Elise Andrew: "There is a lot of pseudo-science and nonsense out there on the internet"

The founder of the hugely popular "I Fucking Love Science" Facebook group talks to Nicky Woolf.

Elise Andrew, 23, from Suffolk, graduated with a degree in biology from the University of Sheffield this year. Nine months ago she founded the Facebook page “I Fucking Love Science”, which last week passed two million “likes” on the social networking site and is still climbing. Her other three pages, “Earth Story”, “Evolution” and “The Universe” boast almost a further million "likes" between them.

Her posts are usually either amazing new photographs, news of new discoveries or theories or light-hearted re-posts of science-related cartoons or humour, or, occasionally, posts debunking what she describes as “pseudo-science”. Because of her incredible global audience, she is one of science's most potent advocates.

Here's my interview with Elise:

You've just passed two million “likes” - that's a greater reach than most big media organisations. How does it feel?
It's overwhelming. It's very overwhelming. I don't know how much you know about how it started, but I was just bored and interested; I never anticipated getting even a hundred, a thousand – two million is very scary!

Does it feel pressured?
It is, obviously. I haven't got any media or journalism training, [and] it is a lot of responsibility; if I show something inaccurate or wrong, it goes out to two million people. There is a lot of pressure involved. I live in fear of making a typo.

Has anything ever gone wrong?
I've never shown things that were inaccurate. Somebody tried to troll Reddit and faked a Neil Degrasse Tyson quote, and I shared it not realising it was a fake. With quotes it's much more difficult to track; it's something that happened to go online, and it's difficult to keep track of who said what and when. I'm using quotes less now.

Where do most of your posts come from? Do you use Reddit?
I don't actually use Reddit myself – but a lot of my fans do, and they post on the wall. A lot of it is news, and that comes from various different news sites. We get a lot of stuff posted on the wall, and I create a lot myself.

You recently said that your "this week in science" feature was your most shared.
Yeah. It got a mention on [popular American comedy podcast] the Joe Rogan Experience; and Richard Dawkins' website reposted it.

How did that feel?
Good! Really good, actually. The person who mentioned it on the Joe Rogan experience, [neuroscientest and science journalist Cara Santa Maria] is a hero of mine, so that was very exciting.

How did the idea come up?
I used to post all this stuff to my personal page, one day a friend of mine said “you're clogging up my news feed, you should make a page” – and I got a thousand "likes" in the first day.

Why do you think it has been so successful? Does the name have something to do with it?
I think the name is a big part of it. The nice thing about the name is that you can't ignore it, you have to go and look. A lot of people view science as dull or boring, and I think the stance we take, using humour, not taking ourselves too seriously... I think people enjoy that. I think it's quite refreshing.

How much time does it take to run the page?
It is a lot of time. It is kind of an obsession, to be honest, and I'm lucky that I work in social media and I got my job through [running the page], so they don't mind me doing it at work. It's hard to put a number of hours on it, because it's kind of constant in the background. But: a lot.

Where next?
We're looking at making a website at the moment; somewhere I can post longer articles. It's not that you don't have space on Facebook, but I think I'd lose people's attention. Hmm. People have been asking about merchandise for months and months, but I'm wary about it. Then there's the Science Channel thing. There's lots of things people want for the page, but at the moment it's something I do for fun. I don't want it to change direction too much, I don't want it to become something different. I think it's fun, and I think people learn along the way, because they enjoy it.

Has the site led to other things?
We're in the middle of talking to the Science Channel about a deal, that's very exciting. Not anything huge; a nine-month thing. Short educational videos, only online, testing the waters. Then maybe it will develop into more in the future. I got my job... I work for LabX Media doing their social media, and a whole bunch of pages for them, I got that job because of this page.

Do you feel you are a representative for good science, against bad?
It is difficult, because we get a lot of nonsense posted on our wall. All this stuff about about when the world's going to end, or that we are going into some "photonic belt"... I do feel the need to respond to that. I try to let it go, but after the fiftieth message it becomes very frustrating. I'm trying not to, because it's good not to give these people a platform... but there are times when it becomes very frustrating.

