Governments and business leaders around the world, initially taken aback by the WannaCry ransomware attacks, are scrambling to contain the contagion before it can acquire epidemic proportions. Investigators are hinting at the involvement of the Lazarus Group, which many researchers have identified as a hacking organisation run by North Korea.
Ironically, these attacks took place when security vendors were predicting a decline of both ransomware and Windows exploits in 2017, even though ransomware exploded into a billion-dollar industry in 2016. WannaCry is a worm, so called because of its ability to laterally move across organisational networks without human intervention. It was released days after a hacker group called the Shadow Brokers published a trove of NSA hacking tools and zero-day exploits targeting Windows systems.
What we are seeing in the cyber-world is a contorted version of reality, influenced by powerful governments alongside their technology cohorts which provide fake assurances to honey-trap gullible users.
The exploit used in the attack, called Eternalblue, was drawn from a vulnerability in a file-sharing service present in all types of Windows machines. Microsoft's President Brad Smith blamed the NSA for stockpiling vulnerabilities without responsibly disclosing them to the company.
In January this year, the Shadow Brokers announced the sale of exploits for Windows and, subsequently, released the cyber weapons in April. By then, Microsoft already had patches for all the exploits, including Eternalblue, even though the hacker group had revealed nothing about Eternalblue in its initial announcement.
What is clear is this: we are all links in a chain, and lack of ethical practices by one nation is sufficient to deface another.
There are several reports that point to government backdoors in popular software and hardware. This has negative consequences for society –loss of privacy through mass surveillance erodes trust between the citizens and the state, and changes the texture of relationship between them.
A Vulnerabilities Equities Process (VEP) was established by the US government in 2008 to carve out a course of action when a zero-day exploit was obtained—whether to responsibly disclose to enable corrective action, or to withhold it for law-enforcement and intelligence gathering.
In December 2013, the US President's Review Group on Intelligence and Communications Technologies released a report, which established that the government should not exploit zero-days unless there is a clear need to retain the exploit for national security. This came about as the review group felt that the disclosures were not happening to the degree required.
The recent ransomware attacks are an example of glaring violation of these policies that culminated in the abuse of basic human rights of consumers around the globe. What we are seeing today in the cyber-world is a contorted version of reality, influenced by powerful governments alongside their technology cohorts which provide fake assurances to honey-trap gullible users.
[W]e users need to use discrimination while revealing ourselves in the cyber-world. Social media and smartphones are just another honey trap. Remember, everything you do is recorded.
I often wonder if all of us are under a continuous tactical attack—one that includes practices such as infiltrating systems and software, targeting consumers and their privacy, and obliterating net neutrality. The governments, having violated all moral norms of civil conduct and accountability, have allowed the Dark Web to flourish, even providing monetary remuneration for its services.
Today, cheap ransomware (and other malware) exploits are being offered as a service for a small fee to cyber-criminals, as they allow for a quicker payout than stealing credit card numbers or other personal information. Anonymous currencies such as Bitcoins provide the blanket to make financial transactions without the risk of getting caught.
What is clear is this: we are all links in a chain, and lack of ethical practices by one nation is sufficient to deface another. Collective action is required to provide digital security and privacy. Nations need to work in tandem to set up and enforce transparent operating policies which respect the privacy of citizens. At the same time, we users need to use discrimination while revealing ourselves in the cyber-world. Social media and smartphones are just another honey trap. Remember, everything you do is recorded.
