, uses extortion, social engineering or outright theft to take the data forcefully for ransom purposes.

The former is supposed to benefit the naturally endowed on an extended basis — a consumer surplus of sorts. The latter, meanwhile, passes the advantage into the opportunist’s hands — the offsetting capitalist surplus.

Which is a long way of arriving at the following point from a new report by the Institute for Critical Infrastructure Technology flagging the structural similarities between the web and the organised civilised state, and their exposure to would-be predatory forces and toll extractors.
Ransomware is less about technological sophistication and more about exploitation of the human element. Simply, it is a digital spin on a centuries old criminal tactic.
They go on (our emphasis):...MORE
 Related, from a 2015 post:
Old school rent extraction device