jump to navigation

Returning to work…. May 15, 2017

Posted by WorldbyStorm in Uncategorized.

….as some of us are this morning after the weekend, and what’s the problem some of us may face?  Anyone affected by this?


1. EWI - May 15, 2017

Apparently an NSA-authored backdoor into Windows.


EWI - May 15, 2017
GW - May 15, 2017

… which NSA/GCHQ only informed M$ about when it was leaked.

The NSA/GCHQ don’t author all their backdoors – they buy in black hat exploits. A profitable business altogether.


2. GW - May 15, 2017

I have a strong dislike of the (failing) monopolists Macroshaft, but at least they stuck it to the NSA/GCHQ in this case.

Tories tried to blame Labour for the pennypinching that led the the NHS downtime, of course.


3. FergusD - May 15, 2017

Blaming Labour for this is unfair. Orgamisations like the NHS have a huge problem when they rely on commercial software, especially the OS, and the supplier “updates” it and then starts to withdraw support from the version installed in millions of copies. I don’t know to what extent that was involved in this mess, but it is a big issue, the NHS still mastly uses Windows XP AFAIK. The cost of the “update” from XP for the NHS would have been vast, probaly for dubious benefit as XP probably does the job. I am not sure if OpenSource is the answer as it stands, but this is a big issue.


WorldbyStorm - May 15, 2017

+1, hugely opportunist of the Tories


Aonrud ⚘ - May 15, 2017

I’ve no love of Microsoft, but you can’t reasonably expect them to keep supporting XP forever. I think they gave 7 years warning, and offered further paid support. (Red Hat, for example, support their Enterprise Linux for 10 years, plus a further 3 if paid for).

The difference with open source, though, is that you’re not dependent on one company to support old systems – if you want to keep using an older version of something, you can choose to hire software developers to do security maintenance yourself, if nobody else is doing it. You may often be better off upgrading, but you don’t have