Ransomware, Windows XP and the NSA leak that started it all
While we scramble to manage the global spread of antibiotic resistant superbugs, another form of superbug has struck the world's hospitals. This digital superbug has frozen access to patient data systems, caused ambulances to be diverted and rendered MRI, CT and ultrasound devices temporarily inoperable. In the wake of this recent global cyberattack we are left asking, how did this happen and can we stop it happening again?
On Friday May 12 the world was struck by an unprecedented ransomware cyberattack infecting, at the time of writing, over 230,000 computer systems across 150 countries (and rising). Dubbed "WannaCry," the ransomware gains control of a victim's system and then encrypts most of its key data. A ransom note then appears on the victim's screen indicating they have three days to pay US$300 in bitcoin. The ransom is doubled after three more days and the encrypted files are then reportedly deleted after seven days if the payment is not made.
Within hours of the ransomware being launched, a cybersecurity specialist who blogs under the name "MalwareTechBlog" discovered the code made a query to an unregistered domain name. The specialist quickly registered the domain, initially as part of a process used to track these types of malware. Soon after registering the domain it was discovered that this had unknowingly killed the ransomware, as the domain was coded into the malware as a kill-switch, stopping its spread once it went live.
As expected, in the intervening days, several new variants of the ransomware appeared. Most featured similar kill-switch domains that were quickly blocked, but reports do indicate that new variants with no kill-switch have started appearing. This dramatic attack on the world's computers is by no means over, with organizations bracing for another wave of infections, but how did this even happen in the first place?
Earlier in the year a group of hackers, calling themselves The Shadow Brokers, leaked a large cache of software exploits it had stolen from the National Security Agency (NSA). One of the exploits, called EternalBlue, honed in on a Microsoft Windows vulnerability.
Microsoft flagged the vulnerability and released a patch to fix it a month before the hackers publicly released the exploit data, but a major problem remained. While the security patch covered Windows Vista, 7 and 8.1, Microsoft had ceased support cycles for earlier versions of their popular operating system, including the still widely used Windows XP.
It was here that the WannaCry exploit made its largest impact. Scores of major companies around the world still operate on older Windows systems. NHS hospitals in Britain were hit by the malware; French carmaker Renault was forced to stop production at several sites; ATMs in China went offline; and 18 police units in India had their records frozen.
Microsoft quickly moved on the front foot and issued security patches for older, unsupported systems but the chaos caused many to ask why vital government systems such as the NHS in Britain were still running on an outdated operating system.
An investigation from Motherboard in September 2016 presciently saw this calamity on the horizon and revealed the extent of the problems faced by the NHS in Britain running outdated, unsupported Windows XP systems. Thousands of computers were found to be running on the vulnerable operating system and one hacker group even commented to Motherboard: "We like to imagine even updated Windows XP platforms [are] like an unlocked Honda Civic from the 1980s."
Many large entities still using these old systems obviously can capitalize from cost-cutting measures in not paying Microsoft for updated system support. In 2015 The Guardian noted that the UK government ended its deal with Microsoft to extend continuing support and updates for its Windows XP systems. The agreement was costing £5.5 million pounds per year.
The controversy is already topping British headlines with some pointing out that the underfunding of the Department of Health is what led to it being forced to run such an outdated and vulnerable operating system.
As we move into a rapidly aging digital world this ransomware attack raises a compelling catch-22. No one can reasonably expect a company like Microsoft to continually update old systems but large corporate and government entities obviously don't have the financial or operational resources to maintain updated systems either. Bureaucracy moves especially slowly – is anyone really surprised that many of Britain's hospitals run on a 15 year-old, unsupported operating system?
In a statement from Microsoft's president and chief legal officer, Brad Smith, the finger was explicitly pointed towards governments, particularly the NSA, in holding great responsibility for these exploits in its software being allowed to remain unpatched. Smith writes that it's the government's stockpiling of these exploits, and subsequent leaking, that is causing widespread damage.
In the startlingly frank statement, Smith for the first-time clarified that this exploit was in fact discovered and contained by the NSA, and it was its lack of disclosure of the vulnerability that indirectly caused this catastrophe.
"The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world," Smith writes.
Edward Snowden also reiterated Smith's objections tweeting, "If [the NSA] had privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, this may not have happened."
Many are suggesting a global call to classify these types of cyber-exploits in the same way we consider chemical or nuclear weapons. In fact, in February, Microsoft put out the call to establish what they termed a "Digital Geneva Convention." This would require governments to report these vulnerabilities, instead of sell, stockpile or exploit them.
But where do we go from here?
The WannaCry ransomware catastrophe is not nearly over, and it looks to be the first blast in a new phase of cyberwar that highlights how easy it is to disable such a broad spread of the world's systems. When a small malware ransom is cheaper for an organization than comprehensively updating to new systems and support, you know the world is faced with a major dilemma.
Governments hoarding exploits, hackers stealing them, and the outdated operational systems that keep our cities running are constantly vulnerable.
This latest ransomware catastrophe has affirmed that we have a major problem, but where the solution lies, and whose responsibly it is to fix it, is going to be argued over for some time to come.
