Hackers: “My mother received the ransom note on the Tuesday before Thanksgiving. It popped up on her computer screen soon after she’d discovered that all of her files had been locked. ‘Your files are encrypted,’ it announced. ‘To get the key to decrypt files you have to pay 500 USD.’ If my mother failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC – all of her data – would be lost forever.”
The above quote describes “ransomware” software. It gets into your computer via a Trojan and encrypts files in the background. Once the computer files are encrypted, the “bad guys” ask for money to decrypt the files.
One big problem that we see over and over in cases where, for example, a hacktivist is charged with a politically motivated intrusion, is the stigma of “hackers.” The very mention of the word conjures up images of the guy who tricked grandma out of $5,000.00 because she fell for an email saying that you were trapped in Spain with no money. Or of a creepy guy who spies on women through their surreptitiously awakened laptop cameras. Of course, hackers that trade in credit cards are the worst of the bunch in terms of the public image of hackers.
So no one seems to realize that the people who make Apple OS 8 out of OS 7 are hackers. THE people who make the technology in your car better model by model – you guessed it – hackers.
Indeed, the etymology of the term hacker is significantly less ominous than what it has come to mean. It originated with the tech model railroad club at MIT. A “hack” involved making your model train better in some way, perhaps making it faster, have lights, etc. Each year a prize was awarded for the coolest “hack.” Raymond, Eric (25 August 2000). “The Early Hackers”. A Brief History of Hackerdom. Thyrsus Enterprises.
Making a better train, or a better version of Windows OS is hardly what people think of when they contemplate what a hacker is, but that is exactly what 99% of hackers are. They take things and make them better. Hackers experiment. They have scientific curiosity. They aren’t the guy messing up your credit or scamming your grandma. Sadly, however, that is the image that hackers have taken on.
In our society of one-size-fits-all laws for hacking, this is quite the problem. For several years now, I’ve referred to this as “horse and buggy laws in a jet plane society.” The laws no longer fit the crimes. This is one of the emerging tech issues that courts will have to deal with. As a defense attorney, this will call for employing technology in criminal defense. If the crime is a tech crime, it is up to us to describe how different versions of hacking are, well, different. Going forward, this will be vital.
“Is there any other way to get rid of it besides paying the ransom? No — it appears to be technologically impossible for anyone to decrypt your files once CryptoWall 2.0 has locked them. (My mother had several I.T. professionals try.)
“But should you really be handing money over to a bunch of criminals? According to the Internet Crime Complaint Center, a partnership between the F.B.I. and the National White Collar Crime Center, this answer is also no. “Ransomware messages are an attempt to extort money,” one public service announcement helpfully explains. “If you have received a ransomware message do not follow payment instructions and file a complaint.” Right. But that won’t get you your files back. Which is why the Sheriff’s Office of Dickson County, Tenn., recently paid a CryptoWall ransom to unlock 72,000 autopsy reports, witness statements, crime scene photographs and other documents.
“Finally, can law enforcement at least do something to stop these attacks in the future? Probably not. Many ransomware viruses originate in Russia and other former Soviet bloc countries. The main difficulty in stopping cybercriminals isn’t finding them, but getting foreign governments to cooperate and extradite them.
“By the time my mom called to ask for my help, it was already Day 6 and the clock was ticking. (Literally — the virus comes with a countdown clock, ratcheting up the pressure to pay.) My father had already spent all week trying to convince her that losing six months of files wasn’t the end of the world (she had last backed up her computer in May). It was pointless to argue with her. She had thought through all of her options; she wanted to pay.”
“In addition to being criminals, these peddlers of ransomware are clearly businesspeople, skillfully appropriating all the tools of e-commerce. From branding (CryptoWall is a variant of a fearsome earlier virus called CryptoLocker, which was shut down last year) to determining what they can extort (ransomware hackers have tested the market with prices as low as $100 and as high as $800,000, which the city of Detroit refused to pay in order to have its database decrypted), these operators are, as Mr. Wisniewski put it, part of “a very mature, well-oiled capitalist machine.” It’s also an incredibly lucrative machine: Some experts estimate that CryptoLocker hackers cleared around $30 million in 100 days in 2013. And more than a million PCs worldwide have been hit with the CryptoWall virus.”
Read more of the editorial here.