Placeholder Image

Subtitles section Play video

  • Ransomware is everywhere.

  • It's happening to the biggest companies.

  • The cyber weapon NotPetya started in Ukraine

  • in June of 2017.

  • It quickly spread, paralyzing major companies

  • and causing more than $10 billion in damage.

  • Government computers in 22 Texas towns

  • are being held hostage by ransomware.

  • But it's also happening at super low levels,

  • where you have people

  • ransoming individuals for small amounts of money.

  • And the thing that was most interesting

  • and the thing that sort of set us down this path

  • is this thing called ransomware as a service.

  • And as soon as you hear that phrase,

  • I mean, I want to read about that.

  • The idea that people could buy ransomware the same way

  • they buy Salesforce software or anything else.

  • And so then we decided to send Drake out into the dark web

  • to procure some ransomware service.

  • With a story like this,

  • all the reasons not to do it

  • are actually the reasons to do it.

  • My name's Drake Bennett.

  • I went on the dark web, I bought some malware

  • and I used it to attack and extort my editor Max Chafkin.

  • The original idea

  • was just to do something about ransomware.

  • The city of Baltimore was having this huge

  • sort of battle with some hackers.

  • Thousands of Baltimore city computers

  • frozen by hackers demanding ransom.

  • Baltimore's government computer systems

  • recently faced a ransomware attack.

  • Are you seeing these attacks become more sophisticated?

  • The more I learned about this world,

  • the more frustrated I got.

  • It seems hard to know what you can trust here.

  • There's a lot of anonymity.

  • The more I thought about it,

  • the more it seemed like

  • it might make sense to try it myself.

  • He wanted to do something participatory.

  • It's really a cool way

  • to explain a really difficult technical topic.

  • And then that also has the added benefit

  • of testing out a hypothesis I'd begun to have,

  • which is that this stuff has gotten so easy

  • for a variety of reasons

  • that almost anyone could launch one of these attacks.

  • And as it happens,

  • I'd be a particularly good guinea pig for this

  • because I'm particularly technologically illiterate.

  • You got to have a hacker, and that hacker despite his,

  • I'd say modest computing skills,

  • is Drake and the victim was me.

  • And our idea was that Drake could, you know,

  • he's sending me attachments all the time,

  • so the way we decided he was gonna do it is he was gonna

  • pretend to send me a draft,

  • but that draft was gonna be ransomware.

  • - What were some of the legal concerns and how did you get around that?

  • Okay.

  • Legal concerns.

  • What we figured out in consultation with a very amused

  • and maybe slightly confused Bloomberg lawyer, was that--

  • All of the laws that are on the books

  • require not only the possession of malware,

  • but the intent to actually launch an attack

  • against an unwitting victim.

  • Max, my victim was complicit in the scheme,

  • so we figured that kept us on the right side of the law.

  • And I do think there's a really strong

  • public interest argument for doing this kind of thing

  • because if somebody as unsophisticated

  • as a magazine journalist

  • can get really dangerous ransomware

  • without spending very much money,

  • that's something that I think

  • the public needs to know about.

  • So once we kind of talked to a Bloomberg lawyer,

  • we then got two burner laptops,

  • we got two cheap Dell laptops.

  • Max and I both work for a company

  • that takes data security very seriously for obvious reasons,

  • so we made sure

  • that we kept all this off Bloomberg's network.

  • Then we decided to send him

  • onto the dark web to procure some ransomware service.

  • So there are these dark web forums

  • that work sort of like they're chat rooms,

  • but they're also these kind of malware bazaars

  • where you can go and people are hawking

  • different forms of malware and also different ways

  • of getting that malware onto computer systems.

  • The market has now kind of advanced

  • to the point where there are these services,

  • they're called ransomware as a service,

  • and it's a play on this idea of software as a service

  • or SaaS, which is something you hear

  • in Silicon Valley all the time.

  • And so I found a couple,

  • some of them turned out to be bogus,

  • some of them seemed to be defunct.

  • People just didn't get back to me.

  • But there was one where the guy got back to me

  • when I got in touch with him

  • and answered the few questions I had.

  • And it was cheap, it was just 150 bucks,

  • so I figured it was worth a try.

  • So the first thing I did is I reached out to the vendor

  • and I used ProtonMail, which is an encrypted email service.

