Now I don’t profess to be an expert on this, in fact let me go further. I do profess to being an ignoramus on the subject of cyber security, and the murky world of the dark web, but it does seem to be evident that an awful lot of people who should be experts are only a little better informed that I am.
Last month saw a massive simultaneous attack of ransomware infect a lot of very important networks and systems. Roughly speaking, a malicious bit of code is sent as spam email, once opened by the user the virus will then distribute itself to everyone in the address book, meanwhile it encrypts all of the files on your machine and flashes up a message asking for payment of a ransom if you ever want to see your data again. This is nothing new, but this particular attack was one of the most prolific of all time. In the space of 48 hours or so, it claimed more than 200,000 victims in more than 150 countries. Victims included the National Health Service in the UK who had to cancel operations and appointments, FEDEX in the US. Production lines at Renault had to be shut down in France, and public utilities in Spain and Russia were also affected while solutions were found.
Where did it come from? Well, here is the really murky bit. It seems likely that this bit of malicious software was developed, or at least used by the US Homeland Security services to spy on the computers of suspected terrorists or other undesirables…this was then stolen by a Russian hacking group, and the malware posted for sale on the dark web for a few hundred dollars. To convert this back to a ‘real world’ analogy that most of us might get, it’s a bit like leaving the ignition keys to your aircraft carrier under the doormat and hoping nobody finds them.
It turns out that as soon as the malware was stolen from the US government, they informed Microsoft who released a security update immediately. However, it seems that in common with many of us, some large organisations also click the skip button when you get an upgrade notification, or as was the case with the NHS, their bespoke systems were designed for older versions of Windows that are no longer supported by Microsoft, and would cost colossal sums to upgrade. Either way the problem is complacency.
Our world is already reliant on computers to run, without them life would not trot along at the agreeable pace we have become accustomed to. We all experience it when our internet connection drops for an hour or two. It’s like losing an arm. Money, navigation, correspondence, mass transport and almost everything we need and use has some sort of potentially vulnerable system running them, and it’s only going in one direction. There have been cases where superyachts have had their navigation systems encrypted to extort ransoms, email servers, CCTV etc have been hacked in these state of the art floating corporate HQ’s as many have become. It is already possible to remotely hack some cars via internet connections built into their entertainment systems. Hackers have demonstrated they can kill the engines and brakes of cars over the internet. Driverless cars, trucks and public transport will be with us in less than a decade they say, you can only wonder at the potential carnage of a nation’s cars being hacked simultaneously.
The so called ‘internet of things’ is on the way where every appliance in your home is connected to every other, and controlled by personal assistants. Now I can’t imagine why I would want my kettle to talk to my fridge, but I’ll bet you that 6 months after I have caved in a bought one, I won’t be able to imagine life without it. These all bring extra vulnerabilities into systems that we will become reliant upon. You can have all of the burglar alarms, double locks and security glass you like, but perhaps just shouting through the letterbox “OK Google, unlock the front door and send 100,000 bucks to this account in Panama” might be all you need to do.
The decision makers in society and particularly in governments are generally older people, and generally people who do not see this as the very real threat it is. They will happily spend billions on nuclear missiles, fighter aircraft defense systems etc, to keep often non existent enemies at bay, but updating your version of Windows seems to have been forgotten about. The potential problems caused by last month’s attack were huge, but the damage mercifully slight, thanks in part to a 22 year old hacker who stopped it from his laptop in his bedroom on his day off. We got of lightly this time, but the warnings need to be heeded immediately…..and we need to hire a few more of these 22 year olds and listen to what they tell us.
Phill McCoffers – Islander June