The Human Cost of Cybercrime: Stories, Statistics, and Strategies for Protection

Name: Hackers, malware and the darknet - The fatal consequences of cyberattacks | DW Documentary
Uploaded: 2026-01-17T11:26:41.386482+00:00
Channel: DW Documentary
Description: Summary and key takeaways on The Human Cost of Cybercrime: Stories, Statistics, and Strategies for Protection, covering The Digital Hunger – Why Victims Are

DW Documentary

Jan 17, 2026

•

3 min read

YouTube video ID: r-lGWG7vHNE

Source: YouTube video by DW Documentary — Watch original video

PDF

The Digital Hunger – Why Victims Are Called "Meat"

Cybercriminals prey on people who use weak passwords, lack digital awareness, and rely on simple authentication methods.
The lack of knowledge turns everyday users into easy targets, much like livestock for predators.

The Scale of the Threat

Global cyber‑theft is estimated at $6 trillion per year.
In Switzerland, cybercrime accounts for ~40 % of all offenses and grew 26 % in Europe in 2022.
Ransomware attacks rose 35 % worldwide between 2021‑2022, with a new incident occurring roughly every three hours.

Real‑World Victim Stories

1. The Swiss Technical‑Support Scam

Retired couple Christian and Dominique Deluz were tricked into paying for a fake McAfee antivirus.
After authorizing remote access, their computer went black and they received multiple fraudulent text‑message invoices totaling CHF 10,000.
The fraud was investigated, but only a small fraction of cyber‑crime victims report to police due to shame or ignorance.

2. SwissWindows – A Corporate Ransomware Disaster

In May 2019, the mid‑size firm SwissWindows was hit by malware that encrypted all systems.
Hackers demanded CHF 1 million in Bitcoin; the company refused to pay.
Rebuilding the IT infrastructure caused a production halt, loss of orders, and ultimately bankruptcy in 2022.

3. The Town of Rolle – Public‑Sector Breach

In August 2021, attackers accessed the municipal IT system, leaking personal data of 5 300+ residents on the Darknet.
The authorities initially stayed silent, later facing media pressure and thousands of information requests.
The breach highlighted the need for transparent communication and regular vulnerability testing.

The Hacker Perspective – "Rabbi Hood"

Former hacker adopts the moniker “Rabbi Hood”, speaking of the “Synagogue” (himself) and justifying crimes as a lucrative, low‑risk profession.
Describes a life of darknet markets, selling stolen data, and evading law enforcement.
After a 2017 arrest, he switched to public speaking, seminars, and selling educational material, claiming wealth tied to Bitcoin fluctuations.

The Anatomy of Modern Attacks

Phishing is used in 80 % of cyber‑attacks; even senior staff can fall for deceptive emails within seconds.
Attackers often combine malware with social engineering, exploiting human error as the weakest link.
Organized groups (e.g., Vice Society, Babuk, LockBit, BlackCat) operate like corporations with development, deployment, and ransom‑negotiation divisions.

Defense Strategies

Penetration Testing

Security firms like SecuLabs conduct covert “pen‑tests” to expose vulnerabilities, as demonstrated in a Bern medical center.
Tests reveal how easily staff can be tricked into inserting malicious USB drives or printing infected documents.

Hospital Security

Cyber‑attacks on healthcare can endanger lives; a compromised oxygen‑control system could force a ransom payment.
Israeli expert Ilan Graicer’s work showed that rapid isolation of networks can prevent data loss, though medical devices may still operate.
Post‑incident analysis and sharing lessons across hospitals turn crises into training opportunities.

Prevention Over Reaction

Education and awareness are the most cost‑effective defenses.
Regular backups, multi‑factor authentication, and strong password policies reduce the attack surface.
Transparent incident response plans help organizations communicate quickly and maintain public trust.

The Human Factor Remains Critical

No amount of technology can fully protect an organization if users willingly disclose credentials.
Building a culture of digital hygiene is essential for individuals, businesses, and public institutions alike.

Looking Ahead

Cybercrime will continue to evolve, targeting critical infrastructure, personal data, and even life‑support systems.
Collaboration between governments, private security firms, and the public is vital to stay ahead of increasingly sophisticated threat actors.