  • And at that point I had gone ahead

  • and set up a Bitcoin wallet,

  • so I paid the $150 that was the subscription fee

  • for the service and that gave me a login for this website.

  • And it was a pretty simple looking interface.

  • There was a series of tabs at the top of the screen.

  • One of the tabs took me to the quote unquote dashboard,

  • which is where I'd be able to manage the various attacks.

  • There was another tab

  • that took me to what was called the builder,

  • which is a page that allowed me to input a few pieces

  • of information about the kind of malware I wanted.

  • Stuff like what kind of operating system

  • would be on the target computer or what kind of encryption

  • I wanted or what's the email address

  • that my victims should use to contact me

  • once they realize they've been attacked.

  • So I input those few pieces of information

  • and it spits out a piece of software

  • that I could then download onto my computer.

  • So it became obvious pretty quickly

  • that I didn't have particularly top shelf product.

  • And that's not surprising.

  • A lot of the conversation on these dark web forums

  • is about whether this or that product

  • is reliable or how well it works.

  • The person that we bought the ransomware from

  • turned out to be not the most sophisticated.

  • Almost as unsophisticated as we were.

  • And it kind of started to become unclear

  • whether he was trying to con us out of more money,

  • and I kept saying to him,

  • "We got to be really careful

  • that there's not an additional layer to this scam,

  • that he's not gonna ask us to wire him some more money

  • to make the software work better,"

  • which is what he was trying to do.

  • So there's just like so much con artistry.

  • And there does seem to be a wide range

  • in quality reflected partly in the wide range of price.

  • There are other ones that are much more high end

  • where it's not even an annual fee model

  • it's more like you have a gang of hackers

  • with different specialties

  • and they just divide up the pot between them.

  • So I wrote my email to Max, which basically said,

  • 'Hey Max, here's the draft of my latest story.

  • Sorry it's taken so long.

  • The draft is attached'.

  • Even though I had a really bad laptop,

  • it immediately sniffed out the potential

  • that this attachment that Drake was sending me,

  • which looked super suspicious to me, was going to do harm,

  • and there were a bunch of warning boxes that opened up

  • saying, "Are you really sure you want to load up this file?

  • Are you super sure?"

  • And of course I said yes, yes, and infected myself.

  • And then Max looked away for a second

  • and looked back at his computer

  • and there was this ghoulish image of a hand

  • reaching out from a cloud of smoke and a message that said,

  • "All of your files have now been encrypted."

  • And, so I was sitting there waiting for this thing to happen.

  • We had a photographer there.

  • All of the documents,

  • you know I had to load the laptop with a bunch of documents

  • that I wasn't afraid to lose.

  • So I didn't have anything important on there.

  • And there's still something really scary

  • about seeing that message on your computer

  • that says that they own you now,

  • that the attacker has your files

  • and is gonna do with you what he wants.

  • And it really makes you realize

  • how easy it is to become a victim.

  • The communities of people who are in this world

  • range from the most sophisticated hackers,

  • so like, state-supported,

  • connected to the military or intelligence operation

  • of some of the most powerful countries in the world,

  • all the way down to literally a bored teenager.

  • After all this was over I did reach out

  • to my ransomware providers and announce myself

  • as a journalist and you know,

  • they consented to be interviewed

  • and basically what they told me,

  • they didn't say much about themselves

  • but they did say that they were a group

  • of 18 to 26-year-olds with different specializations

  • working as a team to create this stuff.

  • A lot of these chatrooms where these products

  • are bought and sold are Russian language chatrooms.

  • Some of them have actually been geofenced or coded

  • in such a way that they'll work anywhere

  • except in places like Russia, Ukraine.

  • But I don't know where particularly

  • my providers were located.

  • I also think it was surprising in a good way

  • that we really had to work to make this work

  • in terms of me ignoring warnings

  • that my computer was giving.

  • In terms of Drake having to work with an expert

  • to get the ransomware to work perfectly,

  • but it's just kind of like a scary reminder

  • of how all of this kind of,

  • there are all these sort of bad actors and creeps

  • and con artists kind of lingering just below the surface

  • of the internet and just creepy how close they are

  • and how you're not that far away from downloading something

  • that can kind of mess up your digital life.

Ransomware is everywhere.

Subtitles and vocabulary

Click the word to look it up Click the word to find further inforamtion about it