Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virginia Health Database Held For Ransom

Posted by timothy on from the single-point-of-failure dept.

An anonymous reader writes "The Washington Post's Security Fix is reporting that hackers broke into servers at the Virginia health department that monitors prescription drug abuse and replaced the homepage with a ransom demand. The attackers claimed they had deleted the backups, and demanded $10 million for the return of prescription data on more than 8 million Virginians. Virginia isn't saying much about the attacks at the moment, except to acknowledge that they've involved the FBI, and that they've shut down e-mail and a whole mess of servers for the state department of health professionals. The Post piece credits Wikileaks as the source, which has a copy of the ransom note left behind by the attackers."

21 of 325 comments (clear)

  1. email address as contact by Anonymous Coward · · Score: 2, Funny

    Why would the "cyber-terrorist" post an email address as the ransom contact? Isn't he/she just going to get spammed now?

    1. Re:email address as contact by eldavojohn · · Score: 5, Funny

      Why would the "cyber-terrorist" post an email address as the ransom contact? Isn't he/she just going to get spammed now?

      I don't know, why don't you send hackingforprofit@yahoo.com an e-mail and ask them?

      Oops, did I just post hackingforprofit@yahoo.com without obfuscating it? Here, let me fix that:

      hackingforprofit(at)yahoo(dot)com

      My apologies to hackingforprofit@yahoo.com if this results in an increase of SPAM.

      --
      My work here is dung.
    2. Re:email address as contact by Anonymous Coward · · Score: 3, Funny

      Damn you! My mailbox is FULL with SPAM!!

    3. Re:email address as contact by flonker · · Score: 2, Funny

      Dear Sir/Madam,

      I am fine today and how are you? I hope this letter will find you in the best of health. I am Joe Fitz, and I recently hacked the "Virginia Department of Health Professionals". They have paid me a ransom of $10,000,000 (TEN MILLION DOLLARS). However, this balance of US$10,000,000.00 has been secured in form of Credit/Payment to a foreign contractor, hence we wish to transfer into your bank account as the beneficiary of the fund. We have also arrived at a conclusion that you will be given 20% of the total sum transferred as our foreign partner, while 5% will be reserved for incidental expenses that both parties will incur in the course of actualizing this transaction, and the balance of 75% will be kept for the committee members. ...

    4. Re:email address as contact by powerlord · · Score: 2, Funny

      Hmm perhaps if we contacted the people at hackingforprofit@yahoo.com then they could answer some questions? Perhaps they could even be the next "Ask Slashdot"?

      I could see it now:

      "Slashdot: Post your questions for the hackingforprofit@yahoo.com group! The top five will be sent in, and hopefully answered in an anonymous fashion."

      Q: 5) Are you idiots?
      A: Well ... I DO live in Virginia, and worked for a local IT dept. Since they had a security break-in, on a system I was responsible for, I'd say yes.

      Q: 4) What were you thinking?
      A: My XBox 360 had just RRoD and I thought to myself, "Self, what is a quick way for me to make enough cash to never have to worry about replacing my 360 again?" I figure $10M should just about do it.

      Q: 3) Are you really expecting anyone to pay?
      A: Well ... why wouldn't they? What do you know that I don't?

      Q: 2) What sort of precautions are you taking to keep the FBI from tracking you down via a secret cookie, javascript subroutine or 0 pixel image embedded in your Yahoo mail?
      A: A what? Now wait a minute ...

      Q: 1) How long do you really expect to get away with this?
      A: Lets go back to that last question for a minute? What are you talking about? I just use Internet Explorer. It even has the latest patches from MS.

      [bing-bong] One sec. I'll finish this up right after I get the front door.

      [crash] THIS IS FBI! ON THE GROUND NOW!

      $s#@3g*(&)f*@3#^NO CARRIER

      --
      This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
    5. Re:email address as contact by Anonymous Coward · · Score: 2, Funny

      I've always wondered why people who get busted by the FBI use speech-to-text interfaces over modem...

  2. Backup? by wondercool · · Score: 4, Funny

    Luckily Of course a backup was made every hour. .. Oh what? Did not run backup for 3 weeks? Went fishing?

  3. Shouldn't be hard to re-create by Skraut · · Score: 5, Funny

    ...since Virginia is for Lovers. The hardest part will be determining weather their prescription was for C1A1iS or V1AGR4

    --
    Introducing Microsoft Vacuum 1.0 The first Microsoft product that doesn't suck.
  4. Re:Non-story? by Anonymous Coward · · Score: 5, Funny

    The Internet. A miracle of the 21st Century, providing high quality information and education to all, breaking down social barriers and creating a new info-democracy the likes of which our fathers could only dream about. Few would disagree that the Internet is a wonder of the modern world, and one of America's greatest contributions to science.

    However, as with all emergent technologies sooner or later, abuse by the uneducated masses causes the need for regulation to arise. As more people adopt a technology, the more likely that technology will be used by irresponsible individuals who try to spoil things for the rest of us.

    This is why the time has come to introduce licensing for Internet users.

    * Hunting
    * Fishing
    * Watching TV
    * Driving an automobile
    * Using a PC
    * Carrying a firearm
    * Building a house
    * Selling an alcoholic beverage
    * Staging a rock concert
    * Trading in securities
    * Developing software

    What do the activities listed above have in common ?

    The answer is that all are potentially dangerous activities for which one must obtain a license if one wishes to remain on the right side of the law.

    It is surprising to me that one potentially dangerous activity is conspicuously missing from the above list. We all accept without question the need for regulation where dangerous technologies are concerned (as the list clearly demonstrates). So why should the Internet be exempt ? What is so special about 0s and 1s travelling along a wire that makes us give it 'special treatment' ? Why should this important resource not enjoy the protection from abuse that regulation would undoubtably provide ?

