Slashdot Mirror
Virginia Health Database Held For Ransom
An anonymous reader writes "The Washington Post's Security Fix is reporting that hackers broke into servers at the Virginia health department that monitors prescription drug abuse and replaced the homepage with a ransom demand. The attackers claimed they had deleted the backups, and demanded $10 million for the return of prescription data on more than 8 million Virginians. Virginia isn't saying much about the attacks at the moment, except to acknowledge that they've involved the FBI, and that they've shut down e-mail and a whole mess of servers for the state department of health professionals. The Post piece credits Wikileaks as the source, which has a copy of the ransom note left behind by the attackers."
I'm assuming that not even a governmental department can be stupid enough not to have copies of the backups in a fire safe, off-site location.
Silly rabbit
Why would the "cyber-terrorist" post an email address as the ransom contact? Isn't he/she just going to get spammed now?
I would be more than willing to bet that the attacker works in some way for the State of Virginia. The phrasing "gone missing" makes him sound like he's from somewhere in the United Kingdom... so now you are looking for English, Irish, Scottish or perhaps Indian guys working for the state of Virginia...
A voice tempts - gee, if we could do FISA wiretaps, perhaps a quick search of all the electronic correspondence of all the people who work(ed) for the state might turn up who it is...
This is my sig.
Don't these jackasses know what Iron Mountain is, and what tape drives are for???????
"I don't know, therefore Aliens" Wafflebox1
Luckily Of course a backup was made every hour. .. Oh what? Did not run backup for 3 weeks? Went fishing?
This sounds like an insider attack as there are just too many coincidences. Backups gone missing, many sites hacked, demand for millions of dollars (pay to whom?!), etc. No wonder every information request is referred to the FBI.
Ah, What about the off-site secure backups?
What? Some PHB didn't want to spend the money, I though it was a waste.
...since Virginia is for Lovers. The hardest part will be determining weather their prescription was for C1A1iS or V1AGR4
Introducing Microsoft Vacuum 1.0 The first Microsoft product that doesn't suck.
Hopefully the state of Virginia follows proper backup procedures, and has a copies of the data that are off-site and off-line. It may take a day or so for someone to go fetch the tapes, but the data shouldn't be lost. So the people trying to ransom this data should be screwed.
Loose things are easy to lose. You're getting your hair cut. They're going there to see their aunt.
The state of Michigan had this same scenario play out two years ago. The only difference: it was part of one of their Cyberstorm security exercises. At a round table discussion, the acting IT infrastructure director talked about how the exercise opened. He sat down at his desk one day, opened his e-mail, and found a ransom note that mirrors exactly what's going on now in Virgina.
It gets better. Certain key members of the IT infrastructure were given instructions ahead of time to take the day off, not tell anyone they were told to take the day off and, best of all, not answer their phone or e-mail unless they were being contacted by a specific person. (Someone who was 'in' on the exercise, and who had the authority to say "ah crap, XYZ is down and it's not part of the exercise, call Bob and let him know we actually need him.")
All in all it was an interesting discussion of "what if?" that I'd love to try out in my own workplace. Sure, if someone's on call and doesn't answer their phone, you beat them with at bamboo cane a the next opportunity. But what do you do in the meantime? If crap hits the fan, do your managers & team leads really know their call flows? Or does everyone just freak out and call the guy that usually knows what he's doing? What happens when that guy gets hit by a bus?
There are some people that if they don't know, you can't tell 'em.
10 million records... did he really "download" that over the internet and not get noticed? I guess he did deface their webpage. He's already giving him/herself away. But could it also be that he/she got the backup tapes and stole the data that way? Or did some moron lose their USB key with an export of the data on it? Or, did he/she just deface the web page and spin a story about stealing data?
it is another Windows POS. When will the west learn to care about security?
Did they also threaten to release the Da Vinci virus?
A timely illustration of the critical importance of security in electronic medical records.
The Pentagon lives here.
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
MicrosoftOfficeWebServer: 5.0_Pub
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l on "2002.01.30T11:07-0400" exp "2035.12.31T12:00-0400" r (v 0 s 0 n 0 l 0))
Connection: keep-alive
Content-Location: http://www.dhp.virginia.gov/Default.htm
Date: Tue, 05 May 2009 13:22:56 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Fri, 01 May 2009 20:54:08 GMT
ETag: "0d886f89ecac91:af5"
Content-Length: 18149
With the data being decoded by another computer. This would prevent crap like this from occurring again.
