Darknet Diaries - Ep 14: #OpJustina
Episode Date: March 1, 2018In 2013 a hospital was accused of conducting a medical kidnapping against a young girl name Justina. This enraged many people across the country, including members of anonymous. A DDOS attack... was waged against the hospital.
Transcript
Discussion (0)
Anonymous and hacktivism often cross paths.
When there are injustices in the world that triggers protests or riots,
there's often an online version of those protests too.
And if somebody wants to simply be the voice of the citizens of the world,
they can be anonymous and make threats to an organization.
These anonymous online protesters have targeted governments,
churches, organizations to try to expose their corruption.
They have been known to wage online attacks so hard that the organization goes completely offline.
Or they take it a step further and get internal access to the network
and cause whatever destruction they can from within.
On many accounts, Anonymous stands up for the citizens of the world and helps fight corruption.
But what if the organization that stirred the bee's nest was a hospital?
Would anyone ever consider attacking a hospital?
A place where patients are on the verge of death
and life-saving operations are happening on a daily basis?
A place where people go to as a last resort for help?
Can hacktivism go too far?
This is Darknet Diaries. Can hacktivism go too far? This episode is sponsored by Delete Me. I know a bit too much about how scam callers work. They'll use anything they can find about you online to try to get at your money.
And our personal information is all over the place online.
Phone numbers, addresses, family members, where you work, what kind of car you drive.
It's endless.
And it's not a fair fight.
But I realize I don't need to be fighting this alone anymore.
Now I use the help of Delete Me.
Delete Me is a subscription service that finds and removes personal information from hundreds of data
brokers' websites and continuously works to keep it off. Data brokers hate them because Delete.me
makes sure your personal profile is no longer theirs to sell. I tried it and they immediately
got busy scouring the internet for my name and gave me reports on what they found. And then they
got busy deleting things. It was great to have someone on my team when it comes to my privacy. Take control of your data
and keep your private life private by signing up for Delete Me. Now at a special discount for
Darknet Diaries listeners. Today, get 20% off your Delete Me plan when you go to joindeleteme.com
slash darknetdiaries and use promo code darknet at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries
and enter code darknet at checkout.
That's joindeleteme.com slash darknetdiaries and use code darknet.
Support for this show comes from Black Hills Information Security.
This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure.
I know a few people who work over there, and I can vouch they do very good work.
If you want to improve the security of your organization, give them a call. I'm sure they can help.
But the founder of the company, John Strand, is a teacher.
And he's made it a mission to make Black Hills Information Security world-class in security training.
You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more.
But get this, the whole thing is pay what you can.
Black Hills believes that great intro security classes do not need to be expensive, and they are trying to break down barriers to get more people into the security field.
And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range,
which is great for practicing your skills and showing them off to potential employers.
Head on over to BlackHillsInfosec.com to learn more about what services they offer
and find links to their webcasts to get some world-class training. That's BlackHillsInfosec.com. BlackHillsInfosec.com.
This story is Justina Pelletier, a 15-year-old girl living in Connecticut. By many accounts,
Justina was just your average teenage
girl. She liked listening to music, playing with her friends, and going to school. Except she was
ill. She suffered from mitochondrial disease. Mito is a genetic disease which causes poor growth,
poor muscle coordination, sensory problems, and organ diseases. This made Justina sick and limited
what she could do in her life.
But she was being treated for the disease. Justina's father is Lou Pelletier. I found
some archival tape of Lou telling the story of what happened to Justina. Here's a clip from that
tape. For two years, she's been under the care and the well-skilled care of Tufts Medical Center,
led by Dr. Mark Corson,
one of the leading mitochondrial doctors in the country,
and being treated successfully,
going to school, playing with the dogs.
January 23rd, her grandma's 92nd birthday,
she ice skated for her.
She gets the flu in early February,
conditions deteriorate rapidly, which is unfortunately when you have mito, your body just doesn't fight things the way other folks can.
And a decision was made that by her main doctor, a doctor at Coors and at Tufts, that she needs
to be seen by her stomach doctor.