Cybercrime’s growing power stems not from technology alone but from human vulnerability; robust education, proactive testing, and transparent response are the only sustainable defenses against a threat that can cripple individuals, businesses, and even hospitals.

Frequently Asked Questions

Who is DW Documentary on YouTube?

DW Documentary is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.

Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.

Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.

Password Manager Software Recommended

Helps users generate and store strong, unique passwords, reducing the risk of credential theft that fuels most cyber attacks

Amazon →

Online Cybersecurity Awareness Course

Provides structured training on phishing, social engineering, and safe digital habits, empowering individuals and employees to become the first line of defense

Amazon →

Antivirus And Anti‑malware Suite

Detects and blocks malicious software before it can encrypt files or steal data, a basic safeguard against ransomware and tech‑support scams

Amazon →

Hardware Firewall Appliance

Adds a network‑level barrier that filters malicious traffic, protecting both home and small‑business environments from external attacks

Amazon →

Penetration Testing Certification Book

Guides readers through methodologies used by professionals to identify and remediate vulnerabilities, supporting organizations in building robust security programs

Amazon →

Links may be affiliate links. We only include resources that are genuinely relevant to the topic.

Summarize another video

Full Transcript YouTube

You call the victims 'meat'.
Why?
They're people who type
using only two fingers,
and who only have one password
and then it's their name, their
dog's name or their birthday!
They're people who
have no digital awareness
they get eaten up by
cybercriminals, like meat.
You can no longer just sit
in front of a screen all day
if you don’t know anything
about the risks involved,
and how to protect yourself.
That's irresponsible.
Cybercriminals don't see
the suffering they cause.
If the computer that controls
the oxygen is not working,
the hospital will
pay the ransom.
Why?
Because people are about to die.
… they get eaten up
by cybercriminals.
Today's hackers wield an
unprecedented level of power.
They capitalize
on the flaws in our
hyperconnected
world to launch attacks:
stealing our money, our
documents and our personal data
even our identities.
Anyone can be a victim
of this new form of crime.
From individuals to companies,
from hospitals to schools
and even public authorities.
Hackers will stop at nothing.
And how far will
they go in the future?
People figured they could make
a lot more money from home
and with no risk.
No need to rob a bank
and potentially get killed.
Almost nothing can
happen to a cybercriminal.
You're anonymous and can hack
a target of your choice from home.
Six trillion dollars
that’s how much American
experts estimate hackers
around the world
steal every year.
Cybercrime accounts for almost
40% of all offenses in Switzerland
and it’s growing every year.
Cyberattacks increased by 26% in
2022 in Europe and 38% worldwide.
The weakest link, hands
down, are human beings.
You can invent all the
security systems you want,
but they're no use if people
just voluntarily hand over
their username and
password over the phone.
And it happens.
A retired Swiss
couple, for example.
… Christian Deluz used
to be a cook …
while his wife Dominique
worked in childcare.
They shared their story in
the hope of preventing others
from getting conned
by cybercriminals.
My mother died
unexpectedly in May 2022.
We were very close, and she
lived right around the corner.
I started to worry when I noticed
her blinds were closed that day.
I went over to her
apartment and went inside.
And I found her
dead, lying on the floor.
Then I had things I had to do:
call a doctor and the undertaker
so they could pick up the body
And that Friday,
I wanted to go online to look
for information about obituaries.
When I clicked on the
one site, a message popped
up saying my computer
had been infected by a virus
together with a phone
number I should call.
So I dialed the number,
assuming it was in Switzerland.
The person told me I
had a computer virus
and recommended
that I get protection
with antivirus
software called McAfee.
Christian provided
his credit card details
to pay for the
antivirus program.
He is just one of a growing
number of people that fell
for a type of online fraud
that is well known to police:
technical support scams.
Nowadays, local Swiss numbers can
be used with voice-over-IP services,
meaning Internet-based
