Home » Uncategorized » If Wannacry cyber attack didn’t make you wannacry, the next one will!
            

If Wannacry cyber attack didn’t make you wannacry, the next one will!

Anti Virus 777 at English Wikipedia [GFDL (http://www.gnu.org/copyleft/fdl.html) or CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons

The Wannacry malware that hit like a global mega-bomb, showed everyone how vulnerable we are to a global cyber attack. Billed as “one of the largest global ransomware attacks the cyber community has ever seen,” the infection started in London and then emerged almost instantly in Seattle, New York, and Tokyo. Within ten minutes, the coordinated attack became epidemic throughout the world, covering the better part of every continent but Antarctica. By the end of one day, the malware had infected over 200,000 computers in 150 nations, encrypting all their data and locking the users out.

While the attackers demanded a ransom in order to free hostage computers, the small number of companies that paid the ransom required for unlocking the encryption did not get their data back, raising a question of whether the primary goal was really money or mayhem. (If primary goal was making a lot of quick money, it would make more sense to quickly release data so that more companies would be inclined to pay the ransom, seeing that payment solved the problem.)

This was a cyber attack equal in scale to something Dr. Evil would create or some Bond villain would use to collect ransom from the entire world … or to control the world. This time, it didn’t win, but there are some interesting reasons why as you did deeper.

Top levels of governments ordered emergency meetings to try to quickly understand and stem the spread of this very destructive piece of warware. A solution emerged quickly because an anonymous British researcher discovered the virus was built with a kill switch. With each infection the virus would check to see if a particular website was running and issuing a kill command. If no command, the virus would begin its mission of destruction. The researcher discovered the website, which was dormant, and activated it, slamming the brakes on global destruction. This bought time for people to apply Microsoft’s patch before the attackers could launch a modified version of the virus. Furthermore, the destructive code was only able to infect computers that had not upgraded with the latest Microsoft patch; so damage was hugely mitigated.

Even so, ATM’s and gas pumps in China went dark, as did Chinese government and university computers. Hospitals in the UK shut down. Forty-five facilities were affected, forcing cancelation or delay of some medical treatments. Nissan’s plant in the UK got hit. French automaker, Renault, stopped production in order to stop spread of the virus. Spain’s Telefónica and Russia’s communications giant, Megafon, got hit. Russia’s central bank and government agencies received “massive” attacks, which Russia claimed were successfully overcome.

The latest data I saw showed 370,000 computers infected and locked up, but that didn’t appear to include less available information from China. The damage is still unfolding, though greatly slowed; but a second variant began spreading across the globe on Tuesday, and other variants may emerge.

 

Epidemiology of the viral attack — North Korea suspect

 

The New York Times reports that the ransomware hack appears to have originated from North Korean sleeper cells.

 

Since the 1980s, the reclusive North has been known to train cadres of digital soldiers to engage in electronic warfare and profiteering exploits against its perceived enemies, most notably South Korea and the United States…. When the instructions from Pyongyang come for a hacking assault, they are believed to split into groups of three or six, moving around to avoid detection…. Security officials in South Korea, the United States and elsewhere say it is a well-known fact that the North Korean authorities have long trained squads of hackers and programmers, both to sabotage computers of adversaries and make money for the government, including through the use of ransomware — malicious software that blackmails victims into paying to release seized files…. Choi Sang-myung, an adviser to South Korea’s cyberwar command and a security researcher at Hauri Inc., said that the arithmetic logic in the ransomware attacks … is similar to that used in previous attacks against Sony Pictures and the Swift international bank messaging system — both of them traced to North Korea. (NYT)

 

Of course, The New York Times has been saying for months that Russia hacked DNC emails and interfered with US election without yet coming up with a shred of solid evidence or producing sources willing to go on record. It’s also fairly simple to create a decoy to the actual origin of attack. If it’s true, however, it underscores North Korea’s desire to create random destruction and financial loss indiscriminately throughout the world and its ability to do so.

