Hackers rummaged about in Finnish psychotherapy clinic – now patients extorted with public data dump threats

Details on 300 reportedly already published to Tor website


A Finnish psychotherapy centre was hit by hackers who stole therapy session notes – before threatening patients of the clinic with ransom demands amid selective dark web leaks of stolen material.

"Psychotherapy Center Vastaamo has been the victim of data breaches and blackmail," said the Helsinki-based clinical chain late last week (in Finnish), adding: "In recent days, the blackmailer has published sections of the information he obtained during the hacking. Now the blackmailer has begun to approach the victims of the breach with blackmail letters demanding a ransom."

Vastaamo went public about the hack last week after the details of around 300 customers were published on a Tor website, according to infosec firm Bitdefender's corporate blog.

Company chairman Tuomas Kahri told local newspaper Helsingin Sanomat (in Finnish) that "no information has been leaked since November 2018". He added, in a statement on the clinic's website first issued last week, that "it is likely that our system [was also] infiltrated between the end of November 2018 and March 2019."

The statement continued: "We do not know that the database was stolen in this context, but it is possible that individual data was viewed or copied during that period," explaining that while local admins could tell that a customer database had been accessed by the criminals, they couldn't tell precisely whose data had been stolen.

Others with better knowledge of the local situation claimed that up to 40,000 people's details had been stolen from the clinic. Mikko Hyppönen, chief research officer of Finnish infosec firm F-Secure, tweeted:

He added that the attack was a straight-up hack and ransomware was not used by the criminals.

A crisis hotline was made available for victims of personal extortion attempts to access support and therapy, while the local authorities – including Finland's equivalent of the National Cyber Security Centre and the country's data protection body, investigate the hack.

It seems unusual that the hackers waited so long to target the clinic, assuming the clinic's own assertion that the illicit access stopped in March 2019 is accurate. Insider threat – potentially from a rogue former employee – could be one explanation, though the company has not yet responded to The Register's enquiries.

In this day and age, hacks and ransoms are synonymous with encryption malware: ransomware. Demands for payment in exchange for not publishing stolen data are relatively rare, though last year the South African city of Johannesburg faced such a demand – and publicly vowed to ignore it.

Local police have advised those affected (in Finnish) not to pay the ransom and asked that they preserve any messages as evidence and contact the police immediately. "Do not agree to the demands of the blackmail[ers]," advised Marko Leponen, chief inspector of the Keskusrikospoliisi (National Bureau of Investigation). ®


Linus Torvalds issues early Linux Kernel update to fix swapfile SNAFU

‘Subtle and very nasty bug’ meant 5.12 rc1 could trash entire filesystems

Linux overlord Linus Torvalds has rushed out a new release candidate of Linux 5.12 after the first in the new series was found to include a ‘subtle and very nasty bug’ that was so serious he marked rc1 as unsuitable for use.

“We had a very innocuous code cleanup and simplification that raised no red flags at all, but had a subtle and very nasty bug in it: swap files stopped working right. And they stopped working in a particularly bad way: the offset of the start of the swap file was lost,” Torvalds wrote in a March 3rd post to the Linux Kernel Mailing List.

“Swapping still happened, but it happened to the wrong part of the filesystem, with the obvious catastrophic end results.”

So catastrophic that, as Torvalds explained, “you can end up with a filesystem that is essentially overwritten by random swap data.”

Continue reading

Just when you thought it was safe to enjoy a beer: Beware the downloaded patch applied in haste

Let us tell you a tale of the Mailman's Apprentice

Who, Me? The weekend is over and Monday is here. Celebrate your IT prowess with another there-but-for-the-grace confession from the Who, Me? archives.

Our tale, from a reader the Regomiser has elected to dub "Simon", takes us back to the early part of this century and to an anonymous antipodean institution of learning.

Simon was working at the local Student Union (or "guild" as the locals called it), which was having problems with uppity education staff censoring the emissions of students. Simon was therefore commissioned to set up a fully independent newsletter.

"We had scored access to the Oracle user database," he said, "but only via the awful Filemaker Mac database. So I built a bridge to export it out to MySQL.

Continue reading

Remember that day in March 2020 when you were asked to get the business working from home – tomorrow, if possible? Here's how that worked out

IT pros from orgs large and small tell The Reg the tech delivered, mostly, but couriers and home Wi-Fi suddenly became your problem

Covid Logfile Brianna Haley was given one day to be ready to roll out Zoom for 13,000 users at over 1,000 sites.

Haley* is a project analyst for a large healthcare provider that, as COVID-19 marched across the world in March 2020, realised imminent lockdowns meant it would soon be unable to consult with patients.

And no consultations meant no revenue.

"I got called into a meeting at 7:30 or 8:30 on Monday morning and was told we had to get Zoom done by tomorrow," Haley recalls.

Continue reading

The torture garden of Microsoft Exchange: Grant us the serenity to accept what they cannot EOL

Time to fix those legacy evils, though.... right?

Column It is the monster which corrupts all it touches. It is an energy-sucking vampire that thrives on the pain it promotes. It cannot be killed, but grows afresh as each manifestation outdoes the last in awfulness and horror. It is Microsoft Exchange and its drooling minion, Outlook.