and potentially
from anywhere
in the world …
It's completely legal.
These crooks use a
local number from the area
of their victim to
gain their trust."
I authorized them to
take control of my PC.
And then:
the screen turned black, and I was
told they would start scanning my PC
that it would take some
time, but that this was normal.
The man kept saying 'Don't
worry, everything's fine.
We're in the process of removing
the viruses from your computer.
Everything's OK.'
That calmed us down
and he was very reassuring
but after a while, we
started getting nervous.
While Christian's computer
screen remained black,
his cell phone suddenly
became very active.
He received a total
of nine text messages
each one displaying
the sum of 999 francs.
And each time, the man
on the phone asked him
to the confirm the
removal of a virus.
He was on the
phone from 4 to 9p.m.
didn't you find that odd?
Yes, but my husband
didn't listen to me.
He was sure that the man he
was talking to was the solution.
The retired chef called
his bank the next day.
No withdrawals had been made.
But he was suspicious and
canceled all his credit cards.
A week went by.
I then discovered that my Visa
card had been charged 10,000 francs.
Those 10,000 francs had been
transferred to an account in Britain.
The bank insisted
everything was above board
and had nothing more to add. Outraged,
Christian Deluz went to the police.
What did you find out?
It's under investigation, but
it could take several months
to get any real information.
While 60 to 80% of the
victims of conventional
offenses contact the police,
the figure drops to just 10
or 15% with cyber-crimes
due to shame or ignorance.
Many think there's
nothing they can do.
But filing a complaint is
useful for investigators.
It helps us to detect a pattern,
where Mr. X or Mrs. Y are
one of many similar cases
which makes our
job a lot easier.
We've been able to gather
pretty precise information
as to who and where
these cybercriminals are.
It's inhumane.
These people should
be doing a regular
job instead of
sitting at a computer,
getting rich quick.
And they know
they're hurting people
and entire families.
It was a massive blow
really painful.
I still see myself as a hacker.
And the victims?
Victims?
I don't have any victims
just to clarify.
I personally have never done
anyone any harm through my hacks.
If you wanted to have 250,000
email addresses in Brazil,
for example, I could sell
them to you for a fair price
and they'd be fresh.
… affecting real people.
Sure, but
I can't know what the
buyer does with the data.
Let's say a client wants to buy
250,000 email addresses in Brazil,
and they decide to send
spam to those addresses.
If you click on the
mail, your computer
gets hacked and
they steal your money.
Am I responsible for that?
Sure I gave the guy the data.
But it's not me sending people
the mail with the virus, and I
didn't force you to click on it.
It's not my fault if people aren't
digitally aware enough to know better.
Anyone who can't help clicking
on it only has themselves to blame.
Sorry, but that's life.
The former hacker calls
himself "Rabbi Hood"
in a nod to the folklore
hero and his Jewish roots.
He speaks in the third person
and often refers to the
"Synagogue" when he just means
himself.
He always wears a mask.
I always enjoyed working.
Work is a hugely
important virtue.
You don't get anywhere without
hard work and there's nothing worse
than laziness.
But I'm talking
about intelligent work
My dad busted his ass to earn
15 euros an hour his entire life,
and now he's living in a
tiny governent apartment
on a measly pension.
No way am I going
to end up like that.
I'll do everything to earn a
hundred times what he did,
with a lot less effort.
My mom died when I was 13.
That was tough,
and it's hard to grow up normally
when something like that happens.
I spent most of my
childhood on the computer,
and that's where I
found my true calling.
It started with small
scams here and there,
and I soon realized
this was the business of the future
and that you
could earn a lot of money
without even having studied.
I’ve met a lot of
amazing people.
Never in person or
even hearing their voice,
but I communicated
with them ten hours a day
people I argued with
and made money with
Basically:
they were my life.
I didn't go out partying or
watch soccer or whatever.
I spent my youth on a computer
figuring out how not to be broke.
And he didn't need
long to find the answer:
by diving into the Darknet,
a huge virtual marketplace
for illegal drugs, weapons,
pirated software, pirated
movies, child pornography,
and stolen identity documents.
Transactions are conducted
anonymously and are often untraceable.
