When that wacky hacker or hackers known as The Dark Overlord stole the latest season of “Orange is the New Black,” the list of demands read less like a ransom note than a full-on legal contract.
The fabulist language positions the blackmail attempt as a “contract” between the hackers and their victim. The hackers announced that they released the new season of “Orange Is the New Black” a month early because their “Client,” the post-production company called Larson Studios, violated the agreement by contacting the FBI and police, which the hackers claimed was a clear attempt to “defraud this agreement.”
The Dark Overlord you see, had hacked the season from the studio’s computers, and released it in spite of the fact that Larson Studios actually forked over more than $50,000 in Bitcoin to the Dark O. Conveniently for them, the Dark O is the only one who can judge whether the “client” complied with the contract terms.
This entertainment stuff is new territory for the Dark O. Previously content with slashing through weak perimeter defenses at a variety of HealthCare providers, these guys apparently saw the gold mine in the HBO hack and shifted targets.
Prior to this attack, their last big gambit was the massive cyber-attack on Banner Health Care, resulting in the theft of 3.7 million records containing scads of personally identifiable information. What was interesting about that attack was the attack vector; one not used before in the healthcare sector but hugely popular in retail. Banner Health says the breach started when attackers gained unauthorized access to payment card processing systems at some of its food and beverage outlets which led to direct access through the administrative network to the entire medical records database.
The obvious big red flashing light here is that the two networks were connected … as in, not separated.
As we have reported repeatedly in the past, the Dark O who has openly claimed to have breached databases of dozens of healthcare entities, has put about 10 million patient records up for sale on deep web markets.
This is one bad dude. Last year, he stole the source code containing software signing keys and customer license database for a Health Level Seven interface engine, a type of middleware that enables different kinds of HealthCare software applications to exchange information. Most HealthCare software vendors sell the engine as part of their product architecture meaning that almost every HealthCare company in the world is running on a version of HL7. It is the medical IT systems equivalent of the bar code.
The Dark O claims he has the software’s signing keys, which are closely guarded digital signatures that are used to verify that a new version of the software hasn’t been tampered with. If stolen, an attacker could insert spying code into the application and sign it with the private key, making the modification of the code appear legitimate.
Our Dark O buddy tells us that there are two target buyers for this data. One, a smaller country outside the United States who may be looking to purchase a complete package for a fair price and use this in their own development or retail it directly after compilation. Or two, someone who has nefarious intentions and intends on using the keys to push a backdoor to the original customers of the victim company.
As of last month, the official tally of major health data breaches listed 4,871 incidents affecting a total of 259.2 million individuals since federal regulators began keeping track in September 2009. And while hacker incidents represent less than 19 percent of the total breaches, those incidents account for an astounding 79 percent of the individuals affected. So, where are those records going and for what purpose?
Up until the Equifax hack, HealthCare records contained the most valuable information available, including Social Security numbers, home addresses and patient health histories — making them more valuable to hackers than other types of data. Stolen credit cards go for $1-$3 each. Social Security numbers are $15. But complete health care records are a gold mine, going for $60 each. Medicare records, which are rarer, start at around $400 each. The reason they are so valuable is because criminals can use such records to order prescriptions, pay for treatments and surgery and even file false tax returns.
With a common healthcare record, you can basically own a person. You have all the information necessary to create a new account and fake an entire identity.
The greatest threat to the healthcare industry today is not from one-off hackers seeking quick paydays, but from organized gangs and foreign governments that can store intimate personal health data for future use against individuals.
For example, hackers last year stole the records of about 80 million customers of Anthem Inc., the second largest U.S. health insurer.
The Anthem hack in 2015 where 80 million records were stolen is now confirmed to have been perpetrated by nation state actors, and the purpose was to harvest the database in order to create a dossier of individuals that they could use for social engineering for future attacks.
It is now well known that nation state bad guys are now using healthcare information to target infrastructure employees with emails containing notices related to medical conditions they may have. When a targeted individual opens one of those emails, malware infects their desktop computer and heads right into the network. If the employee is working for a power, transportation or communication company, you can see where this is going.
Critical infrastructures from utilities to traffic lights to municipal personnel databases are fumbling through the same jungle of cyber security unknowns. And as more and more of our physical world becomes networked and connected to the internet – the embedded sensors in our streets, the Internet of Things in our kitchen appliances, the “smart” cities all around us – there’s a sharply growing potential for cyber-attacks that have not just digital but dangerously kinetic ramifications as well.
As nation state hackers become more sophisticated and organizations continue to fall behind, we will see more and more reports of these types of breaches and escalation of the impacts. PHI will continue to bring high value on black markets and more of it will be stolen.
Until everyone places a higher, determined and ongoing emphasis on Cybersecurity, our interconnected physical world will start to make headlines as attacks are successfully aimed at critical infrastructure in healthcare, energy, transportation and defense.
Whether the Dark O has a contract in place or not.