The Bizarre Story of the Man Who Invented Ransomware in 1989 (cnn.com) 67
Slashdot reader quonset writes:
To this day no one is sure why he did it, but in 1989 a Harvard-taught evolutionary biologist named Joseph Popp mailed out 20,000 floppy discs with malware on them to people around the world. At the time he was doing research into AIDS and the discs had been sent to attendees of the World Health Organization's AIDS conference in Stockholm.
Eddy Willems was working for an insurance company in Belgium and his boss asked him to see what was on the disc...
CNN picks up the story: Willems was expecting to see medical research when the disc's contents loaded. Instead he became a victim of the first act of ransomware — more than 30 years before the ransomware attack on the US Colonial Pipeline... A few days after inserting the disc, Willems' computer locked and a message appeared demanding that he send $189 in an envelope to a PO Box in Panama. "I didn't pay the ransom or lose any data because I figured out how to reverse the situation," he told CNN Business.
He was one of the lucky ones: Some people lost their life's work.
"I started to get calls from medical institutions and organizations asking how I got around it," said Willems, who is now a cybersecurity expert at G Data, which developed the world's first commercial antivirus solution in 1987. "The incident created a lot of damage back in those days. People lost a lot of work. It was not a marginal thing — it was a big thing, even then...." It's unclear if any people or organizations paid the ransom.
CSO reports that Popp was eventually arrested and charged with multiple counts of blackmail after law enforcement identified him as the owner of the P.O. box where the ransom checks were to be sent.
CNN adds that "One of the biggest problems about ransomware nowadays is that ransoms are often paid with cryptocurrency, such as bitcoin, which is exchanged anonymously and not traceable."
Eddy Willems was working for an insurance company in Belgium and his boss asked him to see what was on the disc...
CNN picks up the story: Willems was expecting to see medical research when the disc's contents loaded. Instead he became a victim of the first act of ransomware — more than 30 years before the ransomware attack on the US Colonial Pipeline... A few days after inserting the disc, Willems' computer locked and a message appeared demanding that he send $189 in an envelope to a PO Box in Panama. "I didn't pay the ransom or lose any data because I figured out how to reverse the situation," he told CNN Business.
He was one of the lucky ones: Some people lost their life's work.
"I started to get calls from medical institutions and organizations asking how I got around it," said Willems, who is now a cybersecurity expert at G Data, which developed the world's first commercial antivirus solution in 1987. "The incident created a lot of damage back in those days. People lost a lot of work. It was not a marginal thing — it was a big thing, even then...." It's unclear if any people or organizations paid the ransom.
CSO reports that Popp was eventually arrested and charged with multiple counts of blackmail after law enforcement identified him as the owner of the P.O. box where the ransom checks were to be sent.
CNN adds that "One of the biggest problems about ransomware nowadays is that ransoms are often paid with cryptocurrency, such as bitcoin, which is exchanged anonymously and not traceable."
Bitcoin IS traceable (Score:5, Insightful)
Bitcoin is MORE traceable than anything you can do through a bank or cash. The whole friggin ledger and every single transaction is public information.
Re:Bitcoin IS traceable (Score:4, Insightful)
So you cycle it through Monero through some online exchanges who don't give a shit about facilitating ransomware if they get their cut, problem solved.
Re: Bitcoin IS traceable (Score:3)
Re: (Score:2)
Bitcoin is MORE traceable than anything you can do through a bank or cash. The whole friggin ledger and every single transaction is public information.
This is the Bitcoin quantum woo argument, that crypto is simultaneously traceable and untraceable. In reality, designers hoped that crypto would be traceable through the blockchain, but it is not difficult to break the trail by tumbling coins. This will go on until some intelligence agency decides to collapse the maximalists' wave function by crushing the exchanges. Game over.
Re: (Score:2)
it's not hard for a government to see the transactions performed through bitcoin's network. And see all the wallets connected directly and indirectly with a particular transaction in question. It's really hard for a government to actually stop or reverse a transaction. Freezing a criminals assets is off the table for law enforcement, and one of the reasons the government hates crypto so much.
