Friday, May 14, 2021
Home Blog Is Your Company At Risk To Have Data Taken Hostage?

Is Your Company At Risk To Have Data Taken Hostage?

Tewksbury Police just paid a $500 ransom to have their computer databases released after being taken hostage. Swansea police say they were forced to pay $750 in ransom [in 2013] to hackers after a virus locked all of their computer files. The sheriff’s office in Dickson County, TN, paid $572. Back in June, Collinsville, AL, police had their database of mugshots held hostage with a demand for $500. The police refused and lost all of of their data. These are simply a few of the cases out there and the reality is that once infected, there is nothing AND I MEAN NOTHING that can be done except pay the money or loose the data.

In the Tewksbury case as in many of the others, the Federal Bureau of Investigation (FBI); the Department of Homeland Security (DHS); the state’s Bureaus of Investigation and State Police all were unable to break the encryption. You need to bear in mind that as this was law enforcement data held hostage; the US Government would spare nothing to break the codes lest strikes occur upon their own infrastructure. And what happened? The codes could not be broken and payments were made in Bitcoin — many of you have heard me speak about Bitcoin as I both mine and use it daily.

The Tewksbury attack featured ransomware called KEYHolder, which is designed to cover its own tracks. Tewksbury authorities sent their infected computer server to the Commonwealth Fusion Center, where Massachusetts State Police work with federal law enforcement agencies on antiterrorism and cybercrime cases. Despite their best efforts, the KEYHolder encryption proved unbreakable.

(The virus) is so complicated and successful that you have to buy these bitcoins, which we had never heard of,” Swansea Police Lt. Gregory Ryan talking to the Herald News. “It was an education for (those who) had to deal with it.”

Data ransom shakedowns is nothing new. CryptoLocker brought in upwards of $27 Million by many  estimates and CryptoWall brought in just north of $1 Million. The reason that these and the latest script kiddie shit that is out there now are so successful is twofold. First, the reality is that the vast majority of people use Windows — I personally use a Linux based Operating System (OS). Second, there is no oversight upon the vast majority of Regional and Otherwise Unspecified Order Mills let alone those whom they employ as Remote Administrative Contractors. More on point, Linux based OS have never had any issues with these types of Ransomware or other infections and other than a Member of Labor down in Florida whom I am friends with, I am unaware of anyone else using Linux based OS in the Mortgage Field Services Industry.

Here is why the Mortgage Field Services Industry had best wake up and swallow their pride a bit — yeah, that’s the pride that Eric Miller and the rest of his fucktards focus in the way of hatred upon me and those whom are threatening and intimidating others within the National Association of Mortgage Field Services (NAMFS) whom speak with me. Here is what the Bitcoin Community has to say with respect to the level of ignorance Miller, et al., are demonstrating,

Things like these have been happening constantly in the last few months. I don’t know what’s worse: hackers taking advantage of Bitcoin to do these things or police and justice departments without basic malware protection… That’s what happens when you cut corners while building systems with sensitive data. And when you have people accessing things they shouldn’t.

The reality is that Foreclosurepedia was the first and still only Media Outlet to discuss any of the issues plaguing the Industry with respect to technological infrastructure. We broke the story on the hacking of a Five Brothers subsidiary, Forerunner. We broke the story on Joel McCall whom owns McCall Field Services and how he left his databases wide open and had photos pertaining to weight loss still up — check the screenshot out in the link. We broke the story on GTJ Consulting LLC leaving their databases wide open and publishing Contractor’s Personally Identifiable Information alongside virtually every US Government Agency which oversees foreclosures — THAT IS A LINK YOU WANT TO LOOK AT AND THEN ASK THOSE FUCKS HOW THAT EVER HAPPENED WITH THEIR BAD ASS GTJ ADMIN PROPERTY MANAGEMENT SOFTWARE! The reality, though, is that nothing and I mean NOTHING can top the fact that the National Association of Mortgage Field Services (NAMFS) was infected not once, not twice, but multiple times.

