Find how to download movies online.

Data Extortion

May 24, 2009 | By Joel Dehlin | 3 Comments

Recently somebody hacked into a web site operated by the State of Virginia, deleted the records of over 8 million people and left a note on the homepage, demanding $10M to restore the data.

We’re talking about 0’s and 1’s here.

It’s not the first time hackers have used data for extortion. Typically they threaten to release potentially damaging data, whereas this time it’s closer to kidnapping where they’re offering to return the data for a price.

This event underscores the importance of regular backups and disaster recovery. Granted, the brutes should never have had the opportunity to get into the web site in the first place, but a secure perimeter won’t solve the problem if it’s an inside job. Appropriate seperation of duties and regular testing of data (and system) restoration is critical for peace of mind when it comes to making sure your data is safely guarded.

Luckily, the state of Virginia apparently had appropriate backup and restoration precedures in place.

Do you?

Bookmark and Share

fu manchu said...

Restoring the data is small beans compared to the probable identity compromise of 8 million people.

The whole field of IDS is living proof that we know that firewalls won’t stop hackers and our goal is to now detect when they do.

My question is, does the benefit of having medical records online outweigh the cost of their eventual compromise?

That should have been weighed thorough, and showing that it was placed online, demonstrates that they did not give it enough thought.

May 25, 2009 8:56 am #

Joel Dehlin said...

Good point, Fu Manchu. Identity and privacy issues are the stickiest. If you’re going to put your data online, make sure you’ve got it approriately protected and backed up. But think twice (or three or four or five times) about whether it needs to be online.

May 25, 2009 8:59 am #

Bob said...

I’m uncertain if you were aware of this, but they did pay the ransom and the FBI is still “investigating”…meaning the person(s) still have yet to be caught/charged.

December 14, 2009 2:30 pm #

Required.
Required but not published.
Optional
 

About Joel

Joel Dehlin is the father of seven delightful children and the husband of one patient, wonderful woman. His primary love is being with his kids, but he doubles as the Chief Information Officer for The Church of Jesus Christ of Latter-day Saints. More about Joel...


Follow Joel on Twitter

Currently Reading

View full Library »


Archives

2009 Favorites

Blogroll




LDS Links