The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: This was the month cyberattacks turned fatal

Placeholder while article actions load

with Tonya Riley

The world crossed a red line this month when police directly tied a woman’s death to a cyberattack in Germany.  

Prosecutors in the German city of Cologne have opened a negligent homicide investigation in the case in which an ailing woman was turned away from a hospital in the grips of a ransomware attack and couldn’t help her. She died on the way to another hospital.  

It was the most concrete evidence to date of the real-world consequences of digital hacking. And it’s a scenario that’s likely to play out again and again as technology becomes more deeply entwined in people’s daily lives and security protections fail to keep up. 

This is something people have been warning about for a long time now and you’re going to see more and more of it,” Peter Singer, a senior fellow at the New America think tank who focuses on cybersecurity, told me. 

The case is especially noteworthy because after years of fears about potential life-threatening cyberattacks from Russia, Iran or North Korea that could resemble a “cyber 9/11” or “cyber Pearl Harbor,” the first attack directly linked to a death came from common criminals who may not even have known they were targeting a hospital. 

Indeed, the hackers who locked up the hospital’s IT systems seem to have been targeting Heinrich Heine University, which is affiliated with the hospital, rather than the hospital itself, according to a note the hackers sent demanding a ransom payment, the Associated Press reported

That scenario of a criminal hack accidentally cascading into a life-threatening situation is only going to become more common

“Human life is more tied up with cyberspace now than it was before because of this ongoing march of digitization and the interconnection of networks with all human activities,” Jon Bateman, a former Defense Intelligence Agency analyst and now a cybersecurity fellow for the Carnegie Endowment for International Peace, told me. “Hospital are more online than they were before, and that’s true of many industries. So it stands to reason that cyber incidents with life-and-death consequence will be happening more and more.” 

Just because this death was probably an accidental consequence of a cyberattack doesn’t mean future such deaths won’t be deliberate. 

That will become especially likely with the proliferation of a slew of things connected to the Internet and vulnerable to hacking such as medical devices, driverless cars and connected home features. 

“People may want to think of a world where someone is murdered in their smart home by a cybercriminal or where a city’s entire water system is sabotaged as science fiction. But the reality is it’s coming,” said Singer, who has written novels speculating about the dangers of cyberattacks, artificial intelligence and Internet-connected systems.  

It’s likely that other deaths have indirectly resulted from earlier cyberattacks — but this is the first time there was a direct link. 

A massive 2017 wave of ransomware attacks, known as WannaCry, for example, crippled parts of the United Kingdom’s National Health Service. But prosecutors and researchers there never tied the attacks to any particular patient’s death. U.S. officials blamed North Korea for the attacks, which affected more than 230,000 computers across 150 countries and cost billions of dollars. 

A surge in ransomware attacks in recent years has also dramatically increased the likelihood of such deaths.  

Ransomware is specifically designed to make computers stop operating, making those attacks far more disruptive than hacks aimed simply at stealing victims’ money or personal information. 

Such attacks have been increasing exponentially since about 2015, and the growth seems to have spiked further during the pandemic. A report from the cybersecurity company Bitdefender this month tallied a 700 percent increase in ransomware attacks this year over last year. 

Ransomware hackers also frequently target industries that perform vital functions, such as hospitals, schools and city governments

Yet it’s not clear whether U.S. law enforcement is on the lookout for similar cyber-enabled killings in the United States.

Or if authorities will be prepared to investigate and prosecute them.

“I’d hope the U.S. would take this as a precedent. But we’ve been through so many times where we’ve gone over some line or other and we just say, ‘Oh, my God, why isn’t anyone doing anything about this?’ ” Columbia University senior research scholar Jason Healey told me. 

Healey, a former government cybersecurity official, warned on Twitter in March that ransomware attacks against hospitals were likely to turn deadly during the coronavirus pandemic. 

In a Council on Foreign Relations blog post with Columbia graduate student Virpratap Vikram Singh, he urged U.S. officials and officials from foreign governments to preemptively declare such attacks would be “prosecuted to the maximum extent of the law, not just as computer crimes but reckless endangerment and even manslaughter or murder.”

Such declarations may have limited impact, however, against ransomware hacking gangs that are often spread across different nations and have shown little concern for the damage they cause. 

Indeed, a group of ransomware hackers pledged to steer clear of hospitals during the early days of the pandemic, but there’s little evidence they followed through. 

And victims aren’t doing as much as they should to defend themselves. 

The hospital in Germany, for example, was compromised because the hackers were able to exploit a well-known computer bug that Germany's cybersecurity agency warned hospitals to protect against more than six months ago. Most ransomware attacks against U.S. hospitals have similarly exploited bugs that were well known and warned about. 

In the wake of the homicide investigation being opened, Germany's top cybersecurity officer, Arne Schoenbohm said, “I can only urge you not to ignore or postpone such warnings but to take appropriate action immediately. This incident shows once again how seriously this danger must be taken.” 

The keys

Facebook announced its first takedown of Chinese accounts targeting the 2020 election.

The 10 accounts and five pages the company removed promoted and criticized both President Trump and Democratic presidential nominee Joe Biden, Craig Timberg reports. Other accounts supported former Democratic presidential candidate Pete Buttigieg. 

It's unclear if the accounts had any affiliation with the Chinese government, Facebook says. The inauthentic groups had fewer than 2,000 members in total. One pro-Trump group had only three members.

Overall from China, Facebook removed 155 accounts, 11 pages, and nine groups from its main platform. It also removed six accounts from Instagram. The operation largely focused on influencing audiences in Taiwan and the Philippines on Chinese policy concerns such as the U.S. presence in the South China Sea. 

