Charges filed in botnet attack that hit hospital – Security – MSNBC.com
SEATTLE – A California man was indicted Friday on federal charges of creating a robot-like network of hijacked computers that helped him and two others bring in $100,000 for installing unwanted ad software.
The indictment from a federal grand jury in Seattle also accuses Christopher Maxwell, 20, and two unidentified conspirators of crippling Seattle’s Northwest Hospital with a ”botnet” attack in January 2005.
Authorities say the hospital attack caused $150,000 in damages, shut down the intensive care unit and disabled doctors’ pagers.
At some point one of these botnets that gets into a hospital computer is going to result in a death and manslaughter charges — probably against the bot net guy, the advertisers and perhaps the programmers who do this code. That should put a crimp in this activity.
It will put a crimp in the profiteers, nothing will deter the unreasonable or the arrogant. It’s like the death penalty argument, both sides a correct, it does and does not deter. Most theives and robbers don’t kill the cashier when holding up a Quickie Mart so the punishment is not so harsh if they get caught, but some will just for fun or because they don’t care or they are just too far out of it to think in the first place. The type of hacker who would actually kill somebody probably thinks he’s too damn good to get caught.
>> one of these botnets that gets into a hospital computer is going to
>> result in a death and manslaughter charges
And probably wrongful death suits as well. Unfortunately, the Hospital and its IT staff will foot the bill for that one. Wherever there are deep pockets, the courts will find liability.
…helped him and two others bring in $100,000 for installing unwanted ad software.
I am more angry with the “advertisers” who paid these weasels $100K, than I am angry at the weasels.
The “advertisers” are just as guilty as the contractor they hired to put their message out there. If the Hospital or anyone else was injured then both should be held accountable.
Why are the computers in the ICU connected to the internet, I wonder?
reply to Mr Mustard,
It sounds strange to such a geeky crowd as us, to have such a vulnerable set-up. But the hospital I work for only began practicing real internet security about four years ago. I’m sure there are many smaller hospitals that don’t have a real grasp of the situation yet. Sad, but it may take a few more incidents in the mainstream news to get the world in line…