alt Hacker NewsThe 'untouchable hacker god' behind Finland's biggest ever crime
Comments
This is why you should not go to a therapist who uses electronic records. This will happen to you at some point.
I have seen therapists in the past, but never over video calls, and the notes have been kept on paper. Sometimes in person is much better.
This rush to put everything online will destroy everyone's privacy even though privacy is the thing we all need.
I'm a broken record about this by now, but stories like these keep reminding me how broken the law is for ethical hackers in Germany. If an ethical hacker found something like this in Germany, it would from my knowledge not be clear if entering an empty password counts as "circumventing or breaking a security barrier". "No password barrier" has recently been clarified in courts, but "Static Password" hasn't.
And once you break a security barrier, you're breaking the law. Even GDPR doesn't help you there - that just ensures more people are breaking different laws. And this can get all your devices seized, land you in jail, end your career, cause thousands of Euros of equipment loss, because the new laptop naturally got lost in the return process after 6 - 12 months.
And thus, many people with the skill to find such problems and report them silently to get them closed do ... nothing. Until bad people find these holes and what the article describes happens. And Europe has hacker groups who could turn our cybersecurity upside down in a good way. Very frustrating topic.
> "Unfortunately, we have to ask you to pay to keep your personal information safe.”
I can't put my finger on why, but the faux "aw shucks, our hands are tied" makes me even more pissed off by the fact that they're leaking people's therapy notes. Just come out and say you're an amoral money seeker.
There's a nice episode from darknetdiaries about it https://darknetdiaries.com/episode/159/
Do we really only catch the laziest hackers? The opsec is shocking.
He’s done less than seven years of time, shows no remorse and even denies doing it in the first place. You dropped the ball on this Finland, don’t be surprised when he does it again. What a disgusting human being.
> he had not only accidentally uploaded all of the therapy notes, but also his entire home folder
Lol. At least it's a good reminder about bad opsec.
I've said it before, but these types of malicious hackers should face draconian punishment. Decades behind bars.
Can we talk about the cookie banner on this website?
"Rejection hurts …
You’ve chosen to reject third-party cookies while browsing our site. Not being able to use third party cookies means we make less from selling adverts to fund our journalism."
They're literally saying "we're sad that you don't allow us to spy on you for money" and trying to guilt-trip you on that
"Jazz police are looking through my folders. Jazz police are talking to my niece. Jazz police have got their final orders. Jazzer, drop your axe, it's jazz police!"
"the patient records database was accessible via the internet; there was no firewall and, perhaps most egregiously, it was secured with a blank password, so anyone could just press enter and open it"
There _should_ be a bunch of people in jail for that. Including, but not limited to the CEO. It should also include all the people on the org chart between whoever set that database up and the CEO.