BTC is both excellent for money laundry and terrible for keeping your associations secret. It boils down to how caref
Re: Bitcoin IS traceable (Score:3)
The pipeline ransomware guys take payment in Monero, or apply a 10% upcharge to use bitcoin.
Tumblers are likely traceable in the ling term, but who knows if criminals care about that. I think most are will to transition to something claiming to be a privacy coin- Monero being the biggest and best, but Zcash and the pirate one get some people trusting them.
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
20,000 floppy disks (Score:5, Funny)
"as a biologist, how did he have money to pay for all of those discs?"
Was AOL mailing unsolicited floppies in 1989?
Re: (Score:1)
In '89 I think they were still called Quantum Link. They also used to give away free copies of their service dialer but I doubt they mailed unsolicited copies out. I also remember that at 300 baud, their text menus didn't render instantly.
Re: (Score:2)
That was only if you used the 300 baud modem that came free with a year's service. You could also independently buy a 1200 baud modem. They were reliant on the Tymnet and Telenet X.25 networks to connect subscribers and AFAIK Tymnet and Telenet didn't upgrade to 2400 baud during Q-Link's lifetime.
The mentally unfit Dr Popp (Score:5, Interesting)
The British caught him but sent him back to the USA because he was found mentally unfit for trial.
You think perhaps it was a ruse... but perhaps not. He later self published a book with the following tid bits of wisdom.
Popp pronounces traditional religion, morals,
and ethics as all unsuited to the age of science. Instead, he
proposes we live by an “evolutionary ethic,” one that stands up
to a culture hellbent on staunching our reproductive potential. He
explains why breastfeeding should be legislated against (“it
suppresses ovulation in the mother”) and points out that “rather
than increase reproductive success, the pathological search for true
love reduces it.
But it gets better.
“If chastity, celibacy, environmentalism, or homosexuality cause a person
to fail to reproduce, it is the equivalent of a preproductive death
of that person in terms of evolutionary consequences.”
and
“In the strange environment in which we currently live, there is an an
inverse correlation between wealth and reproductive success. In this
sense, if you are dedicated to gambling look at it as a dependable
way to reduce your wealth and thereby increase the number of children
you will have, rather than hold the unrealistic notion that it is a
way to get rich. Four hundred billion dollars is spent on gambling in
America each year. That may not by itself be enough to turn around
the low rates of reproduction in America, but it is a large step in
the right direction.”
Excerpts from https://www.villagevoice.com/2... [villagevoice.com]
So kiddies, don't become an evolutionary biologist or you might go nuts!
Re:The mentally unfit Dr Popp (Score:4, Funny)
Re: (Score:2)
That's positively lucid compared to Ted Kaczynski. And Theodore is doing multiple life sentences in the slammer.
Re: (Score:2)
The human animal has gone from 600 creatures to 7 billion in a million years, with exponential growth in the last 200 years. Humans can do more than hunt, eat, hide, sleep and fuck. A tiny human consumes a lot of resources, so doing only the minimum for propagation will result in a lot of dead babies. The first human settlements are believed to have a infant mortality rate of 90%. That number that dropped below 50% after the invention of vaccines and city-wide sewers. As a biologist, he should know tha
Re: (Score:1)
As a biologist, he should know that many species forgo individual parenting for the good society. His obsession with every man proving his virility seems to be religious fanaticism.
If you were more familiar with evolutionary biology, you would not be as surprised by Popp's ideas. Since Darwin, the idea of genetic "fitness" as it relates to the individual's [genes'] survival has been ingrained the field. Dawkins wrote The Selfish Gene from a similar perspective.
