Friday, May 12, 2017

Massive ransomware attack using leaked NSA malware has infected computers globally.

An example of the ransomware WannaCry. Webroot/BBC.

In what may be the largest ransomware attack ever, a massive attack has targeted computers worldwide. BBC. Thousands of computers in almost 100 countries have been hit by the attack. The attack encrypts files on Windows 10 PC's and demands a $300 bitcoin payment in order to unlock the files, with threats to increase the rate as time goes on. In the United Kingdom, the National Health Service (NHS) had it's computers hit as well. Patients were turned away from treatment and surgeries were canceled, which may have resulted in suffering and death. The attacks also hit computers in Russia, Spain and Portugal. A mysterious group of hackers called the "Shadow Brokers" a group that had somehow gotten access to NSA hacking tools. Those tools were released after a ransom was not paid and were apparently used in this attack. 

My Comment:
This is probably going to go down as one of the most effective and devastating cyber attacks in history. The scale of the attack is huge and it seems to be spreading. If you are worried about the attack, make sure your computer is updated as windows had released a patch protecting against the virus. I'm no expert but I keep my updates up to date, so I think I should be safe. 

This attack will also likely kill people. That is fairly unbelievable, but if what the BBC is reporting is true and the NHS had to turn away patients, then people are going to die. It is amazing to me that such critical computers would be left vulnerable to an older attack like this but it guess it's too late to do anything about it now. I am also wondering how a computer virus would lead to the NHS turning people away. 

I'm not sure if the hackers targeted the NHS directly. Given the way this worm works, it would not be surprising if it just hit the NHS by accident. Even if they didn't target them directly though, they are responsible for any deaths that the computer outages may have caused. If we find out who these people are they should be charged with the regional equivalent of manslaughter if someone was denied life saving treatment because of this attack. Any reasonable person would know that releasing malware like this into a hospital service could kill or injure people. My hope is that not too many people were injured or killed in this attack and that any victims get justice. 

I don't know a whole lot about the group that released these hacking tools. The Shadow Brokers are a mysterious group and it is unclear who they are are how they got a hold of these NSA cyberweapons. Indeed, since they have leaked the hacking tools to the general public, they might not have even been the ones responsible for their attack. Their Medium page doesn't have any new updates claiming responsibility for this attack, so we don't know for sure. 

What it does have is interesting to say the least.. The Shadow Brokers claim to be disgruntled Donald Trump supporters who are angry with Trump. Here's a short list of what they are angry with: 

#1 — Goldman Sach (TheGlobalists) and Military Industrial Intelligence Complex (MIIC) cabinet
#2 — Backtracked on Obamacare
#3 — Attacked the Freedom Causcus (TheMovement)
#4 — Removed Bannon from the NSC
#5 — Increased U.S. involvement in a foreign war (Syria Strike)

The post goes on like this and reads like it was written by someone who doesn't speak English as a first language, same as the ransomware notice posted in the BBC article. It's also pretty clear that whoever released it was referencing some pretty hardcore conspiracy theories. They accused Senators Lindsay Graham and John McCain of child molestation and accused Trump of being controlled by Zionists. It is, quite frankly, one hell of a rant, and not one that most Trump supporters would write.

I doubt that the post was written by an actual disgruntled Trump supporter. For one thing, though Trump has some international appeal, I doubt anyone from America, short of a very recent immigrant, would write like that. Indeed, it almost seems like the post was intentionally made to look like it was written by someone pretending to be a Russian pretending to be an American. It was so poorly written that I suspect that someone that could pull off a cyber attack of this magnitude would have better grammar and spelling.

So who are the Shadow Brokers? I know everyone is already blaming Russia for the attack, I am guessing it isn't a state actor though. It might indeed be someone from Russia, acting as a private citizen, but I doubt Russia would want what happened here to happen. Remember, Russia got hit hard with this attack as well. And I am guessing if they had gotten a copy of the NSA's hacking tools, they would have never released them to the general public. They would have kept them for their own use. Keeping them private would allow them to use the tool offensively and they could study it to create countermeasures against it. My guess is that whoever did this attack was probably a "lone wolf" non-state actor.

The real scandal here is that the NSA was able to lose control of their hacking tools. The NSA developed these tools to attack enemy computers but somehow there was a security breach. Either a leaker at the NSA released the tools to the public or someone else hacked into the NSA. Both options are an almost unthinkable breach of security for the NSA and not something that should ever happen, especially after the Edward Snowden leaks, the CIA leaks and the releases centered around the 2016 presidential campaign.

I have always said that the NSA should have more focus on cyber-defense rather than offense. Though I am not expert, I think that it would be a lot easier for everyone if they just focused on preventing these kinds of attacks from happening in the first place. Sure, you lose some offensive options by doing so, but we can't be so vulnerable to these kinds of attacks...

No comments:

Post a Comment