By Yvonne Tevis. It was a stormy night on the Dark Web.
But on a sunny UC campus one morning, Jack Tern was plowing through email. The ‘replies-to-all’ were driving him batty. So much work piling up, meetings to arrange, invoices to pay…
Then he saw the urgent email from his supervisor, Athletics Director Kat Black. She was out of state recruiting. “Jack,” she wrote, “sorry for the rush, but I need 5 gift cards ASAP. $100 each. Got an event in 20 min. Use this link here to buy the cards, http://recruitgreats.com, I’ll pick them up at bookstore. Thx!”
Jack slightly panicked. His boss was fun but really demanding. When she wanted something, she wanted it NOW, not two minutes from now. Guess that’s how she got to the top.
Quickly he fished through his drawer and found the corporate credit card. He clicked the link, selected cards, entered the credit card info…and then the website froze. Frustrated, he shook the keyboard, rattled the mouse. Nothing moved. “What a time for the computer to die!” he thought.
His anxiety rising, Jack texted Kat. “I’m on it, computer problems, give me a minute.” Next, he called the Help Desk. “Hey, my computer isn’t working and I’ve got something urgent for my boss.” The customer-support representative said almost ghoulishly, “Certainly, let me remote-in and see what’s going on.”
Then Jack saw the response from Kat, “What are you talking about?”
Meanwhile, across the green glades of the campus, in the old stone halls, Professor Skelton’s graduate students were hunkered down in the lab, using high-speed networks to process massive amounts of data from colleagues around the globe. Experimental physics. Their research could revolutionize energy production, military strategy, and medicine.
“Oh my god!” screamed one of the postdocs, Fran Stein. “Something’s taken over the computer – all these ads are popping up!” She hunched over her station, stabbing keys. A ghostly silence enveloped the room, everyone staring at Fran, realizing lots of their research data was stored on that machine.
Their imaginations began running away with their worst fears: “Is the data still there? Had someone stolen it? If they could retrieve it, could they trust its integrity?”
Meanwhile, over in the high-rise buildings, a blood-red sunset glinted off mirrored walls. The medical center executives were in high-panic mode. Earlier that day someone on the medical-records team had been surfing the net and clicked on a news source, or so he thought.
A crudely designed message suddenly appeared on his monitor: “Trick or Treat! Your important files are encrypted. You can safely and easily recover all your files but you have only 3 days to submit the payment. Pay $50,000 in bitcoin only to the address shown here.”
Now in the war room, CISO Grimm had called in the FBI and the executives were talking scenarios. They realized without medical records, patients couldn’t be seen or treated. Even if the backup system went live in 24 hours, current emergencies would have to be diverted to other hospitals and clinics, which were unprepared for the onslaught. In truth, people could perish.
They decided to pay the ransom.
Back on the Dark Web, the cyber goblins were shrieking with joy. Oh the wondrous mayhem they had wrought on this hallowed institution – and just for fun. Not even for money! And all it took was a little phishy email, social engineering, and sweetly placed malware. They howled with glee!!
* * *
Have fun this Halloween, everybody! Stay #CyberAware!
Graphic by Julia Chen, UCLA student and former intern at the UC Office of the President.
Yvonne Tevis is editor of the UC IT Blog and chief of staff, Information Technology Services, at the UC Office of the President.
Like any good ghost story: Great fun and valuable warnings!