..........FULL STOP.
If it's real it's stupid.
Can a governmental agency even pay a ransom? Are they allowed? Would they even consider it?
I would think they would just go to the cops. This makes ransoming the data of a government agency an all risk no reward proposition.
Maybe you could blackmail the head of IT but you have to keep the threat on the DL and the data going missing is the threat. Also I think 10 mill is out of the question in the later case.
The attackers claimed they had deleted the backups, and demanded $10 million for the return of prescription data on more than 8 million Virginians.
Damn, I'd pay $10 mil for data on more than 8 million virgins. That's more than you get for martyrdom in the... oh, read it wrong. Never mind.
== Jez ==
Do you miss Firefox? Try Pale Moon.
That make me very happy I get all my medication from the 2 dudes on the streetcorner.
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
This is what happens when you let the government in to places where it shouldn't be. There shouldn't be a state record of prescriptions, in fact the entire idea of government restricting the sale of certain chemicals to a doctor-monopoly is wrong. You statists are getting what you deserve; unfortunately the rest of us have to pay for it too.
Contribute to civilization: ari.aynrand.org/donate
This is tragic, and please don't view the following unrelated rant as indicating lack of sympathy or some kind of judgement against the public agency that's getting slammed in this case.
A couple of weeks ago I spent a few days at the RSA security conference, one of the biggest conferences/trade shows in the security industry. Roughly 7 out of 10 of the products being hawked were absolute nonsense: buzzword-compliant BS. "Security risk management" software, hacked-together IDS systems, encryption systems that have pretty Windows GUIs (and probably, lots of pretty Windows code vulnerabilities), AV that's easy to circumvent, etc. They'd do absolutely nothing to protect you in the face of a serious attack. I say this as both a security professional and a business owner, which makes me somewhat well qualified to make that judgement. Often the most obviously ineffective products were the best sellers.
My point? In terms of commercial spending, "security" has so far been an excuse to spend a bunch of money and check a lot of little boxes. Corporations and organizations aren't really serious about preventing attacks, because for the most part it isn't happening (to most companies). An executive wants to say he "did something", so he buys a bunch of stuff and wastes time configuring it. It probably doesn't protect him against a motivated attacker, and he doesn't have the skills in-house to deal with it (which would be a lot more valuable than the equipment and software he purchased).
When I see something like this story, well, it's absolutely not gratifying. It's tragic. And of course, the fact that it's hitting a public agency makes it even nastier. But at very least, I hope that things like this do at least scare the crap out of some of the companies buying this nonsense, and convince a few of them to take the problem seriously. Because it is a problem. The reason we have the luxury of pretty trade shows that sell fluffy products is because this very real problem just hasn't manifested itself in an expensive enough way to shock people into taking the problem seriously. I really hope people start taking it seriously before this kind of thing becomes too pernicious.
sounds like a false flag hacking. Thanks gov for making people who use computers look like threats to freedom again...
Well... he has an email address that he wants people to talk to him on. The person is asking to be caught already. Even assuming Tor use, etc., that's a definite lead back to him right there. You're talking an open invitation for some agency to coerce Yahoo to plant something on his browser when that login is detected (a cookie would probably do for the simple cases, a Flash/Java/browser exploit or similar in an advert would easily do for the more complex). Hell, I wouldn't be surprised if it wasn't possible to get a Microsoft-signed Java app (and, thus, automatically run without prompting) into the pages that are made for his login with their co-operation and have it reveal the *real* IP address / routing.
You can *easily* string him along for four or five emails. He would have to be using extremely tight security each and every time in order to communicate safely (and thus I hope he ran / is running a sandboxed system via a good anonymising network for the purpose of creating and checking that mail account each and every time and that he *never* uses that sandbox for anything else).
And you're talking confidential patient records - this is no hero of the citizenry, it's some pillock with nmap. So I hope he does get caught. Yeah, expose the security holes (though even that is just asking for jailtime) but don't play with people's lives.