Please keep comments to less than 150 words. No abusive material or spam will be published.
As soon as enough systems are using it the hackers will figure out a way to attack it. Same with Apple.
Apple users used to brag it was not hackable. Then it got big enough or the hackers saw a challenge and some were hacked. LINUX will be next in line, especially if big organizations keep using it.
XP was my favorite system. I used it right to the end and will never forgive MS for deserting it. They could have supported it for a fee. Nobody expected free support but they made more money on newer, often bad, systems.
If one group can write an operating system another group can attack it....that is how war is.
The U.S. and U.S.S.R. developed huge nuclear weapons systems. Neither country has ever learned how to fight a smaller insurgency. Cyberwar is a classic insurgency.
During humanity's peaceful, productive & abundant 100s of 1000s of years of 'indigenous' (Latin 'self-generating') period, String-shell (Wampum, Quipu, Cowrie-shell) time-based accounting value systems were based in the 100 person Multihome-Dwelling-Complex (Longhouse/apartment, Pueblo/townhouse & Kanata/village) Domestic 'economy' (Gk 'oikos' = 'home' + 'namein' = 'care-&-nurture') & in Production-Society/Guild domestic, industry & commercial economies. 70% of humanity today live in multihomes. 100 person multihomes provided privacy & proximity for intergenerational, female-male collaboration. Multihomes represent intimate yet powerful critical-mass, economies-of-scale economies doing many millions of dollars worth of domestic caring, healing, feeding, plumbing etc 'business' ('busy-ness') per year. Such collective cultivation of specialized professional capacities meant that everyone young & old, handicapped & abled was born into a large 'corporation' (L 'corp' = 'body') with access to creative-capacities & protections. https://sites.google.com/site/indigenecommunity/relational-economy/extending-our-welcome-participatory-multi-home-cohousing
Everyone was an owner, progressively over the course of their lifetimes from young apprentice to elder master. String-shell integrated: Capital (decision-making), Currency (compensation), Condolence (social-security), Collegial mentored-apprentice education, Math-based communication, Costume of professional identity & other value functions into one integrated accounting system. https://sites.google.com/site/indigenecommunity/relational-economy/8-economic-democracy
While string-shell worldwide, such as Turtle-Island (North-America)'s Wampum, Esnoguay, Seewan, Kayoni etc. was manufactured in major centers such as New-York's Long-Island using the Quahog shells, it was issued in relation to work performed by the Production-Society/Guilds. During the indigenous period such world-system 'money' was the original foundation of 'kingdoms' ('kin' = 'family') as part of a 'fractal' ('building-block' where the 'part-contains-the-whole') intimate to internationalism. With colonial plunder such as the Crusades, 'kings' who were once leaders of their Guilds, perverted 'money' as a universal labour value, to dominate 'community' (L 'com' = 'together' + 'munus' = 'gift-or-service'). Oligarchs analysing this systematic theft, put themselves into the position of controlling the Finance-Media-Education-Military-Industrial-Legislative-Complex. https://sites.google.com/site/indigenecommunity/structure/5-collaborative-language
It is only during the plunder, rape & genocide of the last 7000 years of 'exogenous' ('other-generated') colonialism that; oligarch directed institutional state thieves & murderers have gained control of the world's 'financial' (French 'fin' = 'end' as to 'conclude-deals') metal coin 'money' & other aspects of our economic systems. The anonymity of colonial 'money' & bitcoin is a violent affront to gentle intimate fractal worldwide human 'value' systems. It is time for humanity & bitcoin to grow-up past the inherent violence of anonymous plunder & become intimate fractal responsible systems of mutual-aid, once again. https://sites.google.com/site/indigenecommunity/relational-economy
It would appear rather obvious to me. Too totally obviously not a good idea. If these files are being collected by people who have some sort of understanding about what they are doing, else why are they doing the job, so how is it not reasonable to believe that what we are being told here is not the whole truth of the matter. Indeed a thing called a big fat lie. I say, on the balance of probability, we are being told an obvious, glaring, smack in the face, lie.
So if we are being told a lie why would that be? We can see that what is being magicked up is a 'problem' and if that is so it would be done in order to provoke a 'reaction', of some sort. The reaction is fear, concern that our valuable computers and data within could be harmed causing inconvenience and risking its destruction.
So what is the 'solution' we are being offered simultaneously? Buy new OS for our computers, accept that government must spend vast sums on new IT kit to be able to keep up-to-date and - to every one else - update your computer on a regular basis.
OK so let us wind back here and put this together; we are being played with two of the oldest tricks, 1/. the idea that the government is utterly incompetent so we believe any story if it confirms that notion and 2/. the, so called, Hegelian dialectic: problem, reaction and solution to manipulate the public.
If it was not the NSA I would have a modicum less disbelief but when this 'story' centres around the agency that wants to have its eyes and ears into our every digital correspondence already, I say: come on, really, do you really believe all this piffle.
This was all apparently solved by some 19 year old surfer dude by luck and now he has got a job in government. Yup. And I have got a bridge to sell you buddy.