4Hackers Encrypt Medical Records and Hold Them Hostage
We're guessing that no hacker outside of a made-for-Lifetime movie has ever broken into somebody's system, then sent them a note made of letters clipped from magazines saying "iF YoU WAnt 2 sEe ur DAtA aGaiN U wiLL pAy US $50,000." No, something that chilling yet cornball could only happen in real life.
For instance, in July 2012, a group of hackers got into the computer networks of a medical practice known as the Surgeons of Lake County, stuck a proverbial flag in the ground and encrypted all that shit down. The practice's entire database of patient medical records and other sensitive documents was no longer accessible to anyone, completely shutting down the business. Then the hackers posted a digital ransom note to the medical practice, demanding an undisclosed amount of money for the release of the hostage information.
The medical practice shut down the server, records be damned, then contacted the police and notified their clients that their information had been compromised, because fuck ransoms.
"You're doing great. Now, just extend the middle one all the way out and point it at this webcam."
And they weren't the first victims of this sort of thing -- in 2008, the prescription-drug benefits company Express Scripts was sent an email with the Social Security numbers and prescription records of 75 customers, demanding an unspecified sum to keep the information secure. Of course, Express Scripts decided to put their customers' interests first and refused to pay, then emailed all 700,000 of their clients (remember, that's 699,925 less than the hackers had actually compromised) to let them know that their information had probably been stolen. We guess that's better than just giving in, although ideally there'd be some kind of computer code Liam Neeson you could call to deal with this kind of thing.
3The Virus That Was a Spy (or the International Virus of Mystery)
Imagine a chunk of code that could do everything James Bond or Ethan Hunt are supposed to do, but better.
It was called Flame, and it was 20 megabytes of malicious programming that operated as a spy in several Middle Eastern nations, primarily Iran. While James Bond would be busy harpooning vaginas, Flame was doing the thing that spies are supposed to do -- that is, collecting information. Flame can copy data files, capture sensitive screenshots, download instant messaging transcripts and remotely turn on a computer's microphone and camera to record any conversations that are taking place near it.
"She keeps asking me to shit on her chest, and I'm like, 'I'm not your plaything, Grandma.'"
Flame receives commands and data via Bluetooth like a raiding party in Azeroth, but it also has the innate ability to fake credentials to avoid detection. It executes an obscure cryptographic technique called prefix collision attack -- basically, it wards off antiviruses by fooling them into thinking that it's supposed to be there, the binary equivalent of novelty glasses and a Groucho mustache.
In the movies, when a spy gets busted, he or she typically bites open a cyanide capsule hidden in a false tooth and chokes to death on selflessness. Flame totally has that, in the form of a suicide command that automatically deletes the virus and all traces of it from an infected computer. Flame doesn't just die when caught -- it disintegrates itself and burns its birth certificate.
And then executes its mother's obstetrician.
Flame was operating clandestinely for five years disguised as a Microsoft software update (yes, computers at the highest level of government run Windows Vista) until the shenanigans of a separate virus resulted in a crackdown that led to its discovery in Iran. Iran alleges that Flame was created by the U.S. and Israel, but, of course, both nations have disavowed all knowledge.