Folks, it is going to get very bad. Now, while the Big Boys will all deny that they have ever been breached, the reality is I have no AND I MEAN NO doubt that they have — infer that which you want. The reality, though, is that they are sophisticated enough to have a Disaster Plan in place and have already been drilling upon it. Part of that plan would include constant and consistent back up plans for their data along with rotation in passwords — at least for their workers.

What the Regional and Otherwise Unspecified Order Mills do not have is any concept whatsoever at how to protect the integrity of their systems. More on point, though, the recent rash of infections by several Regional Order Mills which caused a catastrophic infection and collapse within the networks of Members of Labor is still on everyone’s minds. I was present with a Client during both of these occasions as well as when Brunswick Companies, one of the largest providers of General Liability Insurance (GLI) to the Mortgage Field Services Industry, had emails phreaking their addresses and sending out yet more viruses. I had just installed some customized firewall software and the Client’s secretary had stated it must not be working as their old systems would have allowed the Portable Document Format (pdf) file to have downloaded. As opposed to allowing the manual download, I instructed my Client to call Brunswick Companies as that is part of the Protocol I established with respect to IT and is today used by many NAMFS Rank and File. Sure as shit, Brunswick Companies instructed them it was a virus and not to open it.

And therein lies the quandary: We have an Industry wherein extremely complex decisions are left at the feet of those whom are not competent to make them. I am not saying that in the aforementioned cases Members of both Labor and Management are idiots — although some of them are simply fucking stupid. I am saying that in the same way I would not expect either class to understand the geolocation information embedded in the header of an email, I do not expect these folks to be able to know the difference between legitimate emails and downloads or those delivering nefarious packages.

While Members of Labor are predominately exempted from the necessitation of protecting their systems and only the integrity of the data, the reality is that Order Mills are not. Why? Well, Members of Labor upload photos and reports and occasionally send an email with most of this now occurring from a Smartphone. Order Mills, their employees and their Remote Contractors are in an entirely different situation. These people are constantly engaging in everything from transmitting gigabytes of confidential data including, but not limited to Contractor’s names, addresses, phone numbers, social security numbers and even more critical Loan Information which might be used to identify the homeowner whom is involved in the foreclosure process.

The integrity of the systems under the command and control of the Regional and Otherwise Unspecified Order Mills is suspect. I am willing to place the ownership of Foreclosurepedia up against my belief that there is not a single laptop or smartphone at any level within the Regional and Otherwise Unspecified Order Mills which has not been used for something other than the Mortgage Field Services Industry.

I am not saying that Remote Administrative Contractors (RAC) should not be hired. I am not saying that Regional and Otherwise Unspecified Order Mills pose a clear and present danger to the safety and security of data within the Mortgage Field Services Industry — not at all when they properly implement Protocols such as those Foreclosurepedia pioneered. What I am saying is that when you have some RAC surfing Facebook and Twitter; when you have an Order Mill employee surfing YouTube and Instagram, there is an extremely serious problem which will inevitably lead to compromised data integrity. Further, the potential for catastrophic network infection from Members of Labor all the way up to the Financial Institutions becomes potentially feasible — I have done some take offs and the timeline for the entire Industry Network to become infected is roughly about 79 seconds during peak hours in the grass cutting season.


Tomorrow, Foreclosurepedia is going to lay out some redacted information pertaining to penetration testing performed within Industry Networks. I will neither confirm nor deny whether I participated in those pentests. What I will say is that if the Industry continues is course which Eric Miller, et al., have put the ship upon, US Taxpayers could potentially be looking at an Electronic Armageddon within the Industry of which they will have to shoulder the bill to both repair and cover the losses of those whose information already has been and will inevitably be lost.

Paul Williams
Linux addict buried deep in the mountains of East Tennessee.



Most Popular