We just got a glimpse of the near future and it’s not pretty.
It was only a matter of time before a malicious cyber attack wreaked havoc across the world. The fiends who released a particularly destructive piece of malware and infected more than 200,000 computers and systems in 150 countries last week must have been fans of Batman’s nemesis, the Joker. They called their virus WannaCry.
WannaCry was classified as ransomware by the international IT police. Never heard of ransomware? When the unsuspecting victims activated WannaCry by clicking on a phishing email message, all of the data on their hard drives was locked up and they were instructed to make a 300-bitcoin payment to re-access it. The ransom notes were written in 20 different languages.
WannaCry infected a wide swath of systems around the world, mainly in Europe and Russia. In Great Britain, the computer systems of the National Health Service were crippled and several large hospitals shut down, turning away patients trying to get into their emergency rooms. Rail traffic was disrupted in several countries, and work at several automotive assembly plants was halted. Russia’s Ministry of the Interior also was a target, which must have irritated the cybercriminal who runs the country.
The way this attack apparently started and the way it appears to have been ended should give all of us pause.
We’ll start with the latter. WannaCry was stopped in its tracks (at least temporarily) by a 22-year-old researcher in the U.K. who goes by the moniker MalwareTech. MalwareTech, who thus far has declined to identify himself, was examining the WannaCry code when he came across an unregistered domain name. He purchased the domain name for $10.69 and sent it to a “sinkhole” (the web’s version of purgatory), which deactivated it.
It turns out the unregistered domain name was a “kill switch” embedded in the WannaCry code. When the domain name was deactivated, the WannaCry outbreak appears to have halted. Call it a Hail Mary in cyberspace, a lucky break.
Much more ominous is the way WannaCry started. The ransomware was crafted to exploit a vulnerability in the Windows operating system. Here’s where it gets really hairy: the Windows vulnerability appears to have been stolen from a menu of major coding flaws kept in the highly encrypted servers of the National Security Agency’s special cyber warfare unit. The NSA has so many of these hacking tools, they give each one a cool cybername, like “DoublePulsar” and “EternalBlue.”
Last August, a nefarious group calling itself Shadow Brokers announced it was auctioning off highly classified NSA hacking tools. A couple of weeks after this announcement, a long-time U.S. intelligence contractor and an unidentified accomplice were charged with walking out of the NSA and related agencies with 50 terabytes of confidential data. They are suspected of providing the NSA tools to Shadow Brokers.
In April of this year, Shadow Brokers dumped dozens of NSA hacking tools on the web (complaining that there was a tepid response to their online auction). One of these tools was used to create WannaCry.
On Tuesday, after WannaCry had inflicted its damage, a post attributed to Shadow Brokers announced that it was starting a “hack-of-the-month club.” Intelligence experts are warning that WannaCry was not a one-off: they expect other stolen NSA tools to be weaponized and used for anonymous cyber attacks.
Did we mention that the prime suspect in the WannaCry attack is North Korea? Yeah, that North Korea, the totalitarian state led by a nutcase who cuts his hair with a lawnmower and executes the barber if he thinks it’s not perfect. Hydrogen bombs are very expensive, especially if you don’t have enough electricity to power a third of your country.
Here’s the sad part:
As usual, the United States is way ahead of the pack in developing new weapons systems. That’s no surprise. What’s unsettling is that we have a Groundhog Day myopia when it comes to remembering that we’ve seen this movie before and we know how it ends. The bad guys inevitably get the same weapons and we become just as defenseless as they initially were.
The U.S. rapidly is developing an arsenal of offensive cyberwar tools. We’ve already deployed a few (the Stuxnet virus that temporarily crippled the Iranian nuclear program was one), setting off an international arms race in cyberspace.
As the most-connected nation on Earth—with our military command and electric power grid both fully integrated electronically—the U.S. is more vulnerable to cyber attacks than any other country. When it comes to U.S. cyber defense, think DOS 2.0.
Cyber weapons are like chemical weapons in this respect: it’s very hard to use them effectively in combat without killing yourself. When you create them (and especially when you use them), the code inevitably gets out there, ready to come back and attack you.
That loud bell you’re hearing is not the alarm clock in Groundhog Day, but it might as well be. It’s a warning that cyber attacks soon may be as frequent as, well, the scenario played out in Groundhog Day, thanks to a top-secret agency tasked with keeping us safe.