“The U.S.-focused content was the least and last part of the operation,” said Ben Nimmo, head of investigations for Graphika. “Most of the U.S.-focused assets were taken down when they were a few months old, so they didn’t have time to build a substantial audience.”

Facebook took down accounts affiliated with the Chinese government in 2019, but those accounts were focused on unrest in Hong Kong.

The takedowns were announced the same day the FBI and the Department of Homeland Security's cybersecurity division issued a warning that foreign actors are seeking to spread disinformation regarding 2020 election results. Here's more DHS's top cybersecurity official Chris Krebs:

Lack of leadership at the White House is putting U.S. cyber defenses at risk, a government watchdog says. 

The Government Accountability Office report slams the Trump administration for not fully implementing its cybersecurity strategy and warns it's unclear who in the executive branch is responsible for managing cybersecurity after the White House eliminated a cybersecurity czar role in 2018.

“Without a clearly defined central leader to coordinate activities[the] White House cannot ensure that entities are effectively executing their assigned activities intended to support the nation’s cybersecurity strategy and, ultimately, overcome this urgent challenge, the report says.

The report recommends Congress consider legislation to reinstate the White House cybersecurity coordinator role. A congressionally led panel called the Cyberspace Solarium Commission made a similar recommendation in its report earlier this year.

“Today’s GAO report is further confirmation of the Solarium Commission’s conclusion that strong, central leadership is needed to address increasing cyber threats,” the commission's co-chairs, Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), and two commissioners, Sen. Ben Sasse (R-Neb.) and Rep. Jim Langevin (D-R.I.), said in a statement following the GAO report.

The CIA is limiting Russian intelligence that reaches the White House.

The shift was confirmed by nine current and former agency officials, Politico’s Natasha Bertrand and Daniel Lippman report. It comes after Trump has repeatedly expressed doubt about Russian interference in the 2016 election and is stoking fears among critics that intelligence is being suppressed to please the president, they report. 

CIA Director Gina Haspel has also tasked General Counsel Courtney Elwood with reviewing virtually all intelligence from the agency’s Russia division before it goes to the White House, Politico reports. 

“Four of the [sources] said the change has resulted in less intelligence on Russia making its way to the White House, but the exact reason for that — whether Elwood has been blocking it, or whether Russia officers have become disillusioned and are producing less, or even self-censoring for fear of being reprimanded — is less clear,” Politico reports. 

Policing the dark Web

International law enforcement made 179 arrests in a massive crackdown on opioid traffickers on the dark web. 

Those arrested allegedly engaged in tens of thousands of sales of illicit goods across the United States and Europe, the Justice Department said. Authorities seized over $6.5 million in cash and virtual currencies and about 500 kilograms of drugs, making it one of the biggest dark net busts to date. 

Of the 179 arrests made in Operation DisrupTor, 121 were in the United States. The dark Web is a network of secret Internet sites uses for illicit purposes that are hidden from public view.

Operation DisrupTor demonstrates the ability of DEA and our partners to outpace these digital criminals in this ever-changing domain, by implementing innovative ways to identify traffickers attempting to operate anonymously and disrupt these criminal enterprises,” acting Drug Enforcement Administration administrator Timothy J. Shea said. 

The operation also involved the FBI, Immigration and Customs Enforcement and the U.S. Postal Inspection Service.

Chat room

The Justice Department boasted the dark web takedowns were the biggest in history. But new markets are likely to spring up quickly. MIT Technology Review's Patrick Howell O'Neill:

Forbes's Thomas Brewster:

Some crazy details from Wired's Brian Barrett:

Securing the ballot

Pennsylvania Republicans are asking the Supreme Court to block mail ballots received after Election Day.

They're asking the court to delay implementing a recent state court ruling that upheld an effort by Democrats to allow ballots to be returned up to three days after Election Day, Amy Gardner reports. They argue the decision would allow votes to be cast after Election Day.

More election news:

Testing ahead of U.S. elections reveals struggle to quell disinformation (Reuters)

The Russian Trolls Have a Simpler Job Today. Quote Trump. (New York Times)

Government scan

The Department of Housing and Urban Development is putting the data of tens of millions of Americans at risk.

HUD failed to report all its external vendors that are receiving sensitive information and how they're securing it, a new GAO report says. The agency's privacy gaps could expose the personal information of tens of millions of Americans, including their Social Security numbers.

HUD said in a letter in response to the agency that it is “taking actions to correct the noted deficiencies in the draft report” but did not elaborate on which of the GAO's recommendations it was adopting, if any.

More government news:

Trump officials hint at update for US maritime cybersecurity (CyberScoop)

FERC Asks Energy Sector to Report Huawei, ZTE Usage (Nextgov)

Bookmark this

Arkady Bukh: Man in the Middle (CyberScoop)


  • The Senate Commerce Committee will hold a hearing, “Revisiting the Need for Federal Data Privacy Legislation,” today at 10 a.m.
  • The Senate Homeland Security Committee will hold a hearing on the nomination of Chad Wolf to be the next homeland security secretary today at 10 a.m.
  • The Senate Homeland Security Committee will hold a hearing on threats to the homeland with FBI Director Christopher A. Wray as a witness at 10 a.m. Thursday.
  • New Americas Open Technology Institute will hold a virtual panel exploring how Internet platforms are addressing the spread of election-related misinformation on Oct. 1 at 1:30 p.m.

Secure log off

It's still not too late!