Evolutionary biologists study survival as a genetic concept. Your lineage is erased from the gene pool when you don't procreate. Similarly, "helping others for the sake of society" is almost negative fitness in a sense, as you e
Re:The mentally unfit Dr Popp (Score:4, Interesting)
Not entirely, and Claude Lévi-Strauss' work on the societal importance of bachelor uncles (who don't procreate but, by promoting the survival of their nephews and nieces, promote the survival of the approximately 25% of their genes which are in common) predates Dawkins' work by decades.
Re: (Score:3)
Re: (Score:2)
The British caught him but sent him back to the USA because he was found mentally unfit for trial. You think perhaps it was a ruse... but perhaps not. He later self published a book with the following tid bits of wisdom.
Popp pronounces traditional religion, morals, and ethics as all unsuited to the age of science. Instead, he proposes we live by an “evolutionary ethic,” one that stands up to a culture hellbent on staunching our reproductive potential. He explains why breastfeeding should be legislated against (“it suppresses ovulation in the mother”) and points out that “rather than increase reproductive success, the pathological search for true love reduces it.
But it gets better.
“If chastity, celibacy, environmentalism, or homosexuality cause a person to fail to reproduce, it is the equivalent of a preproductive death of that person in terms of evolutionary consequences.”
and
“In the strange environment in which we currently live, there is an an inverse correlation between wealth and reproductive success. In this sense, if you are dedicated to gambling look at it as a dependable way to reduce your wealth and thereby increase the number of children you will have, rather than hold the unrealistic notion that it is a way to get rich. Four hundred billion dollars is spent on gambling in America each year. That may not by itself be enough to turn around the low rates of reproduction in America, but it is a large step in the right direction.”
Excerpts from https://www.villagevoice.com/2... [villagevoice.com]
So kiddies, don't become an evolutionary biologist or you might go nuts!
In what way does any of that contradict mainstream thinking today? I mean apart from him valuing reproduction, that is (there was a time when successful societies did that).
Re: (Score:3)
Re: (Score:2)
Wait, how is that incorrect?
Re: (Score:3)
It presumes two things incorrectly:
1. That quantity is considerably more valuable than quality. He's correct that lower socioeconomic classes to tend to procreate more than higher ones, but that equates to lower quality of life and thus reduces the overall success of genes in the long-term.
2. That two individuals share no overlap in genes, which is obviously incorrect. There is value in expending resources that preserve the overall set of human genes, even if the ones preserved are only a 99.999% match for
Re: (Score:2)
The second point about selection operating on genes rather than individuals and how that relates to the 'rich gay uncle' scenario is a good one though.
Re: (Score:2)
Another poster mentioned studies on support by bachelor uncles for their nieces and nephews, thereby providing support for the percentage of their own genes that those relatives carry. Plus, support for the entire population supports the genes that all members of the human population have in common. So, in terms of evolutionary consequences, you don't have to reproduce yourself to propagate your genes, you can also support others. In fact, by supporting relatives, you could potentially propagate more of you
Re: (Score:2)
I has a very "precious bodily fluids" vibe to it. Good thing this guy couldn't order a nuclear strike.
Brain Virus - 1986 (Score:1)
While not termed "ransomware", the virus came complete with the brothers' address and three phone numbers, and a message that told the user that their machine was infected and to call them for inoculation.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Would this not be a earlier form of ransomware?
Re: (Score:1)
Re: (Score:2)
Yeah, Brain virus was just designed as a form of adware - it wasn't actually supposed to cause any damage.
This perp was toast at "Mail a check" (Score:2)
Ransomware didn't work in 1989 because cryptocurrency had not been invented, so money drops could still be traced.
Re: (Score:2)
Yet ransomware demands made and paid with crypto have been traced, and arrests made, it can be done.
Re: (Score:2)
Only for the most incompetent of users, that's why various darknet markets have operated for so long and the ransomware industry has operated practically untouched. Ransomware couldn't and didn't work without cryptocurrencies.
Re: (Score:1)
Only for the most incompetent of users, that's why various darknet markets have operated for so long and the ransomware industry has operated practically untouched. Ransomware couldn't and didn't work without cryptocurrencies.