How he expects to receive any money is beyond me... there's no such thing as a "safe" bank account except in the movies. Or is he hoping for a large bag of cash to be thrown from the Golden Gate bridge at 13:37 or similar? I'm guessing that, somewhere, he's made a stupid, elementary and critical mistake which means that he'll be "caught" quite soon (as in, people know who he is and just have to do the paperwork to get him), if he's not already.
If you want to make a stand, make a stand, target an organisation, pick a purpose, hit the critical points without collateral damage. If you want to dick about and show what a hacker you are, that's when you take whatever you *can* find (e.g. extremely private medical records and personal details of random people) and threaten to spread it unless a ransom is paid. In short,
Go to Jail. Go directly to Jail. Do not pass Go. Do not collect $10 million.
The 2000 census has the state population at about 7 million. 8.1 would be reasonable in the time since 2000.
Each state has it's own database farmed out to a 3rd party without oversight. The lowest bidder no doubt with Virginia.
BTW Virginia is also a commonwealth state. The UK is a commonwealth nation. Coincidence, No I don't think so. So that means you guys in the UK are responsible.
Should read:
"Data changed since last nightly off-site backup held for ransom."
Woop De Doo, the data has already been stolen, now what?
Got Code?
He'll probably get a bunch of spam for Cialis.
Excuse me, C1@lis. Need to get this post through the spam filters.
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
I have a feeling yahoo is tracing some IP's right now.
have you?
I've been working for contractors for 10 years now, and am still surprised by the level of incompetence that some government IT folks demonstrate.
Some are good. NOAA OMAO really has its stuff together. DoJ? Not so much..
Best Slashdot Co
http://science.slashdot.org/comments.pl?sid=1221551&cid=27821071 90% of the folks out there can't tell the difference so they just assume whatever is expensive is capable enough.
Off-site backups are vulnerable to:
1) corrupt employees or contractors
2) physical disasters at the off-site location
3) tampering with the back-up and back-up-verification procedure which causes backups to be corrupted for several months or years, then erasing the live data. This tampering may be electronic or social i.e. bribing or blackmailing key employees.
You mitigate likely disasters, you accept that there are some things that aren't cost-effective to mitigate for.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This is super cool, and if they are using Oracle, super easy. The Transparent Data Encryption "Feature" included with Oracle database can be initialized and enabled without any visible change to users or even administrators. Once it's up and running, you copy and delete the "wallet" used to start the database and turn on encrypted backups. You wait a little while, until their unencrypted backups are too old to be any good, then shutdown the database and tell them what you've done. It won't start, and the backups won't restore without the wallet you stole.
The beauty part is, you can't "disable" the TDE feature. The only way to do that is to turn it on, and not use it. That requires.... Wait for it....
A license.
Ha ha. If you configure it, to disable it, you have to pay for it. I love Oracle.
Just for clarification, the Virginia Department of Health Professionals is not the same agency as the Virginia Department of Health.
Each Virginia agency is its own little independent IT fiefdom, with all the disparity of budget and clue that entails. At least until their IT is taken over by Northrop Grumman, which is another clusterfuck entirely...
Who do you think whores out all those prescriptions to those soccer moms if not your precious "medical professionals"? You think your soccer moms just dreamed up all those pills? It's the doctors who are the drug pushers. Without them the public wouldn't have a fraction of the dangerous chemicals they're shoving into their faces as we speak.
End anonymous moderation and posting on
It's kind of completely obvious in retrospect but I remember being so proud coming up with an idea like this way back when I was first getting into computers and reading way too much cyberpunk. The scenario I imagined was someone hacking into a corporate network and planting a virus that gets wormed into all the backups. The ransom note goes something like this:
1. Hi. I compromised your systems.
2. You have no idea when I compromised them and I won't tell you. Rest assured it's been for more than months.
3. I planted a virus.
4. It's in all your backups now.
5. It's set to start deleting everything next week.
6. You could conceivably take everything offline and pay security geeks big bucks to scrub it down. My guess is it'd take you weeks and cost $x megabucks.