Unfortunately, he and the rest of his GI team the month earlier had transferred over from
Tufts to Boston Children's Hospital. So on a snowy February 10th evening, she went by ambulance from
Connecticut Children's to Boston Children's. And within a few hours of her arrival a young neurologist came along and said oh there's no
such thing as mitochondrial disease didn't say what his game plan was but we're going to try a
different approach which we went along with we're we were game we're trying to get our daughter
better but within a very short period of time they had decided what she had was not medical was in her
head. And even though everything that's been done has been medically diagnosed,
medically verified, and as they would say insurance approved, nothing was done by
pushy parents making something happen. But on February 13th of 2013, my wife was given a sheet of paper
called the Guidelines of Care for Justina Pelletier, which just crushed us. It says,
you will not be allowed to speak to any doctors, including her Tufts doctors.
You will not be able to see the doctor you came here to see, Dr. Alex Flores,
world expert on GI motility and mitochondrial disease.
We are taking over, we are taking her off all her medications.
She had tachycardia, rapid heart rate, it took her off that, a number of different things.
When you have mitochondrial disease, you have serious vitamin deficiencies, which is because mitochondrial is your energy,
was taken off that. So by us saying on February 13th, we don't agree with what you're doing,
February 14th, I want to discharge my daughter to take her back to Tufts for an already pre-scheduled appointment with Dr. Corson.
And as I've said a few times before, Tufts Medical Center is not exactly Bob's Hospital.
They're one of the top medical facilities in the country.
And then that's where the nightmare totally began.
The hospital contacted Child Protective Services,
which in Boston is known as DCF, Department of Children and Families. The DCF removed Justina
from the custody of her parents and placed her under the custody of the state of Massachusetts,
all because of a medical disagreement between the parents and the hospital.
This was very traumatic for the Pelletier family.
They believed what they were doing was best for their daughter by listening to doctors and taking her to hospital so she can get better.
And after she was diagnosed, the daughter was taken away from the parents.
The parents had very short visiting times,
they were not allowed to talk to doctors,
and were sometimes even escorted out of the hospital by police.
To top it all off, the courts put a gag order on the
parents, restricting them from being able to talk to the press. Over a year goes by where Justina
remained in the Boston Children's Hospital, where she was treated for her illness. She was unable to
come home for her birthday or even Christmas because her home was the hospital, because she
was under custody of the state of Massachusetts.
And now it's March 5th, over a year later, almost 13 months later, and here we are. We have a daughter who's dying. She's in pain 24 hours a day because they've ignored it. And what has
happened since February 10th, her condition is now where she was ice skating going to school,
where now she's pretty much paralyzed below the hips, very little body strength above.
Educationally, she's dropped to, they think, to the second grade level.
She's been put through hell, through no fault of her own, through no fault of her parents who just followed
their doctor's advice. And the crush it's done to her, what it's done to our family,
financially, when you're fighting, as I said, David against not one Goliath, but two. We're
fighting state of Massachusetts and DCF, and we're fighting Boston Children's Hospitals.
And their pockets are a little bit deeper than ours.
But as you saw a few weeks ago, I decided I could not stand back anymore.
The gag order was lifted off Lou, and he could finally tell his story to the press.
After a year of being held in Boston Children's Hospital, she was well enough to leave.
But being under custody of the state of Massachusetts, she couldn't go home.
She was moved to a youth facility called Wayside, where she was treated for mental illness.
As of today, she is still at the Wayside facility, which, by the way, is a two-week
psychiatric residential facility, non-medical. She's been there six, seven weeks.
One of the things that transpired was last Monday, they had announced in the courtroom
they were going to move her to a facility called the Shared Living Collaborative. Part of the
nightmare that went on, if you saw the media, you saw that my wife actually passed out outside the courtroom. Two days later, shared living collaborative said,
no, no, no, no, we want nothing to do with Ms. Pelletier at this point because of all the media
scrutiny. So basically, she's in a facility that's designed to keep people two weeks or less and non-medical and she's been there you know six seven plus weeks
we were there the friday before the court and our weekly visit and i mentioned this because it's
very important justina's shirt bottom had happened to lift up and my wife and daughter saw the severe
dark red lines coming out of her port where her surgery was.
That's sepsis. It's poison.
If we didn't raise the red flag, DCF officials were in there laughing.
She could be in serious medical shape even worse today or not be here today.
Our family has gone through 13 months of any family's worst nightmare.
That any hospital could take a child away from a family that was doing no wrong and have no recourse as far as getting her back.
Because of how chilling the story sounds and how desperate the parents seem to be,
the press ate this story up.
News agencies around the nation went wild talking about Justina.
Lou conducted numerous interviews for national news,
such as Fox News, Glenn Beck, and even the Dr. Phil show.
