19 May Cyber Violation
This isn’t my usual biotech beat, but compromising my computer can certainly affect the beat and I don’t like that. Over the last week, a nasty ransom-ware program infiltrated hundreds of thousands computer in 150 countries. It affected 20% of hospitals in the UK and much more.
I don’t understand these misfits who do this; their effects can range from severe inconvenience to mass casualties. I know of a few professors who had their life’s academic work lost due to ransomware. And what about the patients in the UK hospitals whose telemetry suddenly stopped working while they were in intensive care?
I like to think that I am ever vigilant to these sociopaths, but even eagle-eye me succumbed to malware a couple of years ago. I (almost) never open links in emails I do not expect or if I do not know who sent them. Even if the emails are from organizations I do business with, I never click their embedded links. I first contact them to assure that they really sent the email. I never click software update requests sent in emails or pop-ups from Firefox, Microsoft, Adobe, iTunes, etc. Rather, I log onto their sites to see if an update is needed and then take care of it.
But, even with my “superior” vigilance, I still got caught. One day at work, I was very engrossed in a demanding project like a wise mongoose is with a cobra (really gotta pay attention!). While I was on my computer, something seemingly innocuous popped up that required I click a link. I blinked and clicked (dead mongoose!). All sorts of ads popped up, one after another, and I could not X them out fast enough; they reproduced like rabbits. I shut everything down and called IT and enjoyed an unexpected day-and-a-half paid vacation.
Fortunately, the malware did not affect my files. IT was able to sterilize my computer, reload the OS and put my files back. I dodged the snake bite and life went on.
But, the following is what I want to point out here. A couple of years ago, I attended a seminar by a Milwaukee FBI agent talking about cybersecurity. What he said shocked me like rubbing one’s feet on the carpet and touching the spouse’s nose (don’t do it!). Super cautious me could easily get caught by one of the stories the agent related. So could you. Here is the story.
Malicious misanthropes wanted to penetrate a Milwaukee tech company and could not because the company was on top of things regarding security. So, the cyber-stealers investigated near-by businesses and found a restaurant where they correctly guessed that the company’s hungry employees would place online orders from company computers. The restaurant was not on top of things and its system was simple to penetrate. Malware was placed on the online menu and, presto, the cyber crooks were able to breach the tech company’s network as soon as a carb-starved employee used his work computer to log on to order a burger and fries. It was a very innocent act that I might have done…err, have definitely done. How about you?
This stuff is scary because it point out how impossible it is to be vigilant to all possible ways our devices containing our life’s efforts, or the hospital’s network running the telemetry keeping you alive, can be maliciously penetrated. The violation is cyber rape and you can be violated just by ordering a sandwich.
Steven S. Clark, Ph.D., is a former professor and medical researcher at the University of Wisconsin School of Medicine and Public Health. More recently he directed research development at the Milwaukee Institute for Drug Discovery and consults for universities, biotechnology companies and healthcare organizations. His blog BioScience Biz can be read at http://stevensclark.typepad.com/bioscience_biz
The opinions expressed herein or statements made in the above column are solely those of the author, and do not necessarily reflect the views of WTN Media, LLC. WTN accepts no legal liability or responsibility for any claims made or opinions expressed herein.