Diary: Internet trolls, Twitter rape threats and putting Jane Austen on our banknotes

Caroline Criado-Perez starts the week in triumph as the Bank of England agrees to keep women of merit on our banknotes . . . and sinks into despair as trolls on Twitter line up the promises to rape, torture and kill her.

You are invited to read this free preview of the upcoming New Statesman, out on 8 August. To purchase the full magazine - with our signature mix of opinion, longreads and arts coverage, plus columns by Laurie Penny, Will Self, Rafael Behr and John Pilger, as well as our cover features on John F Kennedy and all the usual books and arts coverage - please visit our subscription page
 
 
It’s Wednesday morning and I’m still debating whether or not to wear my Jane Austenesque dress down to Hampshire. I’m about to attend a public announcement by the Bank of England that, in response to three months of campaigning for female representation on banknotes, it is instigating a review of its procedures and will in the meantime confirm Austen for the next tenner.
 
I opt for a simple red dress, concerned that otherwise the media will paint me as some sort of deranged Jane Austen fangirl – which, to be fair, I am. And, as it happens, I end up painted as such in the press anyway.
 
I head off, purged of Regency regalia, to Austen’s house, where I look forward to being able to announce finally what I’ve known for over a week: that we took on an establishment institution and won.
 
Standing next to the Bank of England governor, Mark Carney, and the politicians Stella Creasy and Mary Macleod, I think: this is an amazing experience.
 

Torrent of abuse

 
But then, suddenly, it isn’t. Among the many good wishes pouring into my Twitter timeline, one @JackRiley92 has decided to let me know that he has taken umbrage at the outcome of my campaign. And he lets me know in a way used by domineering men down the ages when a woman gets a bit uppity: he makes a threat of rape – to be specific, violent anal rape.
 
This is just the beginning. Over the next couple of weeks I receive a steady stream of violent abuse, including rape and death threats. At its peak I am getting about one threat a minute, with men discussing how they will rape me together, which parts of my body will be penetrated and exactly how they are going to kill me. They are still coming in now – the latest: a death-throughgang- rape threat where I’m told to “KISS YOUR PUSSY GOODBYE AS WE BREAK IT IRREPARABLY”.
 
I feel like pointing out that if I’m dead, the state of my “pussy” will be the least of my concerns, but it seems a bit pedantic. 
 

Knock, knock! Who’s there?

 
The threats are vivid, graphic, horrific. I can’t help visualising them. I stop eating, I can’t sleep, I keep crying from sheer exhaustion and despair at the hatred for women that is pouring relentlessly into my Twitter feed.
 
While I am in this state, the media come knocking – literally. A London Evening Standard journalist turns up on my doorstep at 10.15pm on Sunday night. My first reaction is a surge of adrenalin and fear; my second, fury at the thoughtless insensitivity. Then back to fear, as I wonder how she has found my address.
 
For the most part, though, the media are supportive and understanding, if relentless. I am pleased that they are running the story – what is happening to me has happened to too many other people before, without anyone batting an eyelid. It is good to see it taken seriously and I feel it’s my responsibility to speak to as many journalists as I can, in part to put pressure on platforms such as Twitter, and on the police, to take it seriously. If this has to happen to me, I am determined that I will use it to try as hard as I can to make sure it doesn’t happen to anyone else. It’s vital to make sure no one else is silenced.
 

Asking for it

 
Perhaps inevitably, given the antipathy towards any woman who isn’t a good, quiet little miss, it isn’t long before soi-disant supporters turn on me. “This is getting boring,” I am told. “Enough now.” I am making people uncomfortable. If I continue to “feed the trolls”, I deserve all I get. Never mind that ignoring or blocking only results in new accounts being set up – or the trolls simply finding a new victim. Never mind that my “trolls” are trying to shut me up. Never mind: take this awkward truth away.
 
Given the celebrity-obsessed society we live in, it is no surprise that a regular dripdrip of tweets comes through accusing me of “milking” the threats for fame, as if I had somehow invited them. As if I – as if anyone – could enjoy it. Some people, clearly more enterprising than me, accuse me of making money out of the situation. This is a suggestion that has sadly yet to come to fruition.
 

Now what?