Ransomware is just a variant of the old-fashioned ransom, which has worked for millennia. The key to success is being able to get away, and stay away from the authorities who seek to catch you. Had this guy had his checks mailed to a non-extradition territory and lived there, he would've got away with it.
Re: (Score:2)
It wouldn't be quite that easy to actively operate a criminal enterprise with a non-extraditing territory as your only shield, which is why it hasn't been done before. In such a situation immense diplomatic pressure would fall on the country the criminal enterprise the country is operating from, if it was a country that had anything to lose in the relationship the activity wouldn't be allowed to continue. He might've got away with it once, but ransomware in general wouldn't.
Re: (Score:1)
Re: (Score:2)
Tax havens aren't openly criminal, plausible deniability makes all the difference. As inequality enthusiasts will cheerfully tell you, tax avoidance is legal.
Re: (Score:2)
Had this guy had his checks mailed to a non-extradition territory and lived there, he would've got away with it.
Such a territory would quickly lose access to the US banking system if they keep on hosting criminals.
Re: (Score:1)
Such a territory would quickly lose access to the US banking system if they keep on hosting criminals.
Like China, Russia, Switzerland, Caymen Islands, etc etc...
Re: (Score:3)
Re: (Score:1)
Believe it or not, but Russian banks won't accept international payments for ransom.
How does the bank establish that it's a ransom if no-one else knows other than you and the criminal?
Plenty of countries host criminals and still have access to US banking and diplomatic arrangements. Here in Australia, we lose billions to online scams each year that are simply bank transferred overseas. I know someone personally who was a victim, she had her laptop encrypted, she paid the ransom to get her stuff back because the ransom was worth less than the info she needed.
The original claim that "Ran
Re: (Score:2)
How does the bank establish that it's a ransom if no-one else knows other than you and the criminal?
To accept an international payment in Russia you need to provide a contract, signed by both parties. If it's above some threshold (around $200k) then it'll also be audited by the banking regulator. If there's even a suspicion that your transaction is not legitimate, the bank will freeze it. It's even worse for China, because you have to get a special license for it.
Plenty of countries host criminals and still have access to US banking and diplomatic arrangements. Here in Australia, we lose billions to online scams each year that are simply bank transferred overseas.
The traditional "Nigerian prince" or fake eBay listing type scams are all small-time. You might get with a couple hundreds of dollars here and t
Re: (Score:1)
The traditional "Nigerian prince" or fake eBay listing type scams are all small-time. You might get with a couple hundreds of dollars here and there, but nothing major. Mostly because it's so easy to crack down on.
Yet the estimates are in the hundreds of millions each and every year to online scams.
I'll repeat my point: The original claim that "Ransomware couldn't and didn't work without cryptocurrencies" is bunk.
Re: (Score:2)
Yet the estimates are in the hundreds of millions each and every year to online scams.
This is peanuts.
I'll repeat my point: The original claim that "Ransomware couldn't and didn't work without cryptocurrencies" is bunk.
Nope, it's not. You can't have scalable ransomware operation without crypto. You can have one-off heists with lots of preparation, but they won't pay for themselves. And with Nigerian Prince scams all you need is a bunch of peasants with laptops, who write scam emails. With ransomware you need to have highly competent tech people, who can legitimately earn at least tens of thousands dollars each year.
Re: (Score:2)
Re: (Score:2)
Actually there are ways to identify and trace from wallets and addresses, it's been done.
https://elie.net/blog/security... [elie.net]
If those that uphold the law put in the effort, criminals using bitcoin and similar can be crushed.
Re: (Score:2)
Re: This perp was toast at "Mail a check" (Score:2)
Re: (Score:2)
Yet the U.S. Justice Department is ramping up investigations of bitcoin fraud, ramsonware, laundering...
some of those that think they are anonymous, are going to get surprised.