We bought a computer just to
venture into this digital jungle.
A cybersecurity expert served
as our guide and showed us
how to protect ourselves.
We visited chatrooms and
sales forums to meet other users.
I only ever sold stuff.
Some I won't mention,
because you never know
if the DGSI are watching!
And we wouldn't want anything
to happen to the Synagogue!
because the Synagogue
has not gone unscathed.
He was once arrested after
a specific hack went awry.
He narrowly escaped
a jail sentence
and then decided
to pull the plug.
The Darknet is history for him.
The last time I logged on
was after my arrest in 2017.
I decided to get out of crime.
I still had 2,500 contacts.
I lost friendships with guys
I'd known for a long time.
It was really hard,
but it had to be done.
He's since instead
decided to alert people
to the dangers of cybercrime and
increase their digital awareness.
Rabbi Hood has emerged
from the woods with
books, seminars and interviews
which also earn him money.
Are you rich?
Yes! The
Synagogue is rich at heart.
And in its wallet?
That depends on the Bitcoin
exchange rate that day.
How much Bitcoin?
I can't answer that
because the taxman might
get interested in the young Rabbi
and get the Synagogue
arrested again.
Is it a secret?
Just check my returns
to see how much I earn.
Sorry, I'm not going to say.
Cybercrime is booming
and the big victims
are corporations.
The number of attacks on
businesses jumped by 26% in 2022
and in Switzerland by 61%.
Organized cybercriminals
prefer to target institutions,
organizations, banks
and industrial companies.
Their weapon of choice:
Malware.
The ultimate
loss: people's jobs.
This man lost everything,
including his entire workforce.
Nesa Meta used to be
the head of SwissWindows:
a mid-sized company that
had close to 200 employees.
He thought he had
prepared for everything
when he bought
the company in 2016
except cyber-attacks.
These days, the entire
production process
everything
is digitalized.
That makes cyberattacks
especially dangerous,
because if the computers
are down, everything is down.
Production is paralyzed
Life can change suddenly with a
twist of fate, and it did in my case.
And I still have vivid memories.
Total shutdown, all
the screens went black.
It was a Friday.
A Friday in May 2019.
SwissWindows became one of
the first companies in the country
to be targeted using "malware"
software designed to
paralyze computer systems.
Hackers extort ransom
money in return for restoring
the victim's
access to their data.
We called the police, but it was
completely new ground for them.
They sent one officer.
The livelihoods of almost
200 people were on the line,
and one officer stopped
by to look around.
The CEO and his
workforce felt utterly helpless.
How were they to retrieve
the company's computer data?
The backups were infected too.
The hackers demanded a ransom:
around 1 Million
francs, in Bitcoin.
We didn't pay
for financial reasons.
We were among the
very first to be hacked,
so we weren't sure
we'd get our data back.
SwissWindows rebuilt their entire IT
system with the help of an IT company.
A colossal undertaking.
The workforce had to
stay home while the system
was reconstructed
Production stood still
and the company had
no access to its orders.
Nobody knew which windows
had been delivered where and when.
Customers were
initially sympathetic,
but not for very long.
Many then demanded substantial
discounts due to delayed delivery.
It eventually got so big that
Swiss Windows went bankrupt.
The company was forced
to declare insolvency
in February 2022
due to a lack of funds.
Cybercriminals don't see
the suffering they cause.
And that's different
to other crime.
If someone breaks into a store,
they can see the extent of the damage.
But a hacker sits in a room
somewhere in the world,
and can’t see the suffering
caused to 200 people
as well as to all the
customers and suppliers.
Suffering caused by the
click of a computer mouse.
An employee at the window
company set off the storm by clicking
on a fake email.
A phishing attack,
where opening an e-mail
or clicking on a link installs
malware on the target's computer.
80% of cyberattacks
use phishing.
People still fall for that?
Sure.
You'd be surprised.
Up to 30% of people who attend
our awareness courses click on links.
It's fairly easy for a hacker
to get inside a company
with hundreds of employees via
someone helping them involuntarily.
And even more surprising is
just how quick people are to click.
Some within 30 seconds.
But people in more senior positions
should know not to click, right?
In theory, yes, but I
can't talk about that!
We're all human and anyone,
all the way up to management,
can fall for these