The NYT points out several other attacks around the world in recent years with similar signatures that pointed back to North Korea and to the fact that these attacks often happen at the same time as a North Korean missile or nuclear test. Unlike the tests, however, these attacks would be considered actual acts of war if they could be definitely pinned on some national government. They created financial destruction, in the very least, by setting companies back with lost data and lost time in recovery. They pillaged by collecting ransoms. In the past, they have stolen data and then used it to damage a company, as happened with Sony Pictures.

As Microsoft’s president and chief legal officer, Brad Smith, wrote on his blog …

 

An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.

 

I’d say that is an understatement because Microsoft has no desire to officially intensify concerns about the security of its operating systems.

China, North Korea’s neighbor, where it is believed many of the sleeper cells have been planted, got hit the hardest. China said 30,000 Chinese organizations were infected and hundreds of thousands of computers. That could be due to China taking sides with President Trump and pressuring North Korea on its nuclear weapons development, or the larger-scale assault in China could be far less nefarious. China is the motherland of pirated software, and pirated Microsoft software does not get security upgrades, making it more vulnerable to such attacks. China may have only been hit the hardest because such is the vulnerability of a sleazy economy built on pirating just about everything.

The fact that the lines connecting all the hacks to North Korea — or more importantly to the North Korea government — remain a little fuzzy may keep nations from retaliating against what would be acts of war if they were known to be government actions.

The fact that ransom seems to have played a very small roll in a very large “ransomware” attack begs the question as to whether this was a government operation masquerading as a ransom attack. Was it North Korean revenge for Trump’s tough stance and China’s capitulation, or was it a US false-flag test of the effectiveness of a global attack, designed to disparage North Korea at the same time and to be cut off before any great damage was done? The presence of a single kill switch that could shut the whole thing down is a fail-safe that implies an operation by a group or nation who wanted to make sure the virus could be stopped. Who of all highly computerized nations was damaged the least?

While the latter is more intriguing (in the most heinous sort of way), Occam’s Razor says the simplest answer is most likely the right one. I personally find it hard to believe the US government would be that reckless with its allies, but it is an outside possibility. The US is, regardless, seriously culpable, even if it did not launch the attack.

 

US Origin of the viral agents

 

While North Korea may have launched the viral attack, the origins of the virus’s development go much deeper and do appear to come home to rest in the US.

Microsoft sought to shift blame to the US government for “stockpiling code” that can be used by malicious attackers. What they didn’t say is what we have known since Edward Snowden’s revelation, which is that software corporations in cooperation with the US government, including Microsoft, have built hatch doors into their code for US intelligence agencies to use.

The Swiss-cheese-like holes built throughout software systems and networks for backdoor access by the US government allow the government to sniff through or shut down systems all over the world for the sake of national security. However, as was more recently revealed by Wikileaks, these security measures have a very insecure downside: once the hatch doors are known by hackers, there is nothing to stop ordinary hackers from sliding the bolt and getting in through those same doors, which gives ordinary hackers extraordinary powers.

The problem, however, lies even deeper in the machinations of the US government than just getting software manufacturers to build back doors into all your personal computing devices. The US government’s software designed to exploit those back hatches is now available to the entire world. What we have here is leaked warware:

 

The attacks on Friday appeared to be the first time a cyberweapon developed by the N.S.A., funded by American taxpayers and stolen by an adversary had been unleashed by cybercriminals against patients, hospitals, businesses, governments and ordinary citizens….

Former intelligence officials have said that the tools appeared to come from the N.S.A.’s “Tailored Access Operations” unit, which infiltrates foreign computer networks. (The unit has since been renamed.) The attacks on Friday are likely to raise significant questions about whether the growing number of countries developing and stockpiling cyberweapons can avoid having those same tools purloined and turned against their own citizens….

The attacks on Friday are likely to raise significant questions about whether the growing number of countries developing and stockpiling cyberweapons can avoid having those same tools purloined and turned against their own citizens. (The New York Times)

 

Snowden, seeing the grave danger posed by the NSA’s spying and irresponsible nature, tweeted, “Whoa: @NSAGov decision to build attack tools targeting US software now threatens the lives of hospital patients,” indicating it was a leaked NSA cyberwar tool, created by the NSA which attacked the UK’s hospital system…. “Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost.” (The Free Thought Project)

 

I would suspect the deeper reality is that the hole in microsoft’s software was not one some government “found,” but was one of those hatches built in by government demand. When the government’s software for exploiting that patch became public domain, either the government or Microsoft decided to make the ready antidote (their patch) immediately available.