 
The past couple of weeks have been surreal. Before the whirlwind of rape threats and press interviews, I was finishing up my MSc at LSE (now deferred) and campaigning for the use of more women experts in the media through the online directory the Women’s Room. The most high-profile thing I’d ever done was run the banknotes campaign – a campaign I started in a moment of rage at yet another decision wiping out women’s contribution to history, hampering the aspirations of young girls growing up without female role models. I was just another anonymous voice in the melee.
 
Now, I no longer recognise my life. I am suddenly someone with a “platform” and despite the abuse that got me here, this has made me public property. Suddenly I am contacted by anyone and everyone with a grievance or a story to run. I am expected to hold forth on all the ills of the world, I must condemn people and acts on request, and if I don’t, if I am just struggling to keep my head above water right now, I am deemed inadequate – someone to be pilloried.
 
The response from Twitter is initially woeful: the head of journalism and news, Mark Luckie, locks his account and blocks me personally as a result of people contacting him to tell him about the abuse I am receiving. The police are initially quick to respond but then achingly slow to act. Now, no doubt due to the intense media coverage, they are both acting. Twitter has taken some baby steps towards supporting the victims rather than the criminals, and the police have applied the resources they need to the problem and made some arrests. The next step is to make sure that this is a solution for everyone, not just those with a “platform”.
 
I don’t know where my life will go from here. I wonder whether the abuse will ever stop. I wonder if I am for ever doomed to be “that rapey girl off Twitter”. I wonder if I will ever gain control over my life again.
Caroline Criado-Perez (right) with Mary Macleod, Mark Carney and Stella Creasy unveiling the new Jane Austen £10 note. Photo: Getty

Caroline Criado-Perez is a freelance journalist and feminist campaigner. She is also the co-founder of The Women's Room and tweets as @CCriadoPerez.

This article first appeared in the 12 August 2013 issue of the New Statesman, What if JFK had lived?

Getty
Show Hide image

How hackers held the NHS to ransom

NHS staff found their computer screens repleaced by a padlock and a demand for money. Eerily, a junior doctor warned about such an attack days earlier. 

On Friday, doctors at Whipps Cross Hospital, east London, logged into their computers, but a strange red screen popped up. Next to a giant padlock, a message said the files on the computer had been encrypted, and would be lost forever unless $300 was sent to a Bitcoin account – a virtual currency that cannot be traced. The price doubled if the money wasn’t sent within six days. Digital clocks were counting down the time.

It was soon revealed Barts Health Trust, which runs the hospital, had been hit by ransomware, a type of malicious software that hijacks computer systems until money is paid. It was one of 48 trusts in England and 13 in Scotland affected, as well as a handful of GP practices. News reports soon broke of companies in other countries hit. It affected 200,000 victims in 150 countries, according to Europol. This included the Russian Interior Ministry, Fedex, Nissan, Vodafone and Telefonica. It is thought to be the biggest outbreak of ransomware in history.

Trusts worked all through the weekend and are now back to business as usual. But the attack revealed how easy it is to bring a hospital to its knees. Patients are rightly questioning if their medical records are safe. Others fear hackers may strike again and attack other vital systems. Defence minister Michael Fallon was forced to confirm that the Trident nuclear submarines could not be hacked.

So how did this happen? The virus, called WannaCry or WannaDecrypt0r, was an old piece of ransomware that had gained a superpower. It had been combined with a tool called EternalBlue which was developed by US National Security Agency spies and dumped on the dark web by a criminal group called Shadow Brokers. Computers become infected with ransomware when somebody clicks on a dodgy link or downloads a booby-trapped PDF, but normally another person has to be fooled for it to harm a different computer. EternalBlue meant the virus could cascade between machines within a network. It could copy itself over and over, moving from one vulnerable computer to the next, spreading like the plague. Experts cannot trace who caused it, whether a criminal gang or just one person in their bedroom hitting "send".

Like a real virus, it had to be quarantined. Trusts had to shut down computers and scan them to make sure they were bug-free. Doctors – not used to writing anything but their signature – had to go back to pen and paper. But no computers meant they couldn’t access appointments, referral letters, blood tests results or X-rays. In some hospitals computer systems controlled the phones and doors. Many declared a major incident, flagging up that they needed help. In Barts Health NHS Trust, ambulances were directed away from three A&E departments and non-urgent operations were cancelled.

