Tech’s evil twin

Cyber attacks, like the one that left government workers in Alaska resorting to typewriters, seem increasingly common. But just how easy is it to set up such a scheme and hold organisations to ransom like that? In what reads like a cross between a heist movie and an episode of the IT Crowd, Drake Bennett from Bloomberg gives it a go.

I used dark web ransomware to sabotage my bossBloomberg
These days, prospective attackers don’t have to create their own ransomware; they can buy it. If they don’t really know how to use it, they can subscribe to services, complete with customer support, that will help coordinate attacks for them. … In the public imagination, hackers are Mephistophelian savants. But they don’t have to be, not with ransomware. “You could be Joe Schmo, just buying this stuff up,” says Christopher Elisan, director of intelligence at the cybersecurity firm Flashpoint, “and you could start a ransomware business out of it.”

You could even be a liberal-arts-educated writer with a primitive, cargo-cult understanding of how an iPhone or the internet work, who regularly finds himself at the elbow of his office’s tech-support whiz, asking, again, how to find the shared drive. In other words, you could be me. But could you really? I didn’t start out on this article planning to try my hand at ransomware. A few weeks in, though, it occurred to me that if someone like me could pull off a digital heist, it would function as a sort of hacking Turing test, proof that cybercrime had advanced to the point where software-aided ignorance would be indistinguishable from true skill. As a journalist, I’ve spent years writing about people who do things that I, if called upon, couldn’t do myself. Here was my chance to be the man in the arena.

Just be careful, OK?