Russia, Snowden’s sanctuary, has blamed the United States’ National Security Agency, saying it is NSA software that was leaked out of US control via Wikileaks that was used to create the Wannacry attack. The NSA, in masterminding and then letting leak its own black software, has placed the power of cyberwar in an unquantifiable number of unknown hands with unknown intentions. It’s really no different than if the US let weapons-grade nuclear material slip into the hands of terrorists.

Here’s an even more apt comparison: The concern over government engineered computer viruses escaping and infecting the general population of computers is similar to the concern in past years over government-engineered living viruses, designed for germ warfare, escaping and infecting the general population.

Now, take this warware security risk one step further. What kind of international crisis might be created if a US biological weapons virus escaped containment and broadly infected the world? Turn the question a little: What kind of international crisis might be created if a US computer virus broadly infected the world?

We saw this kind of problem emerge from the Stuxnet virus that the United States and Israel developed jointly to destroy centrifuges in Iran in order to stall its nuclear development during negotiations. Later, elements of that virus appeared in destructive code use for lesser attacks all over the world.

 

“This is almost like the atom bomb of ransomware,” Mr. Belani [chief executive of PhishMe, an email security company] said, warning that the attack “may be a sign of things to come.” (NYT)

 

You see, this is really warware — powerful destructive government cyber weapons that can be used equally for spying or for infecting and destroying enemies — slipping into the hands of enemies around the world. When the US designs biological viruses for war, it also creates antidotes to its human-engineered destruction for its own population or to limit collateral damage to friendly nations. And THAT is most likely why the solution to this massive attack came so quick with patches already available and being distributed.

Thanks to the US government’s inept security of its darkest software in inadvertent partnership with Wikileaks, more than a dozen government spying and hacking programs have been made generally available to the entire world, and Apple, Microsoft and others have been rapidly issuing security updates.

Snowden asks,

 

If NSA builds a weapon to attack Windows XP—which Microsoft refuses to patches—and it falls into enemy hands, should NSA write a patch?

 

I ask a bigger question: “IF NSA builds such a weapon and it falls into enemy hands bringing death and financial destruction around the world, should the USA be held responsible to pay for all the damages? Should the entire world hold it guilty? This is the potential level of risk we’re talking about. If you create the destructive engine exploited by hacker’s viruses and let it get away, aren’t you as liable as you are if you engineer a viral disease and let it escape into the world, killing off millions of people? The hospital situation in the UK shows how people can actually die because of this kind of weaponry.

The NSA is clearly inept at policing its nuclear-size cyberweapon stash. It has allowed small and formerly insignificant people like Edward Snowden, hired through contracted services, to leak out vast amounts of information about its work. It has allowed large amounts warware to get to Wikileaks and from there to all evil hands in the world that want it. This is cyber-nuclear proliferation that all appears to have happened due to NSA security breaches. Imagine if it were actual nuclear material or highly contagious incurable germs. We’d be demanding that heads roll for such repeated loss of control.

 

Even the US is vulnerable to attacks by its own weaponized viruses

 

This was our shot over the bow. In this case, the weakness in the software that was exploited was already known and the patch had already been made and was even in place on most computers. Thus, the damage was limited. Think of how this attack — extensive as it was — would have been exponentially worse, had the vulnerability in Microsoft’s operating system and the solution not already been in place as well as readily available to those who were delinquent in upgrading.

The United States has known about this kind of vulnerability for years, and it has been reported for years but we are still built on infrastructure that is widely vulnerable to attack. While we may have antidotes that can be released as patches if we know a computer virus or software engine used to make a virus work has slipped out, our infrastructure remains vulnerable to all kinds of attack agents that other nations are making that we may know nothing about.

We can see that in the government’s response to last week’s cyber attack:

 

President Trump ordered the federal government to prepare for a devastating cyber attack against America’s electric grid amid growing fears foreign states are set to carry out attacks aimed at plunging the nation into darkness.

