Virginia Health Database Held For Ransom 325
An anonymous reader writes "The Washington Post's Security Fix is reporting that hackers broke into servers at the Virginia health department that monitors prescription drug abuse and replaced the homepage with a ransom demand. The attackers claimed they had deleted the backups, and demanded $10 million for the return of prescription data on more than 8 million Virginians. Virginia isn't saying much about the attacks at the moment, except to acknowledge that they've involved the FBI, and that they've shut down e-mail and a whole mess of servers for the state department of health professionals. The Post piece credits Wikileaks as the source, which has a copy of the ransom note left behind by the attackers."
email address as contact (Score:2, Funny)
Why would the "cyber-terrorist" post an email address as the ransom contact? Isn't he/she just going to get spammed now?
Backup? (Score:4, Funny)
Luckily Of course a backup was made every hour. .. Oh what? Did not run backup for 3 weeks? Went fishing?
Shouldn't be hard to re-create (Score:5, Funny)
Re:Non-story? (Score:5, Funny)
The Internet. A miracle of the 21st Century, providing high quality information and education to all, breaking down social barriers and creating a new info-democracy the likes of which our fathers could only dream about. Few would disagree that the Internet is a wonder of the modern world, and one of America's greatest contributions to science.
However, as with all emergent technologies sooner or later, abuse by the uneducated masses causes the need for regulation to arise. As more people adopt a technology, the more likely that technology will be used by irresponsible individuals who try to spoil things for the rest of us.
This is why the time has come to introduce licensing for Internet users.
* Hunting
* Fishing
* Watching TV
* Driving an automobile
* Using a PC
* Carrying a firearm
* Building a house
* Selling an alcoholic beverage
* Staging a rock concert
* Trading in securities
* Developing software
What do the activities listed above have in common ?
The answer is that all are potentially dangerous activities for which one must obtain a license if one wishes to remain on the right side of the law.
It is surprising to me that one potentially dangerous activity is conspicuously missing from the above list. We all accept without question the need for regulation where dangerous technologies are concerned (as the list clearly demonstrates). So why should the Internet be exempt ? What is so special about 0s and 1s travelling along a wire that makes us give it 'special treatment' ? Why should this important resource not enjoy the protection from abuse that regulation would undoubtably provide ?
In the old days of the Internet, its usage was confined to academia, and the military. Back in those days, one could be fairly sure that Internet users were responsible citizens, who would not abuse their 'net access, after all our educators and defenders are people we knew we could trust.
These days, with the explosive growth in Internet usage, it is impossible to control who goes online. Indeed, many Internet Service Providers (ISPs) market themselves on how 'easy to use' their service is. You are just as likely to find senior citizens, children, teenagers and housewives online these days, as you are to find a world class physicist or a military intelligence officer.
As you would expect, with such a large number of uneducated people given unrestricted access to such a powerful tool, the results have not always been pleasant, and abuse has run rampant. You can find bomb making instructions, Islamic fundamentalist propaganda, pornography, hate sites, left wing and right wing extremism, pornography, fascism in all its different and elaborate disguises, Radical androphobic feminism, autism, pornography, questionable politics, pornography, blasphemy against Jesus, and yet more pornography.
This is the mere tip of the iceberg, since the Internet is estimated to have as much as 100 Gigabytes of this kind of offensive material, and it is growing larger by the week, as more and more uneducated people rush to 'get online' so that they may 'surf the web' with their equally poorly-educated beer-swilling redneck buddies.
As with all technologies, the Internet has matured to the point where regulation is not just desirable, it has become inevitable. You don't need to be Kreskin to predict that unless the Internet is regulated, and regulated quite heavily, it will soon collapse under the sheer weight of pointless traffic Britney Spears fan sites, uninteresting personal home pages and the extra load placed on the 'net infrastructure by illegal protocols such as Aimster Napster, Bearshare Gnutella and the like.
As with automobil
Re:email address as contact (Score:5, Funny)
Why would the "cyber-terrorist" post an email address as the ransom contact? Isn't he/she just going to get spammed now?
I don't know, why don't you send hackingforprofit@yahoo.com an e-mail and ask them?
Oops, did I just post hackingforprofit@yahoo.com without obfuscating it? Here, let me fix that:
hackingforprofit(at)yahoo(dot)com
My apologies to hackingforprofit@yahoo.com [mailto] if this results in an increase of SPAM.
Re:Sounds like an inside job. (Score:5, Funny)
Ah, Watson, but notice this curious "Fucking Bunch of Idiots". A Frenchman or Russian could not have written that. It is the German who is so uncourteous to his nouns.
One Question (Score:5, Funny)
Did they also threaten to release the Da Vinci virus?
Re:Sounds like an inside job. (Score:3, Funny)
perhaps Indian guys working for the state of Virginia...
Well, at least that means that Macaca has discovered the real world of Virginia ;)
Damnit... (Score:5, Funny)
The attackers claimed they had deleted the backups, and demanded $10 million for the return of prescription data on more than 8 million Virginians.
