Former infosec COO pleads guilty to attacking hospitals to drum up business An Atlanta tech company's former COO has pleaded guilty to a 2018 incident in which he deliberately launched online attacks on two hospitals, later citing the incidents in sales pitches. Under a plea deal he signed last week, Vikas Singla, a former business leader at network security vendor Securolytics – a provider to …
It reminds me of the early 1990s when a certain anti-virus vendor was suspected of creating viruses to further the sales of their product.
> an "extraordinary" rare and incurable form of cancer and a "dangerous" vascular condition,
And the records that show he actually has these imprisonment-avoiding conditions are conveniently stored on a network that he has hacked into. Ingenious!
I hope they jail him for a long time.
Yup. Former. As in, won't ever be a business leader again.
I would like those medical conditions verified, but in any case, there is no excuse for attacking hospitals.
That should be a capital crime. You got cancer ? Well you'll be treated in prison. If the phones work.
The court was recommended to instead sentence Singla to 57 months of house detention due to his suffering an "extraordinary" rare and incurable form of cancer. Any delay to his surgery, should the cancer recur, may render his condition inoperable, according to the plea agreement.
The decision to recommend the alternative to incarceration was also influenced by a "dangerous" vascular condition, from which Singla also suffers.
Both seem a tad convienent & I agree with getting this verified by a independent medical facility, with the latter condition of "dangerous" vascular condition I can only assume he lacks a heart along with his brain.
Eitherway I hope the medical staff treating him are fully aware of the pondlife they are treating & give him all the inappropriate care & attention he warrants.
It's not just his condition, the offence is obviously not being treated very seriously. For one thing the plea bargain makes no mention of phones going offline being intentional, and I imagine the prosecution felt they'd struggle to prove it was. But the main factor is the US legal system's over-focus on financial damage in hacking cases. This case is a textbook example of one side of that:
"b. Section 2B1.1(b)(1)(H) applies because the amount of loss resulting from the offense(s) of conviction and all relevant conduct is more than $550,000 but less than $1,500,000, resulting in an increase in the offense level by 14.
...
d. Section 2B1.1(b)(18) applies because (i) the Defendant was convicted of an offense under 18 U.S.C. § 1030, and the offense involved an intent to obtain personal information and (ii) the offense involved the unauthorized public dissemination of personal information, resulting in an increase in the offense level by 2."
He's paying the $818k back so he's a good boy. The fact it was patient data at a medical facility barely registers in the sentencing.
(The other side of the over-focus problem is: 13 year old kid bungles into megacorp's system with no particular malice or profiteering in mind, megacorp overreacts spending $50 million on intrusion reaction. Kid gets buried)
How about one "attempted murder" charge for every 10 people in ICU at the time of the phone outage? Even if you couldn't get that to stick (a question as to whether he "intended" to cause the phones to stop working), a "depraved-heart murder" charge (knowing it could put people in danger but not caring) should. YEARS in prison is appropriate here.
And I echo the other commenters - have a court-appointed, independent physician verify he actually has those conditions; if not, add extra charges for contempt of court and perjury.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