Like the picture you ridiculed the other day of the supposed planetary alignment over the pyramids?
Yes. People were posting it to my wall fifty million times a day. It is frustrating. There is a lot of pseudo-science and nonsense out there on the internet, and everyone feels the need to send it to me. And I'm sitting there thinking: it isn't real! Stop it!

Are you in a good position to debunk this sort of thing?
Yes. [Newspapers like] the Guardian are too, but the thing about social media is the virality; that kind of reach is incredible. But a lot of pseudo-science spreads online too. All the stuff about the Mayans: that spread online. Often, some people dress something up to make it sound scientific, use scientific words, call themselves doctor something-or-other, and then you look them up, and they're trying to make it sound like something it's not. There's this entire field that's adding the word “quantum” to everything. It doesn't even make sense in that context. The latest thing is people talking about the "photonic belt" that the earth is apparently going to pass through – it doesn't mean anything, but it sounds like science – "photons" – so people take it seriously.

Do you want to be debunking pseudo-science more?
I want to, but I think that's not as much fun. And it gives them a platform that they don't deserve. For example, I would love to spend all day talking about how idiotic creationism is; the idea that the world was created six thousand years ago, but people don't want to hear about it every day.

Do you get abuse?
We get a lot of commenting, there are flame-wars under the threads; we've had individuals commenting, but no group attacks. I think they expect to be called idiotic. If you're going to believe crazy things, people are going to laugh at you.

 

Elise Andrew's most recent "this week in science" feature. Photo: the “I Fucking Love Science” Facebook group

Nicky Woolf is a writer for the Guardian based in the US. He tweets @NickyWoolf.

Getty
Show Hide image

How hackers held the NHS to ransom

NHS staff found their computer screens repleaced by a padlock and a demand for money. Eerily, a junior doctor warned about such an attack days earlier. 

On Friday, doctors at Whipps Cross Hospital, east London, logged into their computers, but a strange red screen popped up. Next to a giant padlock, a message said the files on the computer had been encrypted, and would be lost forever unless $300 was sent to a Bitcoin account – a virtual currency that cannot be traced. The price doubled if the money wasn’t sent within six days. Digital clocks were counting down the time.

It was soon revealed Barts Health Trust, which runs the hospital, had been hit by ransomware, a type of malicious software that hijacks computer systems until money is paid. It was one of 48 trusts in England and 13 in Scotland affected, as well as a handful of GP practices. News reports soon broke of companies in other countries hit. It affected 200,000 victims in 150 countries, according to Europol. This included the Russian Interior Ministry, Fedex, Nissan, Vodafone and Telefonica. It is thought to be the biggest outbreak of ransomware in history.

Trusts worked all through the weekend and are now back to business as usual. But the attack revealed how easy it is to bring a hospital to its knees. Patients are rightly questioning if their medical records are safe. Others fear hackers may strike again and attack other vital systems. Defence minister Michael Fallon was forced to confirm that the Trident nuclear submarines could not be hacked.

So how did this happen? The virus, called WannaCry or WannaDecrypt0r, was an old piece of ransomware that had gained a superpower. It had been combined with a tool called EternalBlue which was developed by US National Security Agency spies and dumped on the dark web by a criminal group called Shadow Brokers. Computers become infected with ransomware when somebody clicks on a dodgy link or downloads a booby-trapped PDF, but normally another person has to be fooled for it to harm a different computer. EternalBlue meant the virus could cascade between machines within a network. It could copy itself over and over, moving from one vulnerable computer to the next, spreading like the plague. Experts cannot trace who caused it, whether a criminal gang or just one person in their bedroom hitting "send".

Like a real virus, it had to be quarantined. Trusts had to shut down computers and scan them to make sure they were bug-free. Doctors – not used to writing anything but their signature – had to go back to pen and paper. But no computers meant they couldn’t access appointments, referral letters, blood tests results or X-rays. In some hospitals computer systems controlled the phones and doors. Many declared a major incident, flagging up that they needed help. In Barts Health NHS Trust, ambulances were directed away from three A&E departments and non-urgent operations were cancelled.