People around the country were frightened and shocked,
and even outraged by such a story.
Social media was abuzz talking about how horrible it was that the hospital took Justina away from her parents.
Once the news became national coverage, an ominous video was uploaded to YouTube by Anonymous.
Here's a clip from that video.
Greetings fellow citizens, we are anonymous. It has come to our attention that a 15-year-old girl by the name of Justina Pelletier has
been held against her will by the state of Massachusetts for over one year.
Justina has a condition known as mitochondrial disease however the Boston Children's Hospital
believes that it all is merely in her head and as a result she has been detained in addition
to being tortured physically and mentally by this corrupted system for nothing more than being sick?
Anonymous and the American people will not tolerate this abuse of our children and will
retaliate using whatever means necessary in order to protect our fellow citizens from
this abusive and manipulative behavior.
We will punish all those held accountable and will not relent until Justina is free. Test us and you shall fail. This will be your first
and final warning. Failure to comply with our demands will result in retaliation
and the likes which you have never seen. Free Justina and return her home to her
family. The voice of the people shall be heard. We are anonymous. We are legion.
We do not forgive. We do not forget. Expect us. Operation Justina engaged.
The video also included many names of employees of Boston Children's Hospital,
as well as the judge that saw the case,
calling for these people to be fired or threatened.
The next day, Twitter messages started showing up.
A user by the name of AnonMcCuriel2
started calling Anonymous to engage on attacks against the hospital,
using the hashtag OpJustina.
Anonymous also posted public dumps of private information of the judge
and the doctors who took care of Justina, listing their address, home phone number, and more.
The hospital saw the docs that were posted of the doctors' and lawyers' home address
and their phone numbers.
And they saw the video.
And they saw the tweets.
They knew an attack was coming, but they didn't know when or how big.
The hospital called the police. Because what else can you do in a situation like this?
Even though the police can't protect you against a cyber threat, you feel like there's no other
option. And it's good to inform them anyways. So the police were on alert.
Protesters started gathering outside the hospital with signs saying,
Free Justina, but the protesters remained peaceful.
On April 14, 2014, members from Anonymous began a network attack
on the Boston Children's Hospital.
It was a typical denial-of of service attack, a DOS. The attackers
were sending a large amount of web traffic to the hospital's website, so much that the web server
couldn't handle all the traffic, and the website was unusable. Anyone who tried to visit the
hospital's website would see a server error and not see the website at all. This DOS attack was
not that bad, though. The hospital was on full alert and had the appropriate staff on hand
to block each IP that was attacking the hospital.
The hospital was blocking IP address after IP address, one at a time.
And shortly after an IP was blocked, a new flood of traffic would come from a new IP.
So this hospital had to block that new IP, too.
It was like a game of whack-a-mole.
Attacks kept coming from new IPs day after day like a game of whack-a-mole. Attacks kept coming from new IPs
day after day for a solid week. April 19th rolls around. It's Patriots Day, which is a state holiday
in Massachusetts. And it's also the one-year anniversary of the Boston Marathon bombing.
And it's also the day of a big fundraiser campaign that was being done for the Boston Children's
Hospital. And the main way to donate to their hospital was through the website.
The IT department of the hospital was growing increasingly concerned.
On this day, the DOS attack got much bigger. It knocked out not only the main website,
which prevented people from donating to the fundraising campaign, but it also took down many more systems on the hospital's public network. Harvard University is affiliated with
Boston Children's Hospital, and they share the same network. So not only were sites at the hospital
down, but now part of Harvard's network was going down too. The hospital brought in additional help
to come and defend the network. They hired network incident responders. They were able to come in,
put devices in, and block even more traffic, and monitor the situation even closer.
Even though the attack had grown much larger, it was managed, and the websites were starting to come back up.
But the media kept running the story of how Justina was taken from her parents.
This resulted in a groundswell of protesters outside the hospital and courtrooms. Shame! Shame! Shame!
Free Justina! Free Justina! Free Justina! Free Justina!
At some point, too, a video was leaked from Justina,
pleading to be sent home and that she misses her family so much.
All this just added fuel to the anonymous campaign of Op Justina.
New anonymous supporters were joining in,
and the DOS against the hospital was growing
larger and getting more serious. The attackers began blitzing the phone lines and calling in
and telling whoever answered that their bank account was compromised. They were sending in
a lot of spam emails too, and phishing emails, and at some point, an employee of the hospital
clicked on a phishing email, and hackers were able to get into the hospital's mail server.