7. For $.1x megabucks, I'll give you the disarm code.
I thought it was a kewl idea but the part that I could never figure out was how to make contact with the company without giving everything away. The only thing I could come up with is the old standby from TV and movies, the "numbered swiss bank account." Presumably your identity would be kept private, you would know when the deposit was made, end of story. But it always seemed like there would be some hole in the process that would leave a big red arrow pointing back to the hacker.
Of the historic hackers we've read about, the ones who have gotten caught, it's always some fuckup that gets them nailed, usually not being able to keep their yaps shut. This does make me wonder if we don't hear about the successful hacks because a) the good ones can keep their yaps shut and b) nobody wants to advertise getting pwn'd hard by some punk.
The other factor is a hack like this is so big and flashy, it's just bound to get law enforcement to throw more bucks at the case than it would normally warrant, just because it's so brazen, blatant, and just begging the feds to overreact.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Another great example of how security is not being monitored or taken serously. Also breaches don't get investigated or resolved and happen again and again. It's atounding people trust goverments to look after thier data.
Don't worry though, only the proffessional criminals can get your data. The part time hackers like Gary McKinnon take all the credit
I understand the US can extradigh UK citizens without having to provide evidence... When was that democratically decided... WHF?
Well a badly configured server in any platform gets hacked, I'm not necessarily blaming Microsoft in particular, let's let the facts come forward; but this is Slashdot, and no I'm not new here :-)
Seriously a high value server such as that really should have been behind a proxy like ISA Server to the Internet, oooh if I only could have configured their server...
...in bed
Backups gone missing? Right. This is a department of health. They are subject to endless regulatory compliance requirements, including detailed procedures on backups and storing of same. The only possible concern might be a release of the data to the public.
End anonymous moderation and posting on
It's the doctors who are the drug pushers. Without them the public wouldn't have a fraction of the dangerous chemicals they're shoving into their faces as we speak.
Speaking of which, you might tell your own pusher to cut the crack with something other than meth. Your paranoia is starting to show.
Dewey, what part of this looks like authorities should be involved?
If this guy's a big of an idiot as you say he is (your logic is pretty accurate), what is the threat level of a competent hacker? Someone who knows what they're doing and isn't going to grandstand. It's pretty clear that there are very poorly defended databases with valuable information. I wonder what percentage of Slashdotters have already had their data stolen? Not from their secure system, but from a lowest bid security system. You can use Linux all you want, but the people who hold your private information are using unpatched Windows.
hah! nice Burn After Reading reference.
i expect this will become the hallmark phrase of data ransom notes everywhere.
I store my porn in my work folder you insensitive clod!
j/k :)
All your prescriptions are belong to us.
"replaced the homepage with a ransom demand."
What was discovered was vandalism -- an altered web page and deleted data. There's no evidence besides the vandals' word that anything was downloaded. The same source claims the backups were missing, and that they wanted ransom for return of the data. This is Rx tracking data, not financial or personal ID data.
If it had been personal data, and it'd been downloaded by real ID thieves, they would NOT have notified the world of the event immediately (in fact, while in progress) by defacing the site. They'd have wanted to get away clean and sell off the data if possible before the theft was noticed. And they'd have sold it rather than proving their stupidity by demanding ransom. If they couldn't sell it they'd trash it rather than risk getting caught.
The site collects data from Rx dispensing sites across the state. All the data exists elsewhere, making the claim of no backups irrelevant. This site simply puts in one place what's spread out and not commonly available, so other dispensing sites can know whether someone's getting too much controlled prescription meds. Everything that was deleted can be re-obtained from the same places it was gotten all along.
The incident is a HIPAA violation. The FBI investigates those as well as computer security issues, explaining their presence in light of the fact that no real damage was done. If it were an inside job, it wouldn't have been done because nothing of value was to be gained from that particular collection of data, and an insider would know that. From the inside there are far more valuable collections of data that could be had from that system, such as payment records for license fees of registered Virginia health professionals.
The presence of the FBI and the "neither confirm nor deny" response of Va DHP, and those facts being realted by WP, makes it seem like there's a story here. Not hardly.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
IIS5? That's Windows 2000. almost 3 generations behind the current version. No wonder. The security differences between IIS5 and 6 are massive. IIS6 and 7 has yet to have any serious vulnerabily found in it, while IIS5 was swiss cheese.