The tragedy is that trusts had been warned of such an attack. Dr Krishna Chinthapalli, a junior doctor in London, wrote an eerily premonitory piece in the British Medical Journal just two days earlier telling hospitals they were vulnerable to ransomware hits. Such attacks had increased fourfold between 2015 and 2016, he said, with the money being paid to the criminals increased to $1bn, according to the FBI. NHS trusts had been hit before. A third reported a ransomware attack last year, with Imperial College London NHS Trust hit 19 times. None admitted to paying the ransom.

Hospitals had even been warned of this exact virus. It exploited a vulnerability in Microsoft Windows operating systems – but Microsoft had been tipped off about it and raised the red flag in March. It issued a patch – an update which would fix it and stop systems being breached this way. But this patch only worked for its latest operating systems. Around 5 per cent of NHS devices are still running the ancient Windows XP, the equivalent of a three-wheeled car. Microsoft said it would no longer create updates for it two years ago, rendering it obsolete.

There are many reasons why systems weren’t updated. Labour and the Lib Dems were quick to blame the attack on lack of Tory funding for the NHS. It is clear cost was an issue. Speaking on BBC Radio 4’s PM programme on Saturday, ex-chief of NHS Digital Kingsley Manning estimated it would take £100m a year to update systems and protect trusts against cyber attacks. Even if that money was granted, there is no guarantee cash-strapped trusts would ringfence it for IT; they may use it to plug holes elsewhere.

Yet even with the money to do so updating systems and applying patches in hospitals is genuinely tricky. There is no NHS-wide computer system – each trust has its own mix of software, evolved due to historical quirk. New software or machines may be coded with specific instructions to help them run. Changing the operating system could stop them working – affecting patient care. While other organisations might have time to do updates, hospital systems have to be up and running 24 hours a day, seven days a week. In small hospitals, it’s a man in a van manually updating each computer.

Some experts believe these are just excuses; that good digital hygiene kept most trusts in the UK safe. "You fix vulnerabilities in computers like you wash your hands after going to the toilet," said Professor Ross Anderson, a security engineering expert at Cambridge University. "If you don't, and patients die, excuses don't work and blame shifting must not be tolerated."

It is not known yet if any patients have died as a result of the attack, but it certainly raised fears about the safety of sensitive medical records. This particular virus got into computer files and encrypted them – turning them into gooble-de-gook and locking doctors out. Systems were breached but there have been no reports of records being extracted. Yet the scale of this attack raises fears in future the NHS could be targeted for the confidential data it holds. "If it’s vulnerable to ransomware in this way, it could be vulnerable to other attacks," said Professor Alan Woodward security expert at the University of Surrey's department of computing.

In the US, there have been examples where ransomware attacks have led to patient data being sucked out, he said. The motivation is not to embarrass people with piles or "out" women who have had an abortion, but because medical information is lucrative. It can be sold to criminals for at least $10, a price 10 times higher than can be earned by selling credit card details. Dossiers with personal identification information – known as "fullz" on the dark web – help crooks commit fraud and carry out scams. The more personal details a conman knows about you the more likely you are to fall for their hustle.

Hospital data is backed up at least hourly and three copies are kept, one offsite, so it is unlikely any medical records or significant amounts of data will have been lost – although the hack will cost the NHS millions in disruption. A British analyst, who tweets under the name Malware Tech, became an unlikely hero after accidentally finding a killswitch to stop the virus replicating. He registered a website, whose presence signalled to the virus it should stop. Yet he admits that a simple tweak of the code would create a new worm able to infect computers.

Experts warn this event could trigger a spate of copycat attacks. Hacker may turn their eyes to other public services. Dr Brian Gladman, a retired Ministry of Defence director, and ex-director of security at Nato, points out that our entire infrastructure, from the national grid, food distribution channels to the railways rely on computer systems. We now face an arms race – and criminals only have to get lucky once.

"We’re going to get more attacks and more attacks and it’s going to go on," he said. "We’ve got to pay more attention to this."

Madlen Davies is a health and science reporter at The Bureau of Investigative Journalism. She tweets @madlendavies.

0800 7318496