phishing ruses
even IT security experts.
There are no guarantees.
Dominique Vidal knows a
thing or two about IT security.
He's a four-time runner-up at
the Capture the Flag competition
in Las Vegas, the Olympic
Games of computer hacking.
The engineer now heads a
30-strong cybersecurity team
based in Switzerland.
His clientele include
banks, insurance companies,
and small to
mid-size businesses.
Today he's testing the cybersecurity
at a new medical center in Bern.
The primary concern
is patients' wellbeing.
Could someone steal
their medical data,
as happened to thousands
of Swiss patients last year?
The directors hired Seculabs
to conduct a penetration test.
A 'pen test' can be used
for different scenarios.
Maybe a company
says 'We did everything
that was recommended
for security and we think
we're well protected
against attacks.'
The test will determine
whether they really are.
The rise of cybercrime is
pushing corporations, banks,
and institutions to carry
out penetration tests.
Hackers generally
launch their attacks online,
but sometimes
physically, on site.
Some even make house calls.
We were given an exclusive
invitation to accompany four members
of SecuLabs as they attempt to
infiltrate a medical center in Berne
The fake hackers are
equipped with hidden cameras.
While management
have been informed,
the rest of the
staff have not.
Dominique Vidal will follow
the covert operation remotely.
Conference rooms and
doctors' practices are available
for rent in the co-working
space in this building.
The hackers have booked a room.
Pen-testers have to
try all the connections
to the various devices
in the internal network.
I'm in.
Great.
The hackers find confidential
documents once inside
the system in recycle
bins as well as weak points
and passwords
accessible to anybody.
We can access tons of
medical data: correspondence,
computer images of
where the patients' pain is.
And we even have their
personal contact information.
One of the pseudo-hackers
then tries to find a target
and persuade them to insert
a USB drive on their computer.
Pen tests also involve
assessing staff gullibility.
Is it possible for you to
print a document for me?
Yes, of course.
Great!
A fatal error.
The employee will install a virus
when they click on the file to print.
The hackers will take over
the computer in seconds,
gaining access to its entire contents
and monitoring everything she does
in real time.
Yeah, perfect.
Cybercriminals have
taken things a step further.
Their latest target
is the general population,
stealing our personal data
and posting it on the
Darknet if a ransom isn't paid.
This quiet little Swiss town
was left reeling from hackers.
Rolle made nationwide
headlines in August 2021
after the local
government was hacked.
Thousands of confidential
documents ended up on the Darknet.
Over 5,300 residents were
affected, leaving the country stunned.
A case that alarms
local authorities ...
And now to the cyberattack ...
The hackers published
residents' personal data ...
How did it happen?
We have to go back three
months to when Rolle was targeted.
The IT system
was easily restored
within 10 days because
of good backups.
But the nightmare
didn’t end there.
Did they ask for ransom?
Yes, we were told
to contact them via email,
which we
obviously didn't do.
The official government
website itself says
that after a cyberattack you
should never pay the ransom.
The hackers increased the
pressure when their terms
weren’t met by publishing
stolen documents.
The city authorities
knew about the documents
but said nothing to the public.
A journalist came across the data
on the Darknet two months later,
sparking a media storm.
We didn't inform the public,
and that was a big mistake.
We'd initially been
told to stay silent
and then we couldn't
find the right time.
It was a first for us.
We genuinely didn't
know how to respond.
We didn't appreciate just how
problematic this cyberattack would be.
The town should have
reported the attack?
Definitely.
And it did, later, after the
problem became apparent
and it blew up in their faces.
The story hitting the media
put major pressure on us.
People had a lot of questions.
We had about 800 requests
from residents wanting
to know how much of their
data was on the Darknet.
Over 5,000 data points from
residents appeared on the Darknet.
Names, addresses, birthdates
and social security numbers
But that wasn’t all:
credit card numbers, signatures,
and a pink slip to an employee.
Property ownership data as well
as valuations on second homes.
An application for tax-exempt
status was even available.
All stored in the
depths of the Darknet.
Data that is highly
valuable is easy to misuse,