Also, Windows 2000 is in "extended" support phase, which means it doesn't get anything but the most critical security patches, and even that will stop next year.
Anyone still using Win2k on a computer connected to the internet deserves what they get.
If you need web hosting, you could do worse than here
I wish I hadn't used all my mod point yesterday. Damn.
Mod parent up. Although he expressed anti-MS sentiment, he also asked a good question.
Here's to hot beer, cold women, and Glaswegian kisses for all.
Time for the Hacker Intelligence test
It's easy to break something. It's much harder to completely cover the evidence of who is responsible.
Question 1 - Why did the hacker target the Virginia Health Department?? That wouldn't be a site that most hackers would even think about much less target for major intrusion. Did the hacker in question cover his tracks as to why he chose this obscure site? Might he have been familiar with it because it tracks potential perscription drug abuse, and he had been flagged for further investigation before? Does he have a history with this company?
Question 2 - Did he cover his visits? Few people can find a potential site, explore the site for vulnerabilities, get access to the site, explore the internal structure of the site, devise an attack plan, code it, execute it, and get out in just one sitting. It usually requires several sessions, each time gaining more access and having better intelligence. The last visit can be covered up, but did he cover up the logs of the first few times when he didn't have complete control, and his tracks and actions may still be in an access log?
Question 3 - What methodology did he use to gain access? Having access to the database (and backups) to the degree that an encryption command can be executed would be difficult. It requires the ability to execute several commands remotely on the server. Were these commands given thru web-page vulnerabilities? Did it require log-in credentials, and if so, whose? Did access require special in-house knowledge, and if so, who knew it?
Question 4 - Where did he do this from, and what is his IP address? Hiding your IP address is next to impossible and there are multiple logs kept of access, including by the ISP. Did he do this from home? (If so, FAIL) Did he do this from a public wireless access point? If so did he cover his tracks there? (It's amazing where they put surveillance cameras nowdays) Anonymizer services will usually hand over the original IP addresss if requested by federal authorities, so that isn't going to work. Did the hacker consider that?
Question 5 - Where is he checking that yahoo address from? See question 4.
Question 6 - Is he using a different computer now? If I wanted to be really sneaky I'd ask yahoo to check not only the Yahoo cookie when someone logs into that account, but *also* get the Google one also, and 10 others. Send the cookies to the relavent companies for the data it contains. Is he using a fresh computer to erase tracks left there?
Question 7 - Did he cover up his phrasing carefully from others he used pubicly? Phases like "Uhoh" "gladly" "not to pony up" "Fucking Bunch of Idiots" "bettin'" "drop me a line" "to have gone missing, too" (weird extra comma here and other places) seem to be rather unique. Some of it can be faked, but the phrasing we use says a lot about us.
Question 8 - How is he planning on collecting the money? Most people think international banks (Caymen islands is common) is the answer. No. Most countries/locations (ex Caymen islands) have easy business registration/taxation rules, but are poor choices for trying to stash/launder money. It's not easy collecting large amounts of money. Does the hacker have a plan on how to collect that money?
Question 9 - Is he going to revisit the scene of the crime? Is he checking the internet news sites to find stories about m^Hthis crime? Is he going to give himself away by visiting such a site (like Slashdot) and visiting, leaving his IP address. Who knows, maybe he'll even gladly, comment. ;)
Comments can be left at hackingforprofit(the at sign)gmailcom. Drop me a line. ;)
I don't want my medical records in the hands of incompetent state bureaucrats. If they have some actual need to know, they can get a fucking warrant to find out.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Just another negative consequence of the "War on Drugs".
Also, I can't my a single box of pseudoephedrine without giving Walgreen's my driver's license number. Now THAT'S some bullshit.
With the first link, the chain is forged.
There should be a licensing for IT mangers that forces them to have real tech skills and knowledge.
...About swine flu. How does the pandemic play into all of this? Did the sysadmin have it? Did the firewall catch it, and is now quarantined in China? Jesus man, don't you know WE'RE ALL GOING TO DIE?!?!