Let us start with the most numerous of its victims, the end users. Chances are, you are one. You may be numbed by lifelong exposure, your pain receptors and critical faculties burned out though years of corrosion. You might be like me, an habitual avoider whose work requirements periodically force its tentacles back in through the orifices.

I have recently started to use it through its web interface, where it doesn’t update the unread flags, hides attachments, multiplies browser instances, leaves temp files all over my download directory, tangles threads, botches searchers and so on.

Continue reading

Delayed, overbudget and broken. Of course Microsoft's finest would be found in NASA's Orion

In Space No One Can Hear You Scream (as Windows crashes again)

BORK!BORK!BORK! Getting astronauts to the Moon or Mars is the least of NASA's problems. Persuading Microsoft Windows not to fall over along the way is apparently a far greater challenge.

Spotted by Register reader Scott during a visit to the otherwise excellent Space Center Houston, there is something all too real lurking within the mock-up of the Orion capsule in which NASA hopes to send its astronauts for jaunts beyond low Earth orbit.

Clutched in the hand of a mannequin posed in the capsule's hatch is a reminder of both how old space tech tends to be and a warning for space-farers intending to take Microsoft's finest out for a spin.

Continue reading

Name True, iCloud access false: Exceptional problem locks online storage account, stumps Apple customer service

You're naming yourself wrong?

An iCloud customer says she spent more than six hours on the phone to Apple after being locked out of the service because her name is apparently incompatible with the application code.

"Actor, author, artist" Rachel True posted on Twitter about an error with the iCloud application, an unhandled exception with "Type error: cannot set value `true` to property `lastName`."

It seems that her name was interpreted as a Boolean value instead of a string, a common programming problem especially in dynamic languages which are more flexible about variable types.

Continue reading

Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds

Side-channel ring race 'hard to mitigate with existing defenses'

Chip-busting boffins in America have devised yet another way to filch sensitive data by exploiting Intel's processor design choices.

Doctoral student Riccardo Paccagnella, master's student Licheng Luo, and assistant professor Christopher Fletcher, all from the University of Illinois at Urbana-Champaign, delved into the way CPU ring interconnects work, and found they can be abused for side-channel attacks. The upshot is that one application can infer another application's private memory and snoop on the user's key presses.

"It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs," Paccagnella told The Register. "The attack does not rely on sharing memory, cache sets, core-private resources or any specific uncore structures. As a consequence, it is hard to mitigate with existing side channel defenses."

Side-channel attacks, like the 2018 Spectre and Meltdown vulnerabilities, exploit characteristics of modern chip microarchitecture to expose or infer secrets through interaction with a shared computing component or resource.

Continue reading

NASA shows Mars that humans can drive a remote control space tank at .01 km/h

Perseverance takes first drive around landing spot named in honor of seminal sci-fi author Octavia E. Butler

NASA’s Perseverance rover trekked across Mars for the first time last Thursday, March 4, 2021.

The vehicle went four whole meters forward, turned 150 degrees to the left, then moved another two-and-a-half meters. The entire drive covered a whopping 6.5 m (21.3 feet) across Martian terrain. The journey took about 33 minutes.

The Register ran that through a calculator and deduces the nuclear powered laser-equipped space tank, aka Perseverance, sped along at the astounding velocity of .01km/h, quite a comedown from the 19,310 km/h at which it entered the red planet’s atmosphere.

In a press release, NASA said:

Continue reading

Google's ex-boss tells the US it's time to take the gloves off on autonomous weapons

Plus: AI Index 2021 report takeaways, Chocolate Factory banished from top ethics conference, and more

In brief US government should avoid hastily banning AI-powered autonomous weapons and instead step up its efforts in developing such systems to keep up with foreign enemies, according to the National Security Commission on AI.

The independent group headed by ex-Google CEO Eric Schmidt and funded by the Department of Defense has published its final report advising the White House on how best to advance AI and machine learning to stay ahead of its competitors.

Stretching over 750 pages, the report covers a lot of areas, including retaining talent, the future of warfare, protecting IP, and US semiconductor supply chains.

The most controversial point raised by Schmidt and the other advisors was that America should not turn its back on autonomous AI weapons. The US government should actually be building its own systems to deter other countries from wreaking havoc, it argued. But the development should be carefully monitored to make sure it abides by ethical policies.

Continue reading

Keeping up the PECR: ICO fines two marketing text pests £330k for sending 2.6 million messages

Leads Work Ltd and Valca Vehicle and Life Cover Agency tried to exploit household finance fears in lockdown, says data watchdog

Two businesses that dispatched more than 2.6 million nuisance text messages seeking to exploit lower household incomes during Britain’s first lockdown are nursing a combined financial penalty of £330,000 from the UK’s data watchdog.

The Information Commissioner’s Office (ICO) said it had received 10,000 official moans against West Sussex-based Leads Work Ltd [PDF], which sent more than 2.6 million lead generation texts between 16 May and 26 June 2020.

The texts were sent under the brand of Avon - yes, the direct sales biz that flogs cosmetics and perfumes. Any leads generated would then passed to independent Avon sales reps.

One of the messages, for example, stated: “In lockdown and want to earn extra cash? Avon is now FULLY ONLINE, FREE to do and paid weekly. Reply with your name for info. 18+ only. Text STOP to opt out.”

Continue reading

Biting the hand that feeds IT © 1998–2021