It was the day before Christmas when the professorโs phone rang. The screen said โanonymousโ, with a small a. That could only mean one thing.
โHacker!โ said the professor.
โProfessor!โ replied the hacker.
The hacker and the professor had known each other for a while. They had worked together when they were both still working for the police. The hacker called himself a hacker. Not an ethical hacker or a white-hat hacker, just a hacker. And the professor didnโt really know many of these.
Recently, the professor had given a lecture on the need for cooperation between police, universities and businesses. Lots of people had come to listen, and the hacker was one of them.
โYouโll hear about it in the media soon enough, but the University of Maastricht has fallen victim to ransomware,โ said the hacker, โand as that actually involves cooperation between the police, the university and the business community, Iโd like to invite you for a cuppa coffee.โ
If the hacker said โcuppaโ, he meant a double espresso. However, โinviteโ didnโt necessarily meant that he was paying.
And so it came to be.
They had barely shaken hands before the hacker had gone off on a tangent.
โThis type of software is aimed at getting ransom money. It was planted on the victimโs system much earlier and was most likely tested before it was actually activated. The software encrypts or shifts important data, and the victim receives a message offering to decrypt the data in exchange for crypto currency.โ
โHow about a double espresso?โ the professor asked. After a slight nod of his head that was only obvious to an experienced observer, the hacker hurtled on.
โEven if Maastricht University were to pay, there is a good chance that only a portion of the data could be recovered. Moreover, it increases the chance of subsequent ransomware because the victim appears to be willing to pay.โ
The professor noted that weapons of mass destruction refer to weapons of the past, but that weapons of mass disruption have the future.
โBut thatโs when it gets really interesting,โ the hacker went on. โbecause what does the victim do next? โ
The professor knew that raising an eyebrow was all that was needed.
โIโll tell you: theyโll hire a commercial party to do an analysis of the damage, and the chances of undoing that damage. This is the most crucial thing for the victim. And the police? Theyโll be called in to file a report and run an investigation. But thatโs comparable to bicycle theft.โ
The professor didnโt have long to think about this comparison.
โItโs more of a formality, I mean. Because I can assure you that any clues in the software code, or the email or IP addresses point to countries where the police are not allowed to investigate! So detection and prosecution is out of the question from the outset.โ
The hacker stared at him with a meaningful look in his eyes. Their relationship required that the professor should now ask a smart question.
โSo youโre saying that this kind of criminals can get away with everything because they donโt have any natural enemies?โ It wasnโt really a smart question, but more of a summary.
โExactly!โ the hacker exclaimed enthusiastically. โThe victim is technically no match for the criminal. And the police canโt do anything as they have to stick to conventions or to the rules of professional conduct.โ
The hacker was silent. Just for a moment.
โBut as a citizen, I donโt have to worry about that. I am on various forums, pretending to be someone else, using pseudonyms and shielded email addresses, buying a piece of software here and there. I donโt do anything illegal, but I do stuff the police canโt do or can only do in very exceptional cases.โ
The professor nodded. In their previous lives they had frequently been confronted with legislation that prevented the police from doing what a citizen is allowed to do.
โMeanwhile โ Iโve collected a huge amount of data. On groups of offenders, modus operandi , conversations between people and so on. Thereโs predictive value in all of that.โ The hacker continued, โI donโt want to say that the attack on the university could have been prevented with this, but Iโm already detecting patterns with my own eyes. So if we apply data science โฆ well then โฆโ
He was looking for the right words and that was a new experience for the professor too.
โโฆ Then we will definitely be better able to predict whatโs going to happen.โ
Christmas came, and shortly after that, New Yearโs Eve. The hackerโs observations lingered in the professorโs head the whole time. When the new decade dawned, he grabbed his phone. 2020 had to become the year of pattern recognition, and that would begin with a double espresso.
He called โanonymous.โ With a small a.
