[petee]

In some cases, yes.

An unknown threat, potentially from the supposed nation-state target itself, has a very high risk.

I'm not versed in creating ultra-sterile lab conditions -- things can escape VMs, escape your network, nothing is impossible. Do I instead bring it to my employers systems and let them take the risk? And to what benefit, when I can just wait?

[Sonnigeszeug]

Cloud VM. Costs you a dollar per hour and has fast download speed.

We are experts on HN. If we don't do it, others with less knowledge might or not might.

And no, a archive file doesn't just include a zero day. A zero day is very valuable.

[petee]

Fair enough, my morning brain didn't think cloud, though i guess one could argue you're still passing off the risk onto someone else. Either way, its not my expertise

[genewitch]

Passing the risk for a price.

AWS is expensive, in my mind, because of stuff like this. They don't want you to nirror it on aws, so egress is expensive. The $/GB/month storage fees it'll cost to store this while exploring it is not cheap, either. And once you have an idea of the data you want to move out of the gap, you want to process /extract it quickly (because of $/GB/Month costs...)

I just thought about a spare machine I have with a 12TB spindle and an SSD not plugged into a network.

I understand how to airgap, and unless something can magically worm it's way through HDMI that's probably how I'd get data out, just to be annoying to everyone. To be fair.

[Sonnigeszeug]

A EC2 (vm) on aws with a little bit of CPU, Memory and enough storage attached, costs 1k per month which is something like $1.5 per Hour.

Its not necessarily about storing it longerm, its about 'looking into it'.

I don't get the Airgap thing though at all. There is a very minimal chance that this contains a zero day. The idea of a zero day is, that you can attack systems and you sell it to people who have high profile targets or systems.

Some random person downloading leaked data, everyone can download, is not a real target for a zero day.

And a zero day which breaks random unpacking tools and your vm/system, would be worth even more.

[tbrownaw]

> I'm not versed in creating ultra-sterile lab conditions -- things can escape VMs, escape your network, nothing is impossible.

I suppose it is a bit hard to find hardware without integrated wifi these days. Maybe taking a sbc (pi or whatever) and wrapping it in tinfoil would work?

[petee]

You could always cut the pcb lines if you want that guarantee.

I'm aware I'm being cautious to the point of paranoia, but anything with the Russian gov is just not something I feel like learning about the hard way, even if I think I'm able to make such a safe environment