Slashdot Mirror

← Back to Stories (view on slashdot.org)

Botnet Attack Shuts Down Hospital Network

Posted by Zonk on from the that's-not-cool-man dept.

aricusmaximus writes "A California student is now facing felony conspiracy charges after unleashing a botnet attack that shut down the network of a Seattle hospital intensive care unit. This indictment comes a few weeks after another California man pled guilty to similar charges. Both attacks were attempts to make money off of adware affiliate programs. So who's really at fault here? The students? The hospital for not securing their computers and network? Or the adware companies for providing the incentive?"

2 of 360 comments (clear)

  1. Re:When my dad was in a cardiac ICU by Dashing+Leech · · Score: 3, Interesting
    "If they had lost that connection, they would not have had sufficient staff to keep every patient adequately monitored."

    Hmm. Interesting. I work for a NASA contractor and the safety systems need to be 3 failures deep to go without being addressed as safety hazards, and that includes non-life-threatening risks (like laser damage to eyes). The above described scenario is one failure deep to become life-threatening. It's interesting that we put more emphasis on astronaut safety, who volunteer for dangerous jobs, than we do for ICU patients.

  2. Re:Student's Fault by Randseed · · Score: 3, Interesting
    WTF do they need to be on the Internet for?

    My experience with most doctors is if you take away WebMD and PDR.net from a doctor and you got a very insecure individual. Seriously though, if it's a large hospital with multiple campuses (or even not) the EMR will probably require internet access. Anything critical such as monitoring patient's equiptment etc is done over RF or rarely a seperate isolated network.

    Agreed. But the way this should be engineered is similar to how I've engineered my home network and office network.

    All the networks connect to the Internet. All of them are incoming firewalled against everything except what I explicitly want. (A deny-default model.) My router NATs to the other machines on my home network. My WiFi connection is over a VPN. Any communication between the computers that touches the Internet or WiFi is VPNed. One off site system which acts as a router to a bunch of Windows terminals, a backup system, distributed computing system, and fallback server, will not accept ANY connections, and, at most, will merely route NATed traffic to the Windows machines so that they can use the Internet.

    As a result, I'm not worried about someone evesdropping on my WiFi traffic, intercepting my traffic when I connect using my laptop from offsite, or anyone getting in at all really. The only access to the network on the incoming side is by OpenVPN and one machine which is running a chrooted SMTP server. The "secure" machines are unable to initiate connections outside except what I've explicitly allowed.

    So I'm not quaking in fear that someone is going to go hack my box. Incidentally, a security condition is that no Windows are on my network unless I have no choice, and if they are, they can ONLY talk to the Internet and back out; not to any of the internal machines.

    Now, why do I say all this? Because I'm a doctor, not an IT guy. The IT guys look at me like I'm some twit who just fell off the turnip truck. Maybe I did, but I sure as hell didn't hit my head in the process. Passwordless fallback servers, Windows machines which if infected act as a terrific bridge between the (insecure) fallback servers, EMR system, and the Internet, etc. It makes me want to barf.

    Oh, and why don't I say anything? I'll get blown off at best. At worst, I'll have some DeVry dipshit claim I "hacked the network." It's a sad, sad state of affairs.

    And yes, this thread pushed some of my buttons.