Re: (Score:2)
Re: (Score:2)
Looks like the hammer is starting to come down, China leading.
Bitcoin having 30 percent drop in one day, hahaha yes it's a gaming / gambling token and the casino just isn't giving as much to those cashing out now
Re: This perp was toast at "Mail a check" (Score:2)
Ransomware didn't work in 1989 because cryptocurrency had not been invented, so money drops could still be traced.
Exactly!
And despite the protestations about "traceability", yada yada, the truth is that if Cryptocurrency creation was outlawed, all, or nearly all, Ransomware, would disappear overnight.
That is why that, other than 1 or 2 isolated (and unsuccessful) attempts, Ransomware did not become a "thing" until Cryptocurrency became a "thing", too.
Please prove me wrong.
Re: This perp was toast at "Mail a check" (Score:2)
You can "outlaw" anything & everything and it will never stop criminal acts.
Crime by definition is something illegal. It has never depended on any technology.
Murders are fairly traceable and the punishments are frequently execution but have murders stopped ? !!
The word ransom itself predates any crypto shit. From Gold, diamonds, favors, pussy or blow, or at times just the satisfaction of revenge, criminals have always found something to remunerate themselves for ransom or extortion.
And banks in any coun
Re: (Score:2)
You can "outlaw" anything & everything and it will never stop criminal acts.
Crime by definition is something illegal. It has never depended on any technology.
Murders are fairly traceable and the punishments are frequently execution but have murders stopped ? !!
The word ransom itself predates any crypto shit. From Gold, diamonds, favors, pussy or blow, or at times just the satisfaction of revenge, criminals have always found something to remunerate themselves for ransom or extortion.
And banks in any country will accept the most tainted money simply because only those bankers who are essentially criminals handle those amounts and transfers and they have always found ways to do so against bribes or under threats.
They can all get arrested and the only effect will be the new ones will want bigger cuts and the ransom demands will go higher and the consequences for non-payment will be more brutal and public.
Blaming ransom or extortion on crypto is like blaming rape on condoms, else we could have got the DNA :(
Crypto settlement would probably not even be 10%-20% of the total ransom extortion market. It's hardly convenient enough for most criminals.
Plus they hate the environmental cost of all that hashing.
I didn't say all Ransomware will disappear; just that it will essentially disappear.
And I notice you didn't answer my actual challenge: Show me how the rise of Ransomware is not inextricably linked to the rise of Cryptocurrency. Quite telling. ...or maybe you just forgot the Sarcasm tag? Your last sentence seems to indicate Sarcasm.
I wrote the (a?) cleaner to get rid of this trojan (Score:5, Interesting)
Back in 1989 I had been writing x86 asm code for 7 years and looked into/disassembled virus code since the first ones turned up.
I was told that an AIDS/HIV researcher here in Norway had gotten this extortion notice, asking for help to get rid of it.
I don't remember all the details now, but afair the floppy disk contained code to replace the boot sector with a program which would display the ransom note and count down to 10 (?) before destroying all files.
My cleaner was sent out as a write-protected bootable floppy which would look for the trojan boot code, and if found, replace it with the original.
I did not hear about anyone who paid and got their research back after it had been overwritten/encrypted.
Terje
Re: (Score:2)
man, where are my mod points when I need them. Interesting story.
Re: (Score:2)
So this is an Anti-Crypto Article, then? (Score:2)
The Slashdot Narrative continues to dictate what's good and what's bad. All hail CNN.
The Slashdot of years past would absolutely love crypto. But I digress...
This is a fascinating floppy disk virus story. Interesting how "sneakernet" was just as vulnerable as the Internet. Today's kids might see this as a dubiously inviting flash drive given as swag. Do you
IHOP Joe Popp (Score:3)
Wow! A couple of friends of mine used to hang out at night with Joe Popp at the IHOP in Lake Jackson, TX on the 90s. Don't recall if the friends knew about his ransomeware history at the time. We learned of it a few years back.