> And an anonymous tip-off enabled BBC News to follow the ransom negotiations in a live chat on the dark web.
So, that "anonymous tip-off" was obviously from the hackers, right? I guess the other option is a "whistleblower" at UCSF (would anyone else know about it?), but the hackers have a lot to benefit from everyone knowing about it, so next victim thinks "Gee, respected institutions like UCSF are willing to pay the ransom and didn't have the capability to recover otherwise, we should probably just pay the ransom too".
the whistleblower option is the most probable one, isn't it? Universities have to operate in a transparent manner and have no incentive to obscure facts here.
It doesn't sound like the university publicly and transparently revealed this -- the BBC wouldn't have to be cagey about how they listened in on the chat if that were true, they could just say "according to UCSF". But it wasn't that, it was an "anonymous tip-off".
So we already know the university was not being transparent and open about it. When I say "whistleblower", I mean someone who secretly gave the BBC the info and remains secret because they weren't supposed to and would be disciplined at work for it.
The university has PLENTY of incentive to obscure facts here, because the official line is that it's immoral to pay hackers like this (it encourages future hacks, law enforcement says not to do it), and because it reveals them as having made IT mistakes that led to a ransomware takeover where they decided their best/cheapest recovery option was to pay up (instead of restoring from backups etc). It does not make them look good to have paid up, that's plenty of incentive to not want the BBC to report it.
Also, having spent many years working for universities, I think it's kind of cute that you think they "have to operate in a transparent manner." Would that it were true.
They got hacked, it makes them look incompetent. People might call for some of the staff to be fired for not having security or backups.
Prospective students, research participants, etc. might hesitate to go to UCSF if their data's going to be exposed.
Also, they paid the ransom. Funding sources from alumni to state legislatures might hesitate to give more dollars, if the university's using its money to pay off extortionists as opposed to improving education or lowering tuition.
The university has lots of reasons to hide what happened.
Sounds like BBC literally eavesdropped on the chat, they were able to login to the chat. I'm doubting the public forum announcements give the public info to log into a chat where the hackers are negotiating with the target!
That would still require someone to tell the BBC. I doubt that the BBC routinely enumerates hidden services and then looks to enumerate all potential chat rooms and randomly stumbled upon a negotiation.
So, that "anonymous tip-off" was obviously from the hackers, right? I guess the other option is a "whistleblower" at UCSF (would anyone else know about it?), but the hackers have a lot to benefit from everyone knowing about it, so next victim thinks "Gee, respected institutions like UCSF are willing to pay the ransom and didn't have the capability to recover otherwise, we should probably just pay the ransom too".