because there are so many vultures
ready to pounce on exposed data
either out of curiosity,
or just to extort people.
If they have a digital
copy of your ID,
criminals can open new bank
accounts or email accounts
or other things that require
validation with an ID document.
The major gangs like
Babuk, Lockbit, or BlackCat
present stolen data
online like hunting trophies.
They operate worldwide
but where are they
actually based?
We can roughly say the
region depending on the crime.
Straightforward scams
tend to be conducted
by people in Sub-Saharan Africa.
whereas ransomware
attacks are increasingly
coming from Eastern
Europe or Asia.
The town of Rolle changed
its security after the attack.
It also trained staff, and conducted
vulnerability tests on its IT.
Could Rolle happen again?
I don't know about Rolle itself,
but there will definitely
be cyberattacks
on more places in Switzerland.
You're a pessimist.
A realist.
And the figures
support his assertion.
Ransomware attacks rose 35%
between 2021 and 2022 worldwide
one every three hours.
Hackers are even
organized like corporations,
with separate
business divisions:
Computer virus development,
localizing targets via security flaws,
hijacking the target
system and stealing the data
plus, of course,
negotiating ransoms.
The gangs even have
“quality assurance teams”
to guarantee a smooth
post-payment process.
And they form international criminal
associations around the globe.
Vice Society is one
such cybermafia and
the group behind
the attack on Rolle.
Members refer to victims as "partners"
and showcase them on their website.
They even respond to journalists'
questions – albeit only via e-mail.
Was it easy to hack Rolle?
Yes.
Did you choose Rolle at random?
Yes.
How many hours
a day do you work?
12. Sometimes 24.
When you've started
to attack there's no way
to go back or sleep
or anything else.
You can turn off your PC when you've
encrypted everything in the network.
Or they've spotted you
and blocked all ways in.
Are you afraid
of getting caught?
Before we started
Vice Society, we talked
and read a lot
about our security.
We accepted the
risks and decided to try.
We don't want to be
caught, but we aren't afraid.
Do you feel guilty?
No.
We’re not the ones
leaving schools, colleges,
or hospitals at risk.
And we always offer to
quickly restore everything.
We don't ask for
hundreds of millions.
It’s their problem
if they don't pay.
The mayor of Rolle
had a horrible year.
What would you say to her?
You should've paid.
We could've helped you and
fixed everything right away.
You'll hopefully be
smarter next time.
Brash and cynical.
Typical for these
modern online outlaws.
They follow their own
logic in this cyber-Wild West.
But the FBI, Europol,
and countless other police
agencies are on their trail.
And another man has made tracking
them down his personal mission.
We met him in Berlin,
where he and two
partners run a
cybersecurity company.
They developed a tool
dedicated to scanning and scouring
the Darknet with the help
of a one-million-euro grant
from the German government.
We have a platform that
lets us follow cybercriminals
on the Darknet in real time.
We can see what they’re
doing and their victims
the companies and
infrastructure they’re interested in.
And any stolen data
that is already up for sale
and especially the campaigns
they're planning for future targets.
Abdelkader Cornelius originally
had a very different kind of career
as a chef, a job he loved.
But then tragedy struck.
His uncle used to sell old
military artifacts on the Internet
and one day, he fell
victim to a cyberattack.
The perpetrators switched his
bank account with theirs
and using stolen credit cards,
placed orders from his online
store and pocketed the proceeds
leaving Abdelkader’s
uncle to foot the bill.
That was my personal motivation
to understand how it
was possible for someone
to destroy another person's
entire life and livelihood
using a computer
or a smartphone.
My uncle never
recovered from those debts.
He never got over it.
And he died with what
was left of the debt.
How much debt?
In total?
Yes.
476,000 euros.
He was so ashamed that
he ended up killing himself.
I couldn't comprehend how
this kind of thing could happen
I decided to go into IT and
do my very best to ensure
that no one else would
have to go through this.
The young chef then devoted
his free time to research
on the Internet and Darknet.
He became self-taught, before
offering his services as a freelancer.
He worked up to 70 hours a week:
both in the kitchen
and on the computer.
A few courses were available,
but this isn't something you
learn on regular public websites.
You have to delve deeper
to find the right circles
