Featured

Fallout from IT outages reflects human reliance on technology

Thousands of institutions around the world were subject to a series of “WannaCry” ransomware attacks over the weekend of May 12, causing data to be encrypted with a claim for payment. The ransomware virus brought computer systems from Russia to China to the UK and the US to their knees, reflecting just how much modern human societies rely on technology to function.

The world is steadily becoming increasingly digitally-reliant which requires consistency, particularly when the integrity of a high-profile company is at stake. But the consistency of technology is never full-proof because there will always be groups or an individual trying to manipulate technology for their benefit, and sometimes technology just doesn’t play up to our high expectations.

With just a few clicks, over 200,000 computers in 150 countries were affected by the May 2017 WannaCry ransomware attack, with victims including hospitals, banks, telecommunications companies and warehouses. Victim’s computers, once infected, displayed a message demanding the equivalent of around $300 in bitcoin, according to reports. The four most affected countries were Russia, Ukraine, India and Taiwan, said Kaspersky Lab.

The attack swept across Europe and Asia, locking up critical systems like the UK’s National Health Service (NHS), Spanish telecommunications firm Telefónica, and other business and institutions around the world. Telefónica faced an 85 percent computer shutdown after the hackers infiltrated its systems demanding $550,000 in bitcoin. The hack resulted in most staff reportedly abandoning their positions as nine out of ten company machines were infected.

The WannaCry attack was a maliciously calculated execution by criminals, but that isn’t the only way technology can let us down. Sometimes technology just doesn’t perform the way we’d like it to. This was highlighted by another recent event in which British Airways canceled all flights on May 27 from London's two biggest airports after "a major IT system failure" caused severe disruption to flight operations worldwide.

The root cause of the IT failure was a power supply issue, according to British Airways CEO Alex Cruz, who said there was “no evidence of any cyber-attack.” The system failure affected all British Airways’ call centers, according to the airline. Although some of the airline’s systems returned shortly thereafter, the outage caused significant disruption for schedules as aircraft crews were out of position around the world.

An onlooker at the airport described the British Airways staff as “incapable of doing anything else, despite their best intentions, due to the system outage.” He said they were “totally crippled” – the harsh reality of just how much businesses today rely on technology to function.

There was no evidence that the British Airways IT failure had anything to do with human interference which is what differentiates it from the global WannaCry malware attack. While airports were scrambling to cater to the needs of frustrated passengers as a result of the British Airways IT failure, the WannaCry attack raised an important question: why weren’t people protected?

The hack was originally discovered by the US National Security Agency (NSA) which allegedly kept the virus on file as a potential tool, called EternalBlue exploit, to use for surveillance or other issues. It was compromised when a group of hackers, known as Shadow Brokers, in April released a cache of stolen NSA documents on the internet, including details about the WannaCry vulnerability. The virus could only affect Windows computers run by Microsoft.

Microsoft has since lashed out at the NSA and other spy agencies for stockpiling vulnerabilities instead of reporting them to computer companies to be fixed. The danger of stockpiling digital weapons has prompted calls for a “Digital Geneva Conventions” to govern their use.

Microsoft released a software update in March 2017 that would protect users against the vulnerability for operating systems such as Windows XP and Windows Server 2003, but it soon became apparent that many people didn't bother to update their computers, thus exposing their computers to WannaCry. Although it was reported that Windows XP was targeted, almost all victims were running Windows 7.

The initial infection was likely through an exposed vulnerable SMB port, rather than email phishing as initially assumed. One of the first things that slowed the virus was a rare emergency patch released by Microsoft to help protect Windows XP devices from the virus’ reach (even though the company hasn’t officially supported XP since 2014). 

The attack was eventually thwarted by a malware analysis expert called MalwareTech who stumbled across a way to stop the virus by locking computers and slowing its spread. MalwareTech was working to reverse-engineer samples of the WannaCry virus when he/she discovered that the ransonware’s programmers had built it to check whether a certain gibberish URL led to a live web page.

MalwareTech wondered why the ransomware would look for that domain, so he/she registered it. Luckily that $10.69 investment was enough to shut down the entire operation. As long as the domain was unregistered and inactive, the query had no effect on the ransomware’s spread, explains a report by WIRED. But once the ransomware checked the URL and found it active, it stopped.

Analyst Darian Huss, senior security research engineer at the intelligence firm Proofpoint, believes that the functionality was put in place as an intentional kill-switch, in case the hackers wanted to halt the attack. “Based on the behavior implemented in the code, the kill-switch was most likely intentional,” he said. MalwareTech believes that the hackers might have included the feature to shield the ransomware from analysis by security professionals.

For IT workers and security researchers, the WannaCry attack reflects the challenge of fighting an elusive foe whose motives are hardly ever clear. It has been described as the most high-profile example of a cyber-attack that analysts actually predicted might happen in 2017 after a substantial surge in hacks in 2016.

“If you looked at what the biggest trends all the security companies were highlighting at the beginning of the year, ransomware was in all of their lists,” said Peter Warren Singer, a technologist and senior fellow at the New America Foundation. Singer has spoken out in support of independent researchers/hackers like MalwareTech, because it’s likely that the attack could have burgeoned if it weren’t for MalwareTech’s skills.

The lesson we have to learn from the experience, says Singer, is that “you want to enable security research and information exchange. You want the curiosity of the good guys to be unleashed as much as possible.”

The other important lesson, he says, is to educate people in the importance of updating their IT systems. For example, many public computers still use Windows XP and could be susceptible to malware attacks if the appropriate security patches aren’t downloaded. The high-profile WannaCry attack could even drive more demand to the likes of Google and Microsoft’s growing cloud computing businesses.

“This may well force a lot of legacy systems finally into the cloud,” said Stewart Baker, a former general counsel at the NSA. The cloud is likely where businesses are headed for in the long run, he says, “but they’ll get there faster now because of the idea of continuing to run XP is not credible.”