It was a valid question, but the fact that they had to ask it means they can't even back up their first statement
Sandra Whitley Ryals, director of Virginia's Department of Health Professions, declined to discuss details of the hacker's claims, and referred inquires to the FBI. "There is a criminal investigation under way by federal and state authorities, and we take the information security very serious," she said.
Nice grammar, chump. `I'm not on the email. I don't trust the email.`
Each record constitutes a HIPPA voilation, so the company is looking at a $10,000 fine for each one. That means the ransom is nothing compared to the $80,000,000 in fines they could be facing.
Here's how I see the money trail playing out, in order of increasing cash, if this isn't some incredible hoax:
1. The hijacker gets $10MM
2. Various people not only find various lawsuits to exploit the situation, some are unique enough for big wins, moderated down by the vast proportions of controlling lawsuit funding involving a potential 8MM clients
3. The hijacker gets caught, most of the money is recovered, what isn't is left to the cronies or others
4. Whomever catches him is in for raises and promotions that affect lifetime earnings
5. Among the many hopefuls who start, someone is clever enough to write a truly novel about the incident, be it a report or a fictionalization based on the event.
6. And if all that comes to pass, and the event does gain sufficient national fear-mindshare, then the Hollywood crowd that makes it into a thriller of any sort.
And, if by the law that truth is stranger than fiction, you're the author or member of Hollywood that makes out on this by hearing about the idea here, first, then you'll owe me 10% as resource fee, negotiable by the proportionality of income. I just want to wet my beak, get a new TV and pay a few bills - I'm not greedy.
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
Until recently I took a drug called Lamictal. The drug's primary use is for treating bipolar disorder as a replacement for lithium. However, I am not bipolar.
There are many things that a bipolar diagnosis disqualifies someone for. It's an instant disqualification from an FAA medical certificate, and in some places gun ownership.
The last thing I want is an employer or creditor being able to see my prescriptions and jumping to that conclusion.
Paranoid or not, he is right.
I mean, it was only recently that the drug companies were looked at closely, and were informed to cut back on the freebies that they have been pushing for decades on the doctors. Is it no surprise that when you would go see your doctor, and he was taking notes with a Pfizer pen on a Pfizer clipboard, and the whiteboard on the wall had a Pfizer logo... as did the lamp, and the stick-notes, and the pad of lined paper, his coffee mug, the jar that holds the tongue depressors, the tongue depressors themselves, the lollypop wrappers... was it any wonder you were prescribed a Pfizer drug? Not in the slightest.
Of course, there are the Pfizer sponsored three-day seminars (fully paid for) that the Doctors get to attend, and practice getting rid of their Hook/Slice at. The regular lunches paid for by the Pfizer rep for the doctor and his staff... I do regular work at a cardiologist's office here in town. One of the Drug reps brought in a box of chocolates that required a handtruck to wheel into the office. Not one word of English was on that "box" of chocolates (french). I've been there when a rep brought in lunch for the Doctors and staff. Not a few plastic bags with takeout boxes... several waitstaff from the restaurant with actual places and silverware... and they stuck around to clean up as well.
This was the norm up until very recently. It is still the norm in many places, it has just been cut back some when the Feds woke up and realized what was going on. So now a large portion of the perks are disposable. You might see fewer logos (although the charts and diagrams and even just the pictures on the walls are all Rep gifts) but that was just a switch away from leaving evidence of their gifts behind.
However, it was in the Doctor's best interests to prescribe a drug to take care of a symptom. This was of course, instead of prescribing a drug to take care of the PROBLEM. A cold will take the same amount of time with or without drugs. Don't forget to take your decongestant, and your expectorant, and your anti-histamine though. Get rid of those nasty symptoms of the cold... leave the cold there. It was in the Doctor's best interests to prescribe a Pfizer drug if at all possible. This would keep his office stocked in all those extra materials he needs (pens, paper, clipboards, flashlights, etc, etc.)
So, remember. Just because you are paranoid, does not mean they actually aren't out to get you.
No links, no citations. You do your own research on this last one. The medical community has known for decades the effects of B17 on cancer. The earlier it is used, the more damage is repaired, and the less chance the cancer has of returning. There is no money in curing cancer though. Curing cancer would put half of the Medical Establishment out of business. Thus... there is no cure for cancer. Funny how animals in the wild don't get cancer. Sure, if we take animals out of the wild and put them in a zoo, alter their diet and habitat, some will develop cancer. But there is huge money in TREATING cancer. There is no money in curing it.