A presidential order signed Thursday directed key federal agencies to assess preparations for a prolonged power outage resulting from cyber attacks designed to disrupt the power grid.

An assessment of the danger must be carried out by the Energy Department, Homeland Security, DNI and state and local governments to examine the readiness of the United State to manage a shutdown of the power grid. The assessment will also identify gaps and shortcomings in efforts that would be used restore power.

New cyber security measures outlined in the executive order come as the commander of Cyber Command warned two days earlier that America’s critical infrastructure is vulnerable to disruption by foreign cyber attacks. (The Washington Free Beacon)

 

Now that it’s obvious that small malicious powers in foreign nations already have NSA/CIA-level malware that is already being used to shut down computers all over the world, do you really think the government is going to resolve the vulnerabilities of our energy systems, transportation systems, communications systems, financial systems, and government data systems, before some malicious group or nation (like North Korea or Iran) manages to create much more mayhem than was accomplished this time?

In 2015, China stole 22 million records of federal employees, including sensitive personal data. Therefore, we know the government has already had two years to prepare; so, why are we just seeing new orders go out to analyze our points of vulnerability to hacking and viral attacks? This year has become all about accusations that Russia created a cybercoup and overthrew the US election to install its own Manchurian candidate or just to mess us up with confusion.

Apparently, we’d rather pile up national debt on more desirable (as in fun or feel-good) things than cyber security or on more conventional weapons.

 

Wannacry is a sign of things to come

 

Wannacry is a warning shot over the bow. A much more extensive viral infection could shut down the world in one day tomorrow or next week if it exploits parts of Microsoft’s OS that Microsoft hasn’t yet patched, and if the back door is that allows the virus to be shut down is not as obvious as this one was or if it has now back door that is intended as a kill switch. Financial systems (both stock markets and banks) could be wiped out in a day, triggering the need for an immediate global financial reset.

Imagine if your bank got locked out by ransomware from all of your financial data, so they couldn’t even tell you are their customer and couldn’t even access their backup data. The bank would have no record of how much money you have in the bank. Then imagine no one really intended to collect any ransom at all — so there was no opportunity to retrieve the data. Instead, the virus simply destroyed it to wreak havoc in the world or to destroy the world’s superpower.

This is where you might want some of you money to be held in physical gold. I don’t sell gold, but I do have a link in the left sidebar to a company that can help you reset your retirement funds to hold physical gold and other physical assets if you are so inclined.

 

  • Auldenemy

    I would dearly like your views on crypto currencies David (BitCoin now close to $2,000 per, ‘coin’) appears to be in some kind of Tulip like mania. I see others like Ether, Ripple, Iota, etc etc are also trading at what seem absurd highs. I am not a computer geek. I am too old (in my youth we still used pen and ink). So, maybe I am too old to get this crypto rage. It is puzzling me because I don’t understand how a cyber unit, existing only inside a computer, can be valued at $2,000! How can something that isn’t tangible and can be hacked or obliterated by a virus be worth that amount of money? I also note that with this recent, global scale computer virus that the ransom demand was in the form of a crypto currency (as of course such a ransom can’t be traced). So that surely shows how this computer money can, and is, being abused. I know the reasons it was invented (to escape Banksterville) but apparently it is being used primarily by very rich Chinese business people as a way to hide ill gotten gains, also escape the devaluing Yuan and restrictions on how much money they can officially move out of the country. Apparently Japanese housewives have also become obsessed with BitCoin. It just seems ridiculous and is taking on a life of its own, and one that has too many dark sides. I find it odd that Banksterville and its government puppets around the globe are just standing back and letting this crypto mania carry on. Look how Banksterville controls gold and silver with their endless bits of invented paper gold and silver. So if gold and silver are such a threat to Banksterville’s monetary control over us, how come crypto currencies aren’t?

    Multum In Parvo

    • I confess that I have never understood Bitcoin. It makes no sense to me that people solving hard math problems is somehow a coherent basis for anchoring a currency. The fact that is all done over the internet to me has always made it highly vulnerable to hacking.

