Just what we need: more fuel to try hackers as domestic terrorists.

I can't wait to see this dude's mug shot when they catch him within 2 days.

how much spam do you think we can have sent to hackingforprofit@yahoo.com in 7 days?

As a network administrator, if the state does not have a backup OFF SITE, or at least not accessible from the same place as the main site - then they need to fire their computer guy (well possible fire for the hack in the first place.... but that is more debatable.)

Awesome. I will send him an email offering him $5 to be able to punch him in the face. He can consider it practice for the beating he's going to get just before he gets raped in prison.

umm... can't they track emails such as Yahoo accounts?

Yeah it is hard to believe that someone could hack all of these files, and delete all of the backups. Most if not all State and local agencies with a half-brained CIO, would have two hard-site backups off site of the actual infrastructurewhere the files were held on storage.

Either this hacker is a whizkid or a total idiot.

I hope they use Paypal to transact the ransom. That way, NO one gets what they want!

@wickedpixel: Oh... lots. Google search the term "mugu," go to any and all websites that come up with that term listed somewhere in a guestbook, and leave that address. He'll be drowning in 419 opening letters and phishing spam before long.

this is why I hate when hospitals ask for DL info and SS#

Well, it appears his Yahoo! e-mail account is locked out anyhow for about 24 hours. I wonder what sort of super-genius hacker uses a Yahoo account.

Behold! The first offender in the upcoming country-wide clusterf*** that will be computerized medical records.

Everyone who advocates for those records needs to remember that stupid people will administer them. This means no offsite backups, passwords that are 1-2-3-4, machines left out and stolen...

@coan_net: If he doesn't, first pass a law stating he can't change his name, social or credit card numbers for ten years. Then post all his particulars on the site, begging for ID thieves to take the data and have a field day.
THEN fire him.
And three people above, and below him.

@Trai_Dep:

+1

@Bathmat: That is just the way gov rolls babe. You just have to get with it.

@octopede: First this person hopefully does not live in the U.S. and will not be arrestable or catchable. Second, if you go nuts with hacker related law the people who find security holes in websites and report the holes will be wrongfully prosecuted as hackers. I would rather see a few hackers go free rather than see innocent people charged as terrorists.

@wickedpixel: probably not much since yahoo should filter it.

@coan_net: Whoever screwed up the backup definitely needs to be fired.

@UrIt: Not if you use 8 proxies and live on a oil rig in the middle of the ocean.

By his concise grasp of the English language, he's clearly not Nigerian royalty. If he was able to get into their system, there has to be a way for them to track where their records were accessed from. There's no way he'd be stupid enough to do this inside the US. I'd say he's American and hiding outside the country.

@Trai_Dep:

+2

@UrIt: nothing you but on a yahoo profile has to be verifioed and any IP logged is likely through aa nest of proxies and TOR servers. It isn't impossible but they'd have better luck putting money in teh account and then tracking the money.

@Corporate_guy: you obviously don't have a yahoo account or you would know that doesn't happen

@Trai_Dep: +35,548,087, + 10,000,000 to paypal's revenue

@Bathmat: The world would be a much better place if people would stop using the combination on my luggage.

@key2616: Awesome. I will send him an email offering him $5 to be able to punch him in the face. He can consider it practice for the beating he's going to get just before he gets raped in prison.

Nice! LOL!

@Corporate_guy: "I would rather see a few hackers go free rather than see innocent people charged as terrorists."

That's what trials are for. The penalty for something like this should be Saudi-style - having your hands removed and being physically silenced (i.e., cutting the laryngeal nerves).

Obviously that's very extreme, but I'm quite sick of hackers (the evil ones) trying to extort money in return for not ruining millions of people's lives.

I guess is the encryption his insurance against capture? :D Did he ever read XKCD? [xkcd.com]

They should send him a cashiers check for $15mil, have him deposit it and send the extra $5mil back.

err, rather, this one [xkcd.com]

If they are really so retarded that he was able to delete their only backup he should be pardoned, and given the $10M as a reward. Seriously - no way. They have backup. One thing the govt. CAN do well is write and follow procedure documents.

@UrIt: umm... can't they track emails such as Yahoo accounts?

Can't they do an IP trace like on tv to catch him?

@1234tu:

It is possible they have never actually restored the backup before. It happens a lot.

Spoiler:: The password is HIPAA

I'd like to offer him $100 for all the data. If there are no higher bidders, I'll buy it and sell to Virginia for $10,000. I'm not greedy: I'll get enough for a new used car, and Virginia saves so much money they'd build me a statue and name a day of the week after me.

@octopede: Forget the hands.

This piece of slime has demonstrated that he no longer deserves to co-exist on this rock. Go for the head.

You can't fix someone that broken. When you release him he'll be just as worthless.

How does anyone in today's day and age expect to get away with this? Technology will catch you!

@Corporate_guy: Gmail would. Yahoo? Not so much. Trust me, it wouldn't take long before the box would be almost unusable. His response from VA would be a needle in a haystack, unless they've added a search functionality recently.

Given the relative ease and inexpensive nature of securing networks, I am constantly surprised by the number of organizations (particularly universities) that are caught with their proverbial pants down.

Disclaimer: I'm an IT security professional (insert witty "don't try this at home" line here!)

I hope he enjoys federal PMITA prison.

@Corporate_guy: At this point all we have is a boast that he deleted "the backup".
If this place has any sense, that wasn't the only one.

@Jozef: If that was a serious offer I would say that you just committed a felony....

@Eyebrows McGee (on Twitter: LPetelle):

Wow...two Office Space references in one day (see: magazine subscription story comments)...this is a GOOD day, indeed.

It would have been double-win if the hacker had demanded a stapler in his ransom note.

@joeblevins: It is possible they have never actually restored the backup before. It happens a lot.

I'm not an IT expert - what does "restored the backup" mean? Are you saying that it is really a possibility that they don't have some kind of a daily backup stored in a safe somewhere? These guys probably have a 50 page procedure document just for backups, and another one for disaster recovery. Unless someone just chose not to do their job for a few months I don't see how this could happen.

@citking: Someone who doesn't want to be tracked by whatever client they use, and therefore uses a crappy standard email client that jillions of non-computer-savvy people use instead of a powerful one like Gmail that's probably a couple levels of magnitude more advanced than this hacker or a client attached to his own website.

(Convoluted grammar! I'm sorry.)

@ohnoes: Remove eyes and reproductive organs too. And bill for the services.

I'm not sure who's dumber. The hacker or the state of Virginia.

@1234tu: I think he means that they've never had to use their backup before. Often, folks don't discover that their backup system doesn't actually work until it is too late (i.e., the first time they really need it).