gamerfreak
gamerfreak
  • Threads: 57
  • Posts: 3540
Joined: Dec 28, 2014
February 7th, 2019 at 1:04:05 PM permalink
Quote:

Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.



https://www.secjuice.com/security-researcher-assaulted-ice-atrient/

Absolutely fantastic article. Phone recordings and all.
rxwine
rxwine
  • Threads: 218
  • Posts: 12702
Joined: Feb 28, 2010
February 7th, 2019 at 1:27:00 PM permalink
The kind of thing that makes you think bankruptcy, being ruined, and fines are just what some people need.
Sanitized for Your Protection
gordonm888
Administrator
gordonm888
  • Threads: 61
  • Posts: 5375
Joined: Feb 18, 2015
February 7th, 2019 at 1:48:47 PM permalink
Very illuminating example of the kind of reaction (lying, smear campaign, etc.) that some companies will take when they are confronted by a revelation that is potentially damaging to their business.
So many better men, a few of them friends, are dead. And a thousand thousand slimy things live on, and so do I.
MaxPen
MaxPen
  • Threads: 13
  • Posts: 3634
Joined: Feb 4, 2015
February 7th, 2019 at 2:04:56 PM permalink
Quote: gamerfreak

Quote:

Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.



https://www.secjuice.com/security-researcher-assaulted-ice-atrient/

Absolutely fantastic article. Phone recordings and all.



Some people just don't know how to shut their yaps and take the money.
jackmagic777
jackmagic777
  • Threads: 1
  • Posts: 161
Joined: Jan 11, 2019
February 7th, 2019 at 2:25:23 PM permalink
That's what I keep telling Zen King.
EvenBob
EvenBob
  • Threads: 442
  • Posts: 29646
Joined: Jul 18, 2010
February 7th, 2019 at 2:31:43 PM permalink
Great article. So the security people call
the FBI and then get accused of a hacking
crime by the faulty company. I don't
think people who commit crimes usually
get the FBI involved.

The CEO looks and acts like an arrogant
sot.
"It's not called gambling if the math is on your side."
heatmap
heatmap 
  • Threads: 272
  • Posts: 2368
Joined: Feb 12, 2018
February 7th, 2019 at 2:40:51 PM permalink
Quote: MaxPen

Quote: gamerfreak

Quote:

Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.



https://www.secjuice.com/security-researcher-assaulted-ice-atrient/

Absolutely fantastic article. Phone recordings and all.



Some people just don't know how to shut their yaps and take the money.



it says they were "white hats" and after this i would completely understand why they become blackhats.

you call someone something enough they become it. these people followed the rules and look where it gets them? the casino owners are too valuable to make this into a big deal, which is why they will fight to the end to make them look bad. too bad for the casino owners these guys are smarter than them
gamerfreak
gamerfreak
  • Threads: 57
  • Posts: 3540
Joined: Dec 28, 2014
February 8th, 2019 at 3:59:14 AM permalink
Quote: MaxPen

Quote: gamerfreak

Quote:

Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.



https://www.secjuice.com/security-researcher-assaulted-ice-atrient/

Absolutely fantastic article. Phone recordings and all.



Some people just don't know how to shut their yaps and take the money.



These people get paid far more than $60k to attempt to penetrate enterprise systems.

Your reputation is everything in that industry. If you take a “bounty” for reporting a serious vulnerability that does not get fixed, it’s no longer a bounty, it just becomes hush money. And when (not if) this gets exploited by actual criminals, you do not want to be in the position of taking what is essentially a bribe.
heatmap
heatmap 
  • Threads: 272
  • Posts: 2368
Joined: Feb 12, 2018
February 8th, 2019 at 4:59:09 AM permalink
Quote: gamerfreak


These people get paid far more than $60k to attempt to penetrate enterprise systems.

Your reputation is everything in that industry. If you take a “bounty” for reporting a serious vulnerability that does not get fixed, it’s no longer a bounty, it just becomes hush money. And when (not if) this gets exploited by actual criminals, you do not want to be in the position of taking what is essentially a bribe.



Didn’t the company offer the money? If so I bet they said it without knowing they were being recorded and when they lawyer talked to the company it probably went something like “I don’t see someone who was penetration testing I see some one who illegally accessed your server without your permission who is now ransoming your servers safety for 60000 dollars prove me wrong in court”
gamerfreak
gamerfreak
  • Threads: 57
  • Posts: 3540
Joined: Dec 28, 2014
February 8th, 2019 at 5:06:22 AM permalink
Quote: heatmap

Didn’t the company offer the money? If so I bet they said it without knowing they were being recorded and when they lawyer talked to the company it probably went something like “I don’t see someone who was penetration testing I see some one who illegally accessed your server without your permission who is now ransoming your servers safety for 60000 dollars prove me wrong in court”


Yes, this is the direct quote from Antrient’s COO:

“The information you have shared with us is fantastic, we're really impressed by what you have done here and we would like to actually own this information. How do we make that happen?”

They were then offered $60k in exchange for signing an NDA. But the payment was never made, and security holes never fixed.

These kiosks are used in hundreds of casinos, including CRT properties.
heatmap
heatmap 
  • Threads: 272
  • Posts: 2368
Joined: Feb 12, 2018
February 8th, 2019 at 7:16:15 AM permalink
These people aren’t white hats so to say because this is a grey area to begin with white hats only do stuff with permission no matter what otherwise you aren’t a white hat your grey and black to them
  • Jump to: