From the linked article: "Muurman had said that the investigation was in its early stages, but that “Ryan” was suspected of aggravated data crimes, but denied involvement."
That's not terribly convincing considering that he did a 5 minute video interview with Sky News the other day where he described the attack and took responsibility for it.
Posting anonymously because job. I work in IT at a hospital.
I'm worried about the lax attitude towards security at my workplace. Don't get me wrong, we're serious about privacy. We follow all the HIPPA guidelines and have regular training about them. Any use of records not immediately related to care (research, billing) requires approval of an internal review board. Nothing identifiable leaves the organization (unless it's transfering your records to your new doctor). There's severe criminal penalties for misuse of records. What we do is logged and monitored. We're absolutely serious about making sure no one here misuses your data. You are safe from us invading your privacy.
But it's like it never occurs to them that malicious people from outside the organization might want to do something nasty. People can use personal devices to access work resources. Access to critical systems is a remote desktop session away, with handy "remember my password" boxes pre-checked. There is no two-factor authentication. Security training ends at "don't share your password" and "don't click strange links/files in email." There's no awareness of the threat and there's nothing I can do about it. And nothing I've seen at other facilities makes me think we're alone. So, yeah, I'm worried.
I think it just varies from place to place. Typically once your institution has a significant breach where large numbers of medical records are leaked, they get a major wake-up call when the government hands them a massive fine for HIPAA violation. The last two medical centers I worked at had recent HIPAA smack downs and pretty soon after two-factor authentication was rolled out, USB drives were banned, and non-VPN remote access was dropped. Security was much better there than at academic research centers where it was pretty much the wild west and you could do whatever you like, with the only thing at risk was student records. I think the fact that there are some pretty substantial penalties being levied for HIPAA violations is providing incentive for anyone holding protected health information to get their act together, so it's just a matter of time if your employer is being lax.
Most analysts indicate that the hack had been ongoing for over a year. I.e., before that fetid corpse of a movie had even been announced.
Blaming it on the Norks is just more of the same old "hate the axis of evil" shite we've been getting a steady diet of for about a decade and a half now.
Which part is bullshit? I'd be interested to read your reverse engineering analysis of the malware that contradicts that written by other security professionals.
Where's the evidence, then? Besides someone's say-so.
The analysis of the malware suggested that it was compiled on a computer configured to use Korean language and the code itself contacted command & control servers and recycled previous methodology used in attacks attributed to North Korea. Could it be a false flag? Sure, but you'd think there would be better targets you could go after than hacking Sony and distributing unreleased movies and employees 401k contribution records. Sounds more like someone pissed off at Sony, maybe like someone who previously threatened “stern” and “merciless” retaliation...
According to the NPR report I just heard it was 4 or 5 days after the person arrived in the US before they fell ill so they probably weren't contagious on the plane ride over.
I just saw a report that said he went to the hospital four days after starting to feel bad, but was sent home by doctors there, he then came back 2 days later after feeling even worse, so you are talking about 6+ days after onset and everyone in the hospital waiting room and the doctors who screened him the first time around, plus family members who were probably treating him at home. I'd feel better if it was the plane full of people, at least we have a list of their names.
Listening to NPR they just reported that the person had traveled from Liberia to visit family. It was 4 or 5 days after the person arrived in the US before they started feeling sick so it's not likely the folks on the airplane are at risk.
Sure, passengers on the plane are probably ok. How about all the patients in the ER the first time he went to the hospital in Dallas, four days after initial onset of symptomatic EVD, was checked out by doctors there and was sent home? He then came *back* two days later and was admitted and tested postive. So you have people in the ER the first time around, the doctors who conducted exam (I hope to hell they were wearing basic PPE) and then any family members who were around while he was 6+days after becoming symptomatic. Check out the currently known timeline, it's not like he walked off the plane and headed to the hospital, he's been walking around with symptomatic EVD for almost a week before being isolated:
As far as I understand the influenza genome, it has 8 chunks of genes, roughly the equivalent of a chromosome, not 8 genes. But perhaps I misunderstood that? And each of those chunks has estimated (based on base pairs) 8 to 14 genes. So in total we are in the range of 100 +/- I had guessed. But that might be wrong
You are correct that it has 8 "chunks" that are essentially the equivalent of a chromosome. How ever each chunk/chromosome only encodes a single gene. Three of those genes can express 2 different proteins, either through alternatively splicing or frameshifting resulting in a total of 11 possible protein sequences expressed from the entire influenza genome. 100 genes is big for viruses, usually those are large, complex viruses like the herpesviruses which have all kinds of special viral proteins that are designed to subvert the host immune system. Here is a good illustration of the influenza genome: http://www.virology.ws/2009/05...
The most researched and very primitive tobacco mosaic virus. It produces roughly 160 different amino acids. OTOH, the hull around the RNA strand is constructed from a single repeating peptide. I would assume that that peptide is constructed from those amino acids, but that sounds unlikely. So: how many genes do you need to produce 160 different amino acids? I thought 160 genes, but perhaps a gene can code several amino acids in a row, without stop markers and without causing them to 'stick together'.
Amino acids are just the individual components that are linked together to form peptides/proteins, there are only 20 possible amino acids in eukaryotes. The Tobacco Mosaic virus capsid protein is indeed 160 amino acids in length, but there are still only 20 amino acids used to make that protein, some are used more than twice. Here is the actual amino acid sequence of the protein, each letter represents a single amino acid, so you can see that some are used more than once: http://www.uniprot.org/uniprot...
Regarding modeling: depends what you want to model, chemical interactions, likely challenging. High level production and accumulation and assembly of proteins? Not so challenging.
Modeling protein structures is hard, look at the "Folding at Home" project, they've got petaflops of computational power cranking away on modeling a handful of structures. And that's just individual 3-D structures, to ask how changing a single amino acid in a protein would influence the structure and then how that new structure would interact with the 20,000+ other proteins is impossible right now. I wish it were, it would make my job a hell of lot easier.
Because nature does that sort of thing all the time. If we do it in a controlled, lab environment, we can understand what happens when genes get switched up and how to stop viruses. The alternative is sitting around until a lethal virus appears and then trying to quickly do research on it while people die.
My concern here is how controlled that lab environment is. I did my fellowship in an ID research group that had a BSL3 lab in the unit and given the number of containment breaches they had, you should seriously question the the wisdom of conducting the kind of research that has the very real possibility of wiping out 1/3 or more of the earth's population in a containment unit that was mostly likely built by the lowest bidder. Something like this should be done at USAMRID or Rocky Mountain Labs, not a BSL3 on a college campus.
the only way to find out what changing a virus will do to the virus, is to change the virus.
If that is what you believe you should change your job.
Yes, I saw the line that you work in genomic research, but it seems I as a layman know more than you about it.
"simple" as a virus (which may consist of tens to hundreds of thousands of kb pairs, specifying dozens or hundreds of RNA transcripts),
A flu virus has roughly 100 genes
100 genes is fairly big as far as viruses go. The influenza genome is actually much smaller, it has 8 genes total. The OP is correct though, trying to computationally model just a single protein structure is fairly challenging particularly if the structure of related proteins are not available to guide the model. Trying to model interactions between 8 flu genes and the ~2,000 or so host immune genes in a complex environment would be ludicrously beyond the scope of anything that could be done right now.
The entire point of the research is to learn enough to be able to stop an outbreak in a major US city if one were to start.
Why do you seem to be advocating not doing such research?
I'm all for it, just do it in Africa. Send a team from the CDC with everything they need and enough LN2 to freeze every specimen they could possibly want, then fly that back to the CDC and do the research in a BSL4. If you want to do in vivo research, then use an animal model. Unlike many other pathogens, there are animal models for Ebola infection that are comparatively good. Realistically, bringing two patients who are already infected with Ebola to the US probably isn't going to advance knowledge in that area in such a quantum way as to outweigh the potential risks.
Right. Because the purpose of research is to generate papers.
If you like being employed as a researcher it is. Or are you naive enough to think that it has no bearing on this?
My concern is whether the potential risks outweigh the benefit of bringing them to the US. It's not like there is some magical cure awaiting them upon arrival at Emory, there is no cure for Ebola. About the best they can hope for is palliative care, so why not just send a team to West Africa to do the same. Would the care in Atlanta be that much better that it is worth introducing an extremely dangerous pathogen to a large metropolitan area? Yes, I know the CDC already has Ebola in it's freezers in Atlanta, but having a pathogen stored in a BSL4 lab is *much* different than trying to treat an infected patient that is bleeding out in a hospital isolation unit. The opportunity for someone to f*ck up is substantially higher in that situation, so why take the risk?
The transport is less likely for treatment and more likely for research. Or do you think the CDC has top notch research facilities abroad?
Oh, I'm absolutely sure that's really why they are doing it. I just not very convinced that them getting their Ebola paper in Science six months from now is worth risking an Ebola outbreak in a major US city.
In actual fact, the ComCast internet service is not too bad.
Their cable TV service is another story. I'm reading this article right now because my cable box is busy rebooting...again.