    In the old days of the Internet, its usage was confined to academia, and the military. Back in those days, one could be fairly sure that Internet users were responsible citizens, who would not abuse their 'net access, after all our educators and defenders are people we knew we could trust.

    These days, with the explosive growth in Internet usage, it is impossible to control who goes online. Indeed, many Internet Service Providers (ISPs) market themselves on how 'easy to use' their service is. You are just as likely to find senior citizens, children, teenagers and housewives online these days, as you are to find a world class physicist or a military intelligence officer.

    As you would expect, with such a large number of uneducated people given unrestricted access to such a powerful tool, the results have not always been pleasant, and abuse has run rampant. You can find bomb making instructions, Islamic fundamentalist propaganda, pornography, hate sites, left wing and right wing extremism, pornography, fascism in all its different and elaborate disguises, Radical androphobic feminism, autism, pornography, questionable politics, pornography, blasphemy against Jesus, and yet more pornography.

    This is the mere tip of the iceberg, since the Internet is estimated to have as much as 100 Gigabytes of this kind of offensive material, and it is growing larger by the week, as more and more uneducated people rush to 'get online' so that they may 'surf the web' with their equally poorly-educated beer-swilling redneck buddies.

    As with all technologies, the Internet has matured to the point where regulation is not just desirable, it has become inevitable. You don't need to be Kreskin to predict that unless the Internet is regulated, and regulated quite heavily, it will soon collapse under the sheer weight of pointless traffic Britney Spears fan sites, uninteresting personal home pages and the extra load placed on the 'net infrastructure by illegal protocols such as Aimster Napster, Bearshare Gnutella and the like.

    As with automobil

  5. Re:Sounds like an inside job. by hey! · · Score: 4, Funny

    Ah, Watson, but notice this curious "Fucking Bunch of Idiots". A Frenchman or Russian could not have written that. It is the German who is so uncourteous to his nouns.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  6. One Question by MistrBlank · · Score: 5, Funny

    Did they also threaten to release the Da Vinci virus?

  7. Re:Sounds like an inside job. by Shakrai · · Score: 2, Funny

    perhaps Indian guys working for the state of Virginia...

    Well, at least that means that Macaca has discovered the real world of Virginia ;)

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  8. Damnit... by jez9999 · · Score: 5, Funny

    The attackers claimed they had deleted the backups, and demanded $10 million for the return of prescription data on more than 8 million Virginians.

    Damn, I'd pay $10 mil for data on more than 8 million virgins. That's more than you get for martyrdom in the... oh, read it wrong. Never mind.

    --
    == Jez ==
    Do you miss Firefox? Try Pale Moon.
    1. Re:Damnit... by Anonymous Coward · · Score: 1, Funny

      The attackers claimed they had deleted the backups, and demanded $10 million for the return of prescription data on more than 8 million Virginians.

      Damn, I'd pay $10 mil for data on more than 8 million virgins. That's more than you get for martyrdom in the... oh, read it wrong. Never mind.

      CmdrTaco would like a word with you about your generous offer.

  9. It's situations like this by mandark1967 · · Score: 5, Funny

    That make me very happy I get all my medication from the 2 dudes on the streetcorner.

    --
    Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
  10. Re:Sounds like an inside job. by corsec67 · · Score: 3, Funny

    The language of the whole threat makes it sound like he's about 8 years old, so using that logic we should also be looking for an 8 year old.

    Or someone from Virginia?

    --
    If I have nothing to hide, don't search me
  11. Re:Non-story? by tomhudson · · Score: 4, Funny

    Did you read the note? It's offering to sell the personal data

    ATTENTION VIRGINIA

    I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(

    For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid. Now I don't know what all this shit is worth or who would pay for it, but I'm bettin' someone will. Hell, if I can't move the prescription data at the very least I can find a buyer for the personal data (name,age,address,social security #, driver's license #).

    Now I hear tell the Fucking Bunch of Idiots ain't fond of payin out, but I suggest that policy be turned right the fuck around. When you boys get your act together, drop me a line at hackingforprofit@yahoo.com and we can discuss the details such as account number, etc.

    Until then, have a wonderful day, I know I will ;)

    Sorry, Virginia, there's no Santa Claus.

    Maybe it's someone doing it for the lulz. After all, a REAL ransom note would have used either the evil MS-Comic font, font of ill will, or a genuine Ransom font.

  12. Re:Michigan by Xest · · Score: 4, Funny

    See in the UK we have a better approach with protecting the public from the effects of cyber attacks.

    We just allow our public sector to be so fucking useless no one misses them when their systems go offline anyway.

  13. Re:Sounds like an inside job. by Anonymous Coward · · Score: 2, Funny

    Aah... so the perpetrator has English, Scottish, Irish and German forefathers - and he lives in Virginia.
    This should be an easy case to crack.

  14. Re:Non-story? by penguin_dance · · Score: 2, Funny

    Did you read the note? It's offering to sell the personal data.

    Who's going to want to buy it? I mean, it's a list of drug addicts--their CREDIT scores are going to suck!

    --
    If you've never been modded as "flamebait" or "troll," you've never tried to argue a minority viewpoint here!
  15. Re:Ummm... by magbottle · · Score: 5, Funny

    How he expects to receive any money is beyond me... .

    A good plan would be to identify two similarly hackable situations, crack one and post a ransom note on the main page. Then kick back and read Slashdot to figure out how best to exploit hack situation number two.

    We give the best advice.