Cy­ber­at­tacks un­der­score the vul­ner­a­bil­i­ties of the dig­i­tal age

New Straits Times - - World - XIN­HUA

HACKERS us­ing ma­li­cious soft­ware stolen from the United States Na­tional Se­cu­rity Agency (NSA) ex­e­cuted dam­ag­ing cy­ber­at­tacks on Fri­day that hit al­most 100 coun­tries, forc­ing Bri­tain’s Na­tional Health Ser­vice to send pa­tients away and freez­ing com­put­ers at Rus­sia’s In­te­rior Min­istry.

The at­tacks amounted to an au­da­cious global black­mail at­tempt spread by the In­ter­net and un­der­scored the vul­ner­a­bil­i­ties of the dig­i­tal age.

Trans­mit­ted via email, the soft­ware locked Bri­tish hos­pi­tals out of their com­puter sys­tems and de­manded ran­som be­fore users could be let back in — with a threat that data would be de­stroyed if the de­mands were not met.

Kasper­sky Lab, a Rus­sian cyber se­cu­rity firm, said Rus­sia was the worst-hit, fol­lowed by Ukraine, In­dia and Tai­wan. Re­ports of at­tacks also came from Latin Amer­ica and Africa.

The at­tacks ap­peared to be the largest ran­somware as­sault on record, but the scope of the dam­age was hard to mea­sure. It was not clear if vic­tims were pay­ing the ran­som, which be­gan at about US$300 (RM1,300) to un­lock in­di­vid­ual com­put­ers, or even if those who did pay would re­gain ac­cess to their data.

Se­cu­rity ex­perts de­scribed the at­tacks as the dig­i­tal equiv­a­lent of a per­fect storm. The con­nec­tion to the NSA was par­tic­u­larly chill­ing. Last sum­mer, a group call­ing it­self the Shadow Bro­kers be­gan to post soft­ware tools that came from the US gov­ern­ment’s stock­pile of hack­ing weapons.

The at­tacks on Fri­day ap­peared to be the first time a cy­ber­weapon de­vel­oped by the NSA and stolen by an ad­ver­sary had been un­leashed by cy­ber­crim­i­nals against pa­tients, hos­pi­tals, busi­nesses, gov­ern­ments and ordinary cit­i­zens.

The US has never con­firmed that the tools posted by the Shadow Bro­kers be­longed to the NSA or other in­tel­li­gence agen­cies, but for­mer in­tel­li­gence of­fi­cials have said that the tools ap­peared to come from the NSA’s Tai­lored Ac­cess Op­er­a­tions unit, which in­fil­trates for­eign com­puter net­works. The at­tacks showed how eas­ily a cy­ber­weapon can wreak havoc, with­out shut­ting off a coun­try’s power grid or its cell­phone net­work.

In Bri­tain, hos­pi­tals were locked out of their sys­tems and doc­tors could not call up pa­tient files. Emer­gency rooms were forced to di­vert peo­ple seek­ing ur­gent care.

Rus­sia’s In­te­rior Min­istry con­firmed that “around 1,000 com­put­ers were in­fected”.

It could take months to find who was be­hind the at­tacks — a mys­tery that may go un­solved.

“When peo­ple ask what keeps you up at night, it’s this,” said Chris Ca­ma­cho, the chief strat­egy of­fi­cer at Flash­point, a New York se­cu­rity firm.

Ro­hyt Be­lani, the chief ex­ec­u­tive of PhishMe, an email se­cu­rity com­pany, said the worm­like ca­pa­bil­ity of the mal­ware was a sig­nif­i­cant shift from pre­vi­ous ran­som at­tacks.

“This is al­most like the atom bomb of ran­somware,” Be­lani said, warn­ing that the at­tack “may be a sign of things to come.”

The hackers’ weapon of choice was Wanna De­cryp­tor, a new vari­ant of the Wan­naCry ran­somware.

Hours af­ter the Shadow Bro­kers re­leased the tool last month, Mi­crosoft as­sured users it had in­cluded a patch for the un­der­ly­ing vul­ner­a­bil­ity in a soft­ware up­date in March.

But Mi­crosoft would not say who had tipped it off. Many sus­pected that the US gov­ern­ment had told Mi­crosoft, af­ter the NSA re­alised that its hack­ing method ex­ploit­ing the vul­ner­a­bil­ity had been stolen.

Pri­vacy ac­tivists said if that were the case, Wash­ing­ton would be to blame for the fact that so many com­pa­nies were left vul­ner­a­ble to Fri­day’s at­tacks.

“It would be deeply trou­bling if the NSA knew about this vul­ner­a­bil­ity but failed to dis­close it to Mi­crosoft un­til af­ter it was stolen,” Pa­trick Toomey, a lawyer at the Amer­i­can Civil Lib­er­ties Union, said.

“These at­tacks un­der­score the fact that vul­ner­a­bil­i­ties will be ex­ploited not just by our se­cu­rity agen­cies, but by hackers and crim­i­nals around the world.”

Dur­ing the Obama ad­min­is­tra­tion, the White House cre­ated a process to re­view soft­ware vul­ner­a­bil­i­ties dis­cov­ered by in­tel­li­gence agen­cies, and to de­ter­mine which should be “stock­piled” for fu­ture of­fen­sive or de­fen­sive cyber op­er­a­tions and which should be re­ported to the com­pa­nies so that they could be fixed.

Last year, the ad­min­is­tra­tion said only a small frac­tion were re­tained by the gov­ern­ment.

But, this vul­ner­a­bil­ity ap­peared to be one of them, and it was patched only re­cently, sug­gest­ing that the NSA may have con­cluded the tool had been stolen and there­fore warned Mi­crosoft.

But that was clearly too lit­tle, and far too late.

Hackers took ad­van­tage of the fact that vul­ner­a­ble tar­gets — par­tic­u­larly hos­pi­tals — had yet to patch their sys­tems, ei­ther be­cause they had ig­nored ad­vi­sories from Mi­crosoft or be­cause they were us­ing out­dated soft­ware that Mi­crosoft no longer sup­ported or up­dated.

The mal­ware was cir­cu­lated by email. Tar­gets were sent an en­crypted, com­pressed file that, once loaded, al­lowed the ran­somware to in­fil­trate its tar­gets.

The fact that the files were en­crypted en­sured that the ran­somware would not be de­tected by se­cu­rity sys­tems un­til em­ploy­ees opened them, in­ad­ver­tently al­low­ing the ran­somware to repli­cate across their em­ploy­ers’ net­works.

Em­ploy­ees at Bri­tain’s Na­tional Health Ser­vice had been warned about the ran­somware threat ear­lier on Fri­day. But it was too late.

As the dis­rup­tions rip­pled through at least 36 hos­pi­tals, doc­tors’ of­fices and am­bu­lance com­pa­nies across Bri­tain, the health ser­vice de­clared the at­tack a “ma­jor in­ci­dent”, warn­ing that lo­cal health ser­vices could be over­whelmed.

Bri­tain’s Health Sec­re­tary Jeremy Hunt was briefed by cyber se­cu­rity ex­perts, while Prime Min­is­ter Theresa May’s of­fice said on tele­vi­sion that “we’re not aware of any ev­i­dence that pa­tient data has been com­pro­mised”.

As the day wore on, com­pa­nies across Europe, Asia and the US dis­cov­ered that they had been hit with the ran­somware when they saw mes­sages on their com­puter screens de­mand­ing US$300 to un­lock their data.

The crim­i­nals had de­signed their ran­somware to in­crease the ran­som amount on a set sched­ule and threat­ened to erase the data af­ter a pre­de­ter­mined cut­off time, rais­ing the ur­gency of the at­tack and in­creas­ing the like­li­hood that vic­tims would pay.

With­out the abil­ity to de­crypt their data on their own, se­cu­rity ex­perts said vic­tims who had not backed up their data were faced with a choice: Ei­ther live with­out their data or pay. It was not clear how many vic­tims ul­ti­mately paid. They ad­vised com­pa­nies to im­me­di­ately up­date their sys­tems with the Mi­crosoft patch.

“We’ll see copy­cats, and not just for ran­somware, but other at­tacks,” Ca­ma­cho said. Agen­cies

It would be deeply trou­bling if the NSA knew about this vul­ner­a­bil­ity but failed to dis­close it to Mi­crosoft un­til af­ter it was stolen.

PA­TRICK TOOMEY Lawyer, Amer­i­can Civil Lib­er­ties Union

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.