Monday, December 10, 2012

Coming soon to a health care provider near you!
By Dissent, December 9, 2012 5:31 pm
Stephanie Bedo reports on that a medical center’s worst nightmare has occurred. From Goldcoast:
A Gold Coast medical centre is being held to ransom by an international computer hacker who wants $4000 to unlock thousands of patient files.
The Miami Family Medical Centre has been without the patient files for more than a week after its computer system was hacked and all the patient files encrypted with a military-grade encryption program.
It gets worse, but what struck me is that they’ve had similar situations in that area in this past year:
It is the latest in a string of 11 similar medical extortion cases that have taken place across the state this year.
I’m not finding any other such stories on their site or in a Google search. I’d love to know more about these other cases.
And here’s how a bad situation becomes worse:
Dr Munira Butt said the system was hit over a weekend, with the hackers then sending emails from an untraceable overseas account demanding $4000 if the business wanted to get the records back.
They’ve corrupted all our back-up discs too,” Dr Butt said. [Best Practice: Make sure you backups are readable then make sure no one else can access them. Bob]
“They have hacked us really well because they’ve been in and disabled quite a number of programs.
That’s seven years worth of data missing or gone.”
Without the clinical files, doctors are effectively blind when treating patients as they have no access to patient history, known allergies, blood test results, blood pressure readings or even cancer results.
So what the heck are the police doing to help? Nothing, reportedly:
She has refused to give in but has had no success getting help from police so far.
Dr Butt said she spent all of last week contacting cybercrime squads within the Australian Federal Police and has left several messages but no one has responded to her or investigated the case.
An AFP spokeswoman said the scam was an issue for the police.
“I’ve contacted all the e-crime squads and no one’s getting back to me,” Dr Butt said.
Read more on GoldCoast.com.au
[From the article:
A QPS spokesman said they had provided previous warnings. "This type of computer extortion is a world-wide trend which is challenging for law enforcement agencies to address," the spokesman said.
"In essence an offender, believed to be from Russia, exploits security weaknesses in business computer systems and enters the systems through that weakness and encrypts the system. That encryption effectively renders the business computer useless."


Hardly unexpected (see the Comments)
"Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7. The botnet is called Skynet and can be used to launch DDoS (distributed denial-of-service) attacks, generate Bitcoins — a type of virtual currency — using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones. However, what really makes this botnet stand out is that its command and control (C&C) servers are only accessible from within the Tor anonymity network using the Tor Hidden Service protocol."


I'm sick of following up on this tremendoud failure of leadership in South Carolina. Read this one yourself... Better yet, assign some reasonably bright students to compile a list of the state's “Worst Practices” to contrast with “Best Practices” implemented by organizations with a collective IQ above room temperature.
Update and commentary on SCDOR breach: Where would they be without media coverage?


“EVERYTHING NOT FORBIDDEN IS COMPULSORY” T. H. White Is “you can't do that” sufficient to “deny authorization?” I'd say yes. (By the way, sharing passwords is ALWAYS a bad idea.)
Cheng v. Romo and Applying Unauthorized Access Statutes to Use of Shared Passwords
December 10, 2012 by Dissent
Orin Kerr writes:
The federal computer crime statutes punish unauthorized access to a computer. As regular readers know, courts are hopelessly divided on what this language means, and in particular what makes an access to a computer authorized versus unauthorized. In Cheng v. Romo, 2012 WL 6021369 (D. Mass. Nov. 28 2012), Judge Casper authored an opinion on an interesting wrinkle that I’ve pondered but that hasn’t come up before in published decisions: How do computer crime statutes apply when one party gives his password to another party for some limited uses, but the latter party uses the password for broader uses? Is the accessing with the password but beyond the implicit or explicit limit “unauthorized” for purposes of the computer crime laws?
Read more on The Volokh Conspiracy


Clear and present danger question? At what point would “dangerous technology” force governments to shut it down? (Are there some people who shuld be culled from the gene pool?)
Australian Police Warn Against Apple Maps, Citing “Potentially Life Threatening” Misdirection
Police in Victoria have urged motorists to avoid the use of Apple Maps, warning that faulty directions on the much-criticized app have left motorists stranded in the Australian outback for up to 24 hours without food or water.


Perspective Interesting slide show... Really worth looking at.
… It’s a deep look at what we all did online (and offline) over the past year and is worth closely examining when you have the time.


Another perspective


Global Warming ! Global Warming ! Shifting perspective...
"More precise modeling has changed some long term climate predictions: sea levels to rise almost a meter more than present over the next century, but past dire warnings of stronger storms or more frequent droughts won't pan out. Instead there will be less strong storms, but peak winds in the tropics might be slightly higher. Temperature rise of global average will be about 3 degree C total, including the 1 degree C rise over the 20th century. In places where precipitation is frequent, it will become even more frequent; in arid areas, the tendency will be to become even drier. Some new arid areas are expected to appear in the south of N. America, South Africa and Mediterranean countries. Overall, hardly a doomsday scenario."

No comments: