Wake-up call
WannaCry shows why India must take cyber security seriously
The ransomware attack, which started on Friday, offered a taste of the potential damage and disruption that could occur in a full-blown cyber war. The Wanna Cry program infected some 200,000 systems across 150 nations. Although the propagation of WannaCry has been halted, new deadlier versions are reported to have been released. In April, a group that called itself ShadowBrokers stole some programs from America’s NSA and released the code. One of those programs, EternalBlue, was a cyberwar tool designed to exploit a weakness in Microsoft’s Windows Operating System. Although Microsoft issued a patch for that weakness in March, legacy OS like Windows XP and Windows 8 were not supported. MS released an emergency patch on Saturday for these legacy systems.
Eternal Blue is a worm. Once it infects a machine, it copies itself into other machines on that network. The program encrypts data on affected drives, making those PCs unusable.Someone tweaked the code and turned it into the Wanna Cry ransom ware, which is a malicious software that locks one’s computer or network until money is paid, at which point the cy ber criminal provides a code to unlock the system. If the ransom is not paid within a set time frame, data are wiped out. On Friday, affected machines displayed a message demanding the equivalent of $300 to be paid in the digital currency, bit coin, to de crypt data. A British researcher who calls himself “Malware Tech” discovered a kill-switch and hit it. The kill-switch was designed to prevent WannaCry being analysed. Security researchers normally shutdown internet access when they an alyse mal ware. Every copy of Wanna Cry was coded to try to reach an “unregistered domain” — an internet address not owned by anyone. Querying an unregistered domain results in a specific message. WannaCry was designed to stop working if it did not receive that specific message, and it is easy to send out a new variation of Wanna Cry without a kill-switch; indeed, this has already happened.
The attacks disrupted a variety of systems. The British National Health Service was hit, German train schedules were disrupted, Russia’s home ministry computers were encrypted, Chinese petrol pump payment systems stopped functioning, and factories owned by Nissan, Renault and Hitachi went down. The Spanish telecom system and gas utility were affected. FedEx’s operations were disrupted.
India, too, saw some infections, though these were restricted to the Andhra Pradesh police network, some state government offices in Kerala, and Nissan’s Chennai plant. The Computer Emergency Response Team of India (CERT-In) has issued advisories and some ATMs are said to have been shut down. While this is good news, there is no guarantee that the second wave will not hit India hard. Indeed, many Indian machines have dormant infections from the first attack and may face serious threats. More generally, this could trigger future copycat assaults, targeting public cyber infrastructure. Given the drive towards Digital India, systems such as the Aadhaar database, the banking/credit card system, and tax networks are all obvious targets.
One great advantage of cyber warfare is the deniability of actions by state actors, which makes it very tempting in an asymmetric conflict. While there is no way to completely secure cyber infrastructure, adequate disaster management and recovery systems must be put in place to ensure quick recovery if public services are targeted in a cyber attack. Moreover, CERT-In and other agencies need to set up systems for rapidly informing the public about mitigation measures in such situations. Given that train and plane services are very computer-driven, cy ber attacks can be more dangerous than any gun-toting terrorist. Wanna Cry could be considered a dress rehearsal for something more dangerous on an even larger scale.