One from many
The World's Stupidest Hacker!
In a lunchtime follow up to my post yesterday on the hacker that stole the Virginia medical records, I think the comedy of the event for this poor soul has not been looked at yet and you have to wonder about this poor fool.
The ransom demand is brazen at the very least, although it is hard to see how this person is going to get away with it, even if the state did pay the ransom, which they probably won't. They may be smart, but they are definitely not clever. This hacker is not the type that is necessarily the type on hacker that is the real worry. First off, why would you let them know you had it or even got in? Surely the sensible thing to do would be to get the data (quietly) and then shop around for a bidder, the health insurance market possibly?
Unfortunately, how many "quiet" hackers do just that, hell what is to say that these details have not ALREADY been sold on by someone before Mr/Mrs hackingforprofit@yahoo.com got to them and let the world know they were free for the taking.
Unfortunately, hackingforprofit@yahoo.com ate their golden goose, never mind the egg.
Once again the mind boogles...
Their ransom demand is definitely worth a read just to for the sake of irony.... I wonder if hackingforprofit@yahoo.com is now thinking... "Ahhhh I should have really thought about this more... shit!"
I guess the first rule of being a thief is to NOT tell the authorities you are one and you have stolen something from them.... doh!
As posted on Wikileaks.
ATTENTION VIRGINIA
I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(
For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid. Now I don't know what all this shit is worth or who would pay for it, but I'm bettin' someone will. Hell, if I can't move the prescription data at the very least I can find a buyer for the personal data (name,age,address,social security #, driver's license #).
Now I hear tell the Fucking Bunch of Idiots ain't fond of payin out, but I suggest that policy be turned right the fuck around. When you boys get your act together, drop me a line at hackingforprofit@yahoo.com and we can discuss the details such as account number, etc.
Until then, have a wonderful day, I know I will ;)
stop using the word "hacker" to describe this luser!!
he's a cracker, not a hacker.
and you're a moron for perpetuating the myth.
if you don't know what i am talking about, then you've proven my ad hominem attack on you.
shkawamoto@yahoo.com
Touche
Thanks for the comment. I now have added luser to my own lexicon.
Seeing as this is a discussion and I do not profess to be an expert in anything, I think that the general Internet public do not understand the semantics of hacking, cracking, black-hat, white-hat and so forth. However, if nothing else, the Internet is a wonderful medium through which one can learn about many a thing.
I have taken your comment seriously and brushed up on my own understanding of the definitions and I believe actually at the moment neither are valid :). Seeing as nothing concrete has been published yet, about the actual mechanisms of the incident. However, if they did indeed breach the system via remote methods (not an inside job) then they are both a cracker and a hacker, although the "other" hacking community may not like being bundled under the same the same title, from an etymological prespective, they are. A cracker, simply being a type of hacker. However, if I may point out, you yourself have made some assumptive statements here as well.
There is no evidence to suggest that the person/s in question are male, therefore perpetuating the mythology that it is a man's world.
Referring to the person/s involved as "luser" surely needs to be qualified contextually? As it is not based on any evidence, is not really demonstrative of anything unless it is qualified contextually. If they are a cracker/s surely they cannot be a luser as well, (assuming you are using luser in the etymological manner as you are using cracker), unless this was an inside job, however that then raises the question, are they then still a cracker? If it was an inside job then technically nothing was "cracker" apart from internal regulations or perhaps just plain good old fashion theft.
Surely there is not enough evidence to actually determine what our mystery guest is yet, therefore the semantics are speculative (unless you have information not publicly available). What is true is that they are a thief of some description. Therefore I will stick with hacker for now as until it is determined that they actually got the data they said they did (which we probably can assume they did, seeing as they quoted the number of records) AND how they got the data (which is key to defining what they are).
Well at least I learned something, thanks.
Excuse me, but, as a matter
Excuse me, but, as a matter of fact, the ransom note is (obviously) an advertisement intended to let the potential buyer know that there is a database for sale.
Snooping for shadowy customers is usually hard.
Announce like this - and bingo, it's easy.
Also, I see no reason why hackingforprofit can not sell the database after collecting ransom (assuming he can collect the ransom without getting caught)
BTW, one has to wonder - how is he going to collect the money?
It's obviously a hoax
Lighten up. Some kid from 4chan hacked the web server and replaced the main web page, big deal. No records were obtained obviously. If they had been, Scientology would have them by now. LOL!
4chan
Well they gamed the Time's 100 list, so you could be right... However they probably reordered all the data before handing it over to the Scientologists :)