So, back the fuck off with your implications that a crack and meth addled mind is the only kind that can see the drug companies, and therefore the doctors for what they really are.
"I love deadlines. I love the whooshing sound they make as they fly by." -D. Adams
There is no money in curing cancer though. Curing cancer would put half of the Medical Establishment out of business.
Bullshit. That implies that every advanced country in the whole world is in on the conspiracy. Go ahead and explain to me how planned economies like China and North Korea would rather allow their citizen-workers to die than to cure them so that they could get back to production.
That's what you're really saying, after all: America is the only country capable of research, and every scientists in every company in America is in strict compliance with their cabalistic orders. Not one single biologist saw fit to leak a miracle cure before they were silenced. That's practically the definition of paranoid delusion.
Dewey, what part of this looks like authorities should be involved?
I heard a story from the '70s of a similar situation. The tape drive's write head had gone bad and the backups were blank.
The company replaced their tape drive with one that had a spare read head to do read-after-write verification in the hardware. Since the read-back was happening in parallel with the writes, this didn't take any additional time.
Read-after-write verify won't help you if the backup software is backing up the wrong bits or if the tape is being stretched in a bad way after the verification but it will eliminate one point of failure.
the note is juvenile, this person is enjoying their hacker fantasy with no appreciation for the wrath they're bringing upon themselves. there is just no way that a person this cocksure and mouthy will refrain from making a mistake during this.
i'd be a lot more afraid of something done discreetly and professionally. conversely, i'm already afraid of virginia state it administrators and their lack of professionalism.
you can't be treated because access to your online health records are down
Well THAT problem has existed for some time.
I'm waiting for the day when specifying Microsoft is an automatic termination. It's coming.
you had me at #!
The hacker is an idiot. There is no reason to trust that the data he returns is correct. This is vital information, if any of the data has been tampered it could very easily be fatal.
Unless the Virginia authorities have some way of verifying that the data hasn't been changed (unlikely, since they don't have backups), there's no point in paying the ransom at all.
You forgot Amateur ("Ham") Radio, which requires licensing to insure fair use of limited bandwidth resource.
Slashdot entertains. Windows pays the mortgage.
I'm for it. I can recall when we had to buy a radio license, for the privilege or listening. Then a TV license to compensate the music industry from lost listening. So why not internet licensing. But will it allow us the unchoked downloads and bittorrents we need?
Leslie Satenstein Montreal Quebec Canada
Probably just a coincidence, but the recently appointed CTO and CIO of the United Sates both worked in the state of Virgina.
Aneesh Chopra, (CTO) from wikipedia:
"He currently serves as Virginiaâ(TM)s Secretary of Technology, having previously served as Managing Director for the Advisory Board Company, leading the firmâ(TM)s Financial Leadership Council and the Working Council for Health Plan Executives"
Virginia.gov:
"Prior to joining Governor Kaineâ(TM)s cabinet, Aneesh served as Managing Director with the Advisory Board Company, a publicly-traded *health care* think tank serving nearly 2,500 hospitals and health systems. He led the firmâ(TM)s Financial Leadership Council and the Working Council for Health Plan Executives, as well as assisted the launch of the firmâ(TM)s first business intelligence software solution, Compass."
The read-after write should be pretty much on automatic:
All the backup software has to do is set a bit to turn it on, and get an interrupt when there is a mismatch or checking a status bit after the job completes.
"Not using that feature" is either just plain dumb or pretending the feature doesn't exist.
By your logic: ....No shit! You only get what you work for.
Your lunch and dinner is tied to your job.
Your clothing is tied.
Your car and electronics are tied to your job.
It's an investment return: You give a benefit to society, and society rewards you
with a paper note to exchange your services for other's services, such as your:
Clothing
Medicine
A Car
Health care
Food
Etc....
You make a good point. However, not having new clothes, a car or a cell phone generally doesn't cause epidemics of tuberculosis...
Having *everyone* get preventative care is a benefit to society, far and above material possessions.
People in cars cause accidents....accidents in cars cause people