They started reading emails, and even joined some conference calls and then posted the transcripts
of those calls online. More DOS attacks were happening and more websites were going down.
Sites that were disrupted were research sites, philanthropist sites, fundraiser sites, provider
portals, patient portals, and more. When the hospital found that someone was in the mail server,
they shut down the mail server for 24 hours, stopping all email in and out of the hospital.
The email server had 15,000 user accounts, so you can imagine how hard it would be to communicate
to this many people when email is unavailable. The attacks continued day after day, week after week,
and the attacks grew larger and larger every day. It eventually spiked all the way
up to 27 gigs per second. Up until this point, word about the attacks has been kept quiet.
But when the email server went down, the Boston Globe News Agency heard about this and ran a story
about it, indicating the hospital was under a severe attack from Anonymous. This was the front
page story of the Boston Globe. When that happened, one of the more popular anonymous accounts tweeted,
To all the Anons attacking the Children's Hospital in the name of Anonymous,
it's a hospital. Stop it.
The next day, the attack stopped. Almost completely.
After three weeks of a continuous distributed denial of service attack,
the network traffic returned to normal.
We know these events occurred because the CIO of the hospital posted an article in the network traffic returned to normal. We know these events occurred because
the CIO of the hospital posted an article in the New England Journal of Medicine describing
everything that happened. The hospital estimated that this attack cost $300,000 in damages.
It seemed the point had been made, and the network returned to normal. The hospital collected all the
logs of the attack and gave it to the police. Then the FBI
got involved and started building a case. They saw the attacks were coming from hundreds of different
This episode is sponsored by SpyCloud. With major breaches and cyber attacks making the news daily,
taking action on your company's exposure is more important than ever. I recently visited
spycloud.com to check
my darknet exposure and was surprised by just how much stolen identity data criminals have at their
disposal. From credentials to cookies to PII. Knowing what's putting you and your organization
at risk and what to remediate is critical for protecting you and your users from account
takeover, session hijacking, and ransomware. SpyCloud exists to disrupt
cybercrime with a mission to end criminals' ability to profit from stolen data. With SpyCloud,
a leader in identity threat protection, you're never in the dark about your company's exposure
from third-party breaches, successful phishes, or info-stealer infections. Get your free Darknet exposure report at spycloud.com slash darknetdiaries.
The website is spycloud. So the FBI went to YouTube.
YouTube as in the company, like Google, actually.
It's actually common that the FBI asks YouTube or Google for data like this.
If a Google user is suspected to have committed a crime and there's evidence in that user's account,
that data can be turned over to the FBI.
So the FBI asked to turn over any information on who owned the YouTube account that posted that anonymous video.
The account was found to be owned by Martin Gottsfeld,
a 31-year-old male from Somerville, Massachusetts.
On September 29, 2014, the FBI obtained a search warrant for Martin's house.
On October 1, the FBI met with Martin.
Martin admitted to posting the video,
but not conducting the attack. The FBI interviewed Martin's friend, who said Martin did admit to doing the attack. When the FBI searched Martin's computers, they found Martin owned the anonymous
Twitter account, which called for the attacks against the hospital. They also found chat logs
where Martin and someone else was planning the attacks.
The FBI continued their investigation for over a year, collecting more evidence and keeping an eye on Martin.
In February 2016, Martin and his wife disappeared.
Not answering calls from friends, not going to work, not talking to family, and not talking to police or FBI.
The FBI agent went to Martin's house, but nobody was home,
and the car wasn't there either.
Martin and his wife could not be found.
They had gone missing for two whole weeks.
Neither the police or FBI knew where they were.
Then an FBI agent in the Bahamas discovered their location.
Martin and his wife were on board a Disney cruise ship not far from Cuba.
But the couple weren't actually passengers on the ship.
They weren't employees or stowaways either.
They started out on a sailboat from Miami and were possibly headed to Cuba when something went wrong on their boat.
Martin's wife called for help and the nearest ship to respond was the Disney cruise ship.
It rescued them.
On board their sailboat was some luggage and three laptops. The FBI took them into custody upon arriving back in Miami. Martin is still in jail
today, still awaiting his trial and sentencing. While in jail, he wrote a letter to Huffington
Post titled, Why I Knocked Boston Children's Hospital Off the Internet. It reads, in part,
The answer is simpler than you might think. The defense of an innocent, learning-disabled
15-year-old girl. I had heard many, too many, such horror stories of institutionalized children
who were killed or took their own lives in the so-called troubled teen industry. I never
imagined a renowned hospital would be capable of such brutality, and no amount of other good work could justify torturing Justina.