      As you say, the recent rate of rise looks like tulip mania. In other words, it is effectively a ponzi scheme, the only difference being that tulip mania is the same effect without the scheme behind it. People start irrationally bidding something up, and that works so long as the euphoria can keep sucking in a new round of buyers, but there is no underlying value; so, once you hit the top tier of buyers, the whole thing almost instantly implodes.

      The fact that the ramp up has just taken its first severe shakes may mean the mania has reached that final summit of manic buyers.

      It is not a currency I would ever trust, but I wish I had realize the mania that would ensue back when I could have only invested $100 and seen that turn into about $70 million today. I’ve just read a couple of article about it, and the real value just is not there to support the rise.

      Here’s a good one: http://thedailycoin.org/2017/05/25/math-heres-rational-analysis-99-current-bitcoin-owners-will-never-able-sell-bitcoins-anything-close-imagined-current-value/

      Like a ponzi theme, tulip mania (or alpaca mania) rises until the last fool jumps in. At that point it takes very few people trying to turn their gains into cash to crash the whole thing because there are no new supporters to cash them out. Are we there yet? I don’t know.

  • Auldenemy

    Who ever did this is utter scum. That NSA created this computer virus means the USA should be held responsible for this mass, cyber global attack. Here in the UK we had 45 hospitals having to close their doors to all but emergency cases (in fact even some of those had to be taken to other hospitals, risking lives by ambulances having to take critically ill patients to hospitals in other areas). Many patients had operations cancelled (some of them in high degrees of pain) and many cancer patients were unable to get their scheduled chemotherapy treatment. Not only hospitals but many GP practices were affected and had to stop accepting appointments unless urgent.

    This is one deeply horrible world we are turning into. NSA should be hauled over the coals for this and be told it will be shut down if it continues to produce computer viruses in the name of, ‘Defence’ and, ‘US Security’ which in fact end up in the hands of lunatics who don’t care how many human lives they mess with or even destroy by using computer viruses to cause havoc to vital areas of any nation, one of them being the health care systems of countries around the globe.

    • Well said, Auld. Other nations need to try to pressure America, too. If a nation is going to create nuclear warheads, it has an obligation to the world to safeguard nuclear material in the most stringent ways. So, as I’ve written, if the nation is going to create nuclear-level computer viruses and security breaches via backdoors in software, it has the same obligation to safeguard those.

      Fortunately, the first massive breakdown in NSA security was Edward Snowden who seems to have shared no files that damaged us or the world (unless he was the source of this more recent viral/hacking/spying/cyberwar software (for which I’ve coined the name “warware” to lump it all together) that Wikileaks recently released). Thus, before the damaging stuff came out, we, at least, got to know who the source of it would be, what was done with it, who was spied on with it, and somewhat how it worked.

      How stupid, however, that the government trusts such programs into the hands of contractors. It’s one thing for contractors to make equipment, another for them to staff and oversee operations. You can be sure that was a lame Republican idea because they have this religiously held notion that all government should be contracted out. Contractors, however, look for ways to cut corners in order to beef up profits — a concern government doesn’t have to worry about.

      –David

      • Spatial Memory

        Well said? After squandering such an economically tumultuous week with INCREDIBLY volatile capital market machinations and ramifications, the complete obliviousness towards current potentially tradable wicksellian economic dislocations and focus on such an obscure and extraneous past event(s) on a macroeconomic blog may as well be known as – The Great Digression.

  • Spatial Memory

    Whether you subscribe to Classical Economics, Keynesian Economics, Neoclassical Synthesis, Neo-Malthusia, Marxism, Laissez Faire Capitalism, Market Socialism, Monetarism, Austrian Economic therory, etc. the current week provided a plethora of current and forward looking ECONOMIC data, incredibly significant anecdotal events, capital markets reacted with the most divergence and volatility seen in months and recyclabled cybersecurity industry spin is the only article on a macroeconomic blog.

    🙁

  • Chris P

    Dave
    Very good article and only mentioned Trump once or twice with only a passing interest. I always enjoy your blog just messing with you. Great article and I’m sure like you say this is just the beginning.