Or blatant aiding and abetting. Or both. Here is the critical part of how things went down in the JBS Corporation hacker attack and JBS’…surrender…to the hackers:
After identifying the incursion early on Sunday, May 30, JBS said it alerted US authorities…. By that afternoon, the company had concluded that encrypted backups of its data were intact, said Andre Nogueira, chief executive officer of JBS USA Holdings Inc.
Tuesday evening, progress getting JBS’s systems back online using its backup data made Mr Nogueira confident enough to issue a statement announcing that the majority of JBS plants would be operational on Wednesday, June 2.
The company’s consultants had continued negotiating with the hackers. Though forensic analyses by JBS and its specialists showed that no customer, supplier or employee data had been compromised, Mr Nogueira said, the cybercriminals claimed they had captured some.
JBS’s cybersecurity experts warned that the attackers may have left themselves some way to pry back in. After JBS negotiators and the hackers arrived at an $11 million sum….
Promptly getting back on the air with sound backups, JBS unharmed even if sorely inconvenienced, Nogueira continued negotiating with the hackers, and ultimately, Nogueira paid off anyway. And all, apparently, because the hackers claimed to have gained “some” data and that, according to his consultants, maybe—maybe—the hackers had left a back door for later use.
Never mind that the hackers claimed, after payment, that no, they didn’t have any stolen data. Who can trust the words of criminals? Never mind that, payment or not, the hackers’ back door remains—if it exists at all. Where’s JBS’ IT? Where’s JBS’ training—with enforced sanctions—of its employees regarding phishing and malware in general?
Then there’s this bit of cynicism:
The cost of the attack, he [Nogueira] said, would be immaterial to JBS….
Except for the part about Nogueira has made JBS an open target for further hacks, and their costs. Never mind the exposure Nogueira’s behavior has created for other businesses by demonstrating that such hacks actually work with impunity and as revenue-generators for the criminals (and political gain-generators for their State sponsors). Never mind, either, the costs this particular hack imposed on JBS’ customers and on the company’s suppliers.