if you want to
communicate with hackers
and understand
what motivates them.
Abdelkader managed to
infiltrate their clandestine world,
joining hacker forums under
the cover of multiple aliases.
This enabled him to find
out who was planning what
from beginners to major
groups looking to attack banks
Abdelkader asked a
hacker how much he earned.
How much work do you need to
earn close to half a million euros?
Maybe 14 hours.
You can tell these people
have never really worked.
They've immediately seen
how easy it is to make money
in cybercrime and have no idea what
it means to work hard for your money.
They've lost touch with reality.
And if they now start
targeting critical infrastructure,
then even things like
hospitals are in danger.
Seemingly in their own bubble,
the hackers have no
qualms about preying
on their victims'
most personal data
and know no boundaries.
Violating someone's
privacy is cruel enough
but some cyberattacks
can be lethal.
Nothing is taboo for the
criminal gangs involved.
They paralyze hospitals
and steal patient records.
In late 2022, the European
Union Agency for Cybersecurity
published a report about the
acute danger for the medical sector.
Thousands of hospitals around
the world have already been hacked.
A baby died in the US after a
computer failure during delivery.
Hacking a hospital is about
terrorism, it’s about killing people.
It’s about disrupting a whole
culture, a whole country.
A hospital will pay.
Why?
Because people are about to die.
If a computer that controls
the oxygen is not working,
the hospital will
pay the ransom.
Ilan Graicer knows
what he's talking about.
The Israeli cybersecurity
expert teaches potential victims
about how the attackers
think and operate.
And his insights are in
growing demand worldwide.
Ilan is a pioneer
in penetration tests.
Together with other
experts, in 2008 he looked
at the biggest hospital
in Israel for security flaws.
You cannot walk into a bank,
into the servers of the bank
but in a hospital, you
can walk and get around,
and you can connect
your computer to the wall,
and you sit there and
nobody would say anything.
So we started with that.
We worked with a few people in the
hospital who knew we were coming in.
And then it's just
it was so easy.
Too easy.
So we did it to prove to the
country that some sectors
are not as protected
as the others.
We sat with the hospital and
taught them how to defend better.
We didn't just say everything
is better and went home.
And then, we actually
went to the parliament
and we talked in parliament
and the government,
not just because of us, but
they gave a lot of money to start,
just start protecting
the Israeli hospitals.
A clinical operation of a
different kind that left a scar.
The Hillel Yaffe Hospital
in Hadera near Tel Aviv
has now enhanced
its online security.
Hackers gained access to its internal
network during the corona pandemic.
The hospital has
over 2,700 staff.
It began just before 6 a.m.
Forty-five minutes later,
we knew it was a cyberattack.
We immediately disconnected
the hospital's computer systems.
Fortunately, no data was stolen.
But while MRIs, respirators and
other medical devices worked,
the computers were shut down.
And:
having everything on
camera enabled the hospital
to carry out a
post-event analysis.
This type of attack
is like an earthquake,
far worse than the
consequences of Covid.
And for the hospital
administrators, it's a disaster.
The entire Intranet
shut down immediately.
When the computers are working,
we can access the
databases with two clicks.
That includes any previous
surgery a patient may have had,
their medical history.
All that information we used
to have was suddenly gone
As you can see,
we resorted to using the
physical files filled out by hand
which is what we
used to do back when
I was a trainee
doctor 30 years ago.
The hospital managed
to remain operational.
Its management immediately
made the news public
while also turning
the cyberattack into
a textbook case for
training purposes.
We opened our doors to colleagues
from hospitals across the country,
so they could see what
we were experiencing.
We invited experts
to visit the ER,
the delivery rooms and operating
theaters to learn from this chaos.
A cyberattack is never easy.
The first thing is to
admit it happened.
Somehow, we were able to
change the rules of the game.
This time, there was
a positive outcome.
And it does prove one thing:
that with cybercrime
escalating worldwide,
the best defense
remains prevention.
And another lesson
that we all need to heed:
that logging on to
the Internet brings
the entire world
to our doorstep
and it's a world where not
every visitor is a friendly one.