Like a chapter from some cheesy spy novel, the story behind the global “WannaCry” ransomware attacks that began in Europe May 12 is so incredulous that many people will refuse to believe it. Yet, an obstinate refusal to acknowledge the dangers of the Internet is why so many people have built houses of straw on foundations of sand, giving the Internet bad guys the unprecedented success they now enjoy.
“Ransomware” is nothing new. I first wrote on the subject for the Transcript in January 2015, in a column titled, “Holding Computers Hostage: Pay up or else.” Ransomware shows up like most other computer viruses and the like; you are somehow tricked, usually by an email or infected website, into clicking on the wrong thing, and mayhem ensues.
Victims quickly discover all their personal files have been encrypted, locked away, and the originals deleted. Documents, videos, pictures, songs, emails and spreadsheets are all unavailable, literally kidnapped and held hostage by Internet crooks until the victim pays an expensive ransom.
What makes the WannaCry (also known as EternalBlue and WannaCrypt) ransomware attack especially creepy is its origin: the National Security Agency of the United States of America. Few people realize the NSA harbors some of the most talented hackers in the world, and that for years the NSA has been stockpiling a mind-boggling arsenal of viruses, trojans, and other nasty computer-destroying software tools. Like it or not, the NSA has turned these tools into cyberwarfare weapons of mass destruction.
While NSA super-hackers have invented many of their online weapons in-house, much of the NSA’s cyber arsenal has been purchased with cash on the global underground cyberarms marketplace. Just like there are international arms dealers selling rifles, rocket launchers and tanks to any government or paramilitary group with the money to pay, there are also black market software mercenaries peddling hack attack weapons called “exploits” to all comers. The NSA has a long-standing reputation as one of the world’s major exploits buyers.
This is all well and good, I suppose, if you are an American and you want your side to win. Every other country in the world is trying to hack their online enemies into oblivion, with the order of the day being, “hack, or be hacked.” We have the most powerful military in the world; why shouldn’t our Internet cyber warriors be the best-equipped, too?
That’s great, if you can protect your cyber arsenal from online spies and marauders. Unfortunately, events have proven that we can’t. As it turns out, our “national security” isn’t nearly as secure as it should be.
Spies inside the CIA stole and then dumped a huge cache of hacking exploits on the open Internet last March for anyone who cared to download them. Prior to that, in August, 2016, the NSA discovered a criminal group called The Shadow Brokers had raided its databases, and it is the continuing fallout of that massive theft that is manifesting itself in today’s WannaCry ransomware crime spree.
Many hacking tools are called “exploits” because they exploit a bug, flaw or programming mistake in a particular piece of computer software. Someone discovers a flaw in a particular program or section of computer code, and figures out how to “exploit” that flaw to cause the computer to behave in an unintended way. “Exploits” often result in an attacker (the manipulator of the flaw) gaining complete control of a computer or network, and using that power to rob their victims.
The particular exploit being used to facilitate the WannaCry ransomware attack has been named EternalBlue (who thinks up these names is anyone’s guess), and leverages a programming flaw in a program written by Microsoft called Server Message Block (SMB). Microsoft released patches to fix the problem two months ago, on March 14. People who keep their Windows computers updated and patched are not at risk. Windows 10 computers are also immune to the current attack.
Were it not for the hundreds of thousands of computers in Europe, China and Russia which were not updated and, as a result of their neglect, severely hacked and messed up, WannaCry would be just another blip on the hacking landscape.
Sadly, WannaCry is a major catastrophe, rather than a minor blip. Twenty percent of the British healthcare establishment was knocked offline. Critical files were held hostage, and many people suffered substantial health problems that could have been averted. These are exactly the kind of consequences that patches and updates are designed to prevent. That anyone, viewing today’s Internet threat landscape, could even attempt to justify their failure to keep their computer systems safe, really sticks in my craw.