The tragedy is that trusts had been warned of such an attack. Dr Krishna Chinthapalli, a junior doctor in London, wrote an eerily premonitory piece in the British Medical Journal just two days earlier telling hospitals they were vulnerable to ransomware hits. Such attacks had increased fourfold between 2015 and 2016, he said, with the money being paid to the criminals increased to $1bn, according to the FBI. NHS trusts had been hit before. A third reported a ransomware attack last year, with Imperial College London NHS Trust hit 19 times. None admitted to paying the ransom.

Hospitals had even been warned of this exact virus. It exploited a vulnerability in Microsoft Windows operating systems – but Microsoft had been tipped off about it and raised the red flag in March. It issued a patch – an update which would fix it and stop systems being breached this way. But this patch only worked for its latest operating systems. Around 5 per cent of NHS devices are still running the ancient Windows XP, the equivalent of a three-wheeled car. Microsoft said it would no longer create updates for it two years ago, rendering it obsolete.

There are many reasons why systems weren’t updated. Labour and the Lib Dems were quick to blame the attack on lack of Tory funding for the NHS. It is clear cost was an issue. Speaking on BBC Radio 4’s PM programme on Saturday, ex-chief of NHS Digital Kingsley Manning estimated it would take £100m a year to update systems and protect trusts against cyber attacks. Even if that money was granted, there is no guarantee cash-strapped trusts would ringfence it for IT; they may use it to plug holes elsewhere.

Yet even with the money to do so updating systems and applying patches in hospitals is genuinely tricky. There is no NHS-wide computer system – each trust has its own mix of software, evolved due to historical quirk. New software or machines may be coded with specific instructions to help them run. Changing the operating system could stop them working – affecting patient care. While other organisations might have time to do updates, hospital systems have to be up and running 24 hours a day, seven days a week. In small hospitals, it’s a man in a van manually updating each computer.

Some experts believe these are just excuses; that good digital hygiene kept most trusts in the UK safe. "You fix vulnerabilities in computers like you wash your hands after going to the toilet," said Professor Ross Anderson, a security engineering expert at Cambridge University. "If you don't, and patients die, excuses don't work and blame shifting must not be tolerated."

It is not known yet if any patients have died as a result of the attack, but it certainly raised fears about the safety of sensitive medical records. This particular virus got into computer files and encrypted them – turning them into gooble-de-gook and locking doctors out. Systems were breached but there have been no reports of records being extracted. Yet the scale of this attack raises fears in future the NHS could be targeted for the confidential data it holds. "If it’s vulnerable to ransomware in this way, it could be vulnerable to other attacks," said Professor Alan Woodward security expert at the University of Surrey's department of computing.

In the US, there have been examples where ransomware attacks have led to patient data being sucked out, he said. The motivation is not to embarrass people with piles or "out" women who have had an abortion, but because medical information is lucrative. It can be sold to criminals for at least $10, a price 10 times higher than can be earned by selling credit card details. Dossiers with personal identification information – known as "fullz" on the dark web – help crooks commit fraud and carry out scams. The more personal details a conman knows about you the more likely you are to fall for their hustle.

Hospital data is backed up at least hourly and three copies are kept, one offsite, so it is unlikely any medical records or significant amounts of data will have been lost – although the hack will cost the NHS millions in disruption. A British analyst, who tweets under the name Malware Tech, became an unlikely hero after accidentally finding a killswitch to stop the virus replicating. He registered a website, whose presence signalled to the virus it should stop. Yet he admits that a simple tweak of the code would create a new worm able to infect computers.

Experts warn this event could trigger a spate of copycat attacks. Hacker may turn their eyes to other public services. Dr Brian Gladman, a retired Ministry of Defence director, and ex-director of security at Nato, points out that our entire infrastructure, from the national grid, food distribution channels to the railways rely on computer systems. We now face an arms race – and criminals only have to get lucky once.

"We’re going to get more attacks and more attacks and it’s going to go on," he said. "We’ve got to pay more attention to this."

Madlen Davies is a health and science reporter at The Bureau of Investigative Journalism. She tweets @madlendavies.

0800 7318496