Damn, I'd pay $10 mil for data on more than 8 million virgins. That's more than you get for martyrdom in the... oh, read it wrong. Never mind.
It's situations like this (Score:5, Funny)
That make me very happy I get all my medication from the 2 dudes on the streetcorner.
Re:Sounds like an inside job. (Score:4, Funny)
Or someone from Virginia?
Re:Non-story? (Score:5, Funny)
Did you read the note? It's offering to sell the personal data
ATTENTION VIRGINIA
I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(
For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid. Now I don't know what all this shit is worth or who would pay for it, but I'm bettin' someone will. Hell, if I can't move the prescription data at the very least I can find a buyer for the personal data (name,age,address,social security #, driver's license #).
Now I hear tell the Fucking Bunch of Idiots ain't fond of payin out, but I suggest that policy be turned right the fuck around. When you boys get your act together, drop me a line at hackingforprofit@yahoo.com and we can discuss the details such as account number, etc.
Until then, have a wonderful day, I know I will ;)
Sorry, Virginia, there's no Santa Claus.
Maybe it's someone doing it for the lulz. After all, a REAL ransom note would have used either the evil MS-Comic font, font of ill will [slashdot.org], or a genuine Ransom font [1001fonts.com].
Re:Michigan (Score:5, Funny)
See in the UK we have a better approach with protecting the public from the effects of cyber attacks.
We just allow our public sector to be so fucking useless no one misses them when their systems go offline anyway.
Re:email address as contact (Score:3, Funny)
Damn you! My mailbox is FULL with SPAM!!
Re:Damnit... (Score:1, Funny)
The attackers claimed they had deleted the backups, and demanded $10 million for the return of prescription data on more than 8 million Virginians.
Damn, I'd pay $10 mil for data on more than 8 million virgins. That's more than you get for martyrdom in the... oh, read it wrong. Never mind.
CmdrTaco would like a word with you about your generous offer.
Re:Sounds like an inside job. (Score:2, Funny)
Aah... so the perpetrator has English, Scottish, Irish and German forefathers - and he lives in Virginia.
This should be an easy case to crack.
Re:Non-story? (Score:3, Funny)
Did you read the note? It's offering to sell the personal data.
Who's going to want to buy it? I mean, it's a list of drug addicts--their CREDIT scores are going to suck!
Re:Ummm... (Score:5, Funny)
How he expects to receive any money is beyond me... .
A good plan would be to identify two similarly hackable situations, crack one and post a ransom note on the main page. Then kick back and read Slashdot to figure out how best to exploit hack situation number two.
We give the best advice.
Re:email address as contact (Score:3, Funny)
Dear Sir/Madam,
I am fine today and how are you? I hope this letter will find you in the best of health. I am Joe Fitz, and I recently hacked the "Virginia Department of Health Professionals". They have paid me a ransom of $10,000,000 (TEN MILLION DOLLARS). However, this balance of US$10,000,000.00 has been secured in form of Credit/Payment to a foreign contractor, hence we wish to transfer into your bank account as the beneficiary of the fund. We have also arrived at a conclusion that you will be given 20% of the total sum transferred as our foreign partner, while 5% will be reserved for incidental expenses that both parties will incur in the course of actualizing this transaction, and the balance of 75% will be kept for the committee members. ...
Re:email address as contact (Score:3, Funny)
Hmm perhaps if we contacted the people at hackingforprofit@yahoo.com then they could answer some questions? Perhaps they could even be the next "Ask Slashdot"?
I could see it now:
"Slashdot: Post your questions for the hackingforprofit@yahoo.com group! The top five will be sent in, and hopefully answered in an anonymous fashion."
Q: 5) Are you idiots? ... I DO live in Virginia, and worked for a local IT dept. Since they had a security break-in, on a system I was responsible for, I'd say yes.
A: Well
Q: 4) What were you thinking?
A: My XBox 360 had just RRoD and I thought to myself, "Self, what is a quick way for me to make enough cash to never have to worry about replacing my 360 again?" I figure $10M should just about do it.
Q: 3) Are you really expecting anyone to pay? ... why wouldn't they? What do you know that I don't?
A: Well
Q: 2) What sort of precautions are you taking to keep the FBI from tracking you down via a secret cookie, javascript subroutine or 0 pixel image embedded in your Yahoo mail? ...
A: A what? Now wait a minute
Q: 1) How long do you really expect to get away with this?
A: Lets go back to that last question for a minute? What are you talking about? I just use Internet Explorer. It even has the latest patches from MS.
[bing-bong] One sec. I'll finish this up right after I get the front door.
[crash] THIS IS FBI! ON THE GROUND NOW!
$s#@3g*(&)f*@3#^NO CARRIER
Re:email address as contact (Score:2, Funny)
I've always wondered why people who get busted by the FBI use speech-to-text interfaces over modem...