Their network was strong, well-funded, but especially vulnerable to a specific attack.
Apparently, Boston Children's Hospital was unwilling to architect around the problem.
I see such laziness often in my work, and it leaves our nation vulnerable.
I had spent my career building cyber defenses.
For the first time, I was on the
offense. I coded around the clock for two weeks to perfect the attack. Small test runs were made.
Boston Children's Hospital bragged to the media that they were withstanding the onslaught
and hadn't been taken down. They had no idea what was to come. I finished the code just in time.
It ran. Boston Children's Hospital's donations page went down.
As they were down, I was nervous. I left it running for a few hours.
Then, with some donation time still left, I issued the command to stop the attacks.
The point had been made. Justina wasn't defenseless.
Under the banner of Anonymous, she and other institutionalized children could
and would be protected. Martin had previously advocated for children in the troubled teen
industry and spoken out about other mental health homes for children. But with these statements from
him directly and the FBI's affidavit, it seems like Martin was the person who started this campaign
and waged the attacks himself.
But the courts will ultimately decide that.
Martin's wife has set up a campaign called Free Marty G, and it has a tagline,
He helped her, now let's help him.
Leading up to Martin's court arraignment, he went on a two-week hunger strike.
At the arraignment, Martin pleaded not guilty, even though he previously admitted to doing the attack. And then he fainted in the court because of the hunger strike.
He could be facing 15 years in prison for violating the Computer Fraud and Abuse Act.
And recently, he's been trying to run for Senate while in jail.
I don't understand how that's possible, and I'm not even going to go into that.
As far as Justina goes,
the protests outside the hospital kept growing in size
and at some point even got hundreds of supporters
outside chanting to free her.
More and more media coverage was given to her cause
and after 16 months of being kept away from her parents,
a judge ordered she could return home.
When I was on my way back to my office,
my wife's phone calling in, who's on the phone, Justina,
and screaming, Daddy, Daddy, I'm coming home.
And I just, praise the Lord, she's coming home,
no strings attached, she is back to being part
of the Pelletier family, and we can start beginning
the healing process.
And now, a few years later, Justina is still at home with her family.
Still not yet able to walk, but her health has been improving since she's been home.
And we still haven't heard a clear story from the side of the hospital or the state on why she was taken away.
So it still remains a one-sided story.
The Pelletier family is now suing the hospital over
this incident, claiming that during her visit, she was not treated properly. That lawsuit is still
going on. The more I research the story, the more bothered I am by someone attacking a hospital over
this. Yeah, the medical industry is really weird in America and sometimes seems corrupt, but Jesus,
if I get sick and go to hospital,
I don't want to worry about someone attacking it over some custody case that I have nothing to do with.
The national news did a good job of drawing attention to this controversy.
There was no need to draw more attention,
and by the time the attack was done on the hospital, Justino wasn't even there.
Hospitals are under-resourced when it comes to IT budgets and security.
If they have to
choose between saving a life or keeping the network up, they're going to save a life. But I'm curious
to hear what you think. Yeah, you, the one listening to this right now. Same question I asked you at
the beginning. Is it ever okay for hacktivists to attack a hospital like this? Was this attack
justified? Let me know on Twitter. Use hashtag darknet Diaries and let me hear what you think.
You've been listening to Darknet Diaries.
This episode is created by me, Jack Recider.
Music is created by Kevin McLeod and Jazar.
You know what really makes my day
is when I see someone post on social media
a picture of them listening to the show.
Even a screenshot of them listening on their phone is awesome.
Or when someone donates to the Darknet Diaries Patreon.
If you do either of these, please, no, you're putting a smile on my face for the whole rest of the day.
It really means a lot to me.
Thank you so much.
You know, online privacy isn't dead. You can protect yourself, and you should. Thank you so much. is serious about your privacy and has a great VPN client. To find out which personal VPN service I recommend,
check out darknetdiaries.com slash VPN.
There you can find a link to my favorite VPN provider.
And if you sign up using that link,
not only will you get to try it free,
but you'll also be supporting this show.
So if you're ready to take your online privacy seriously,
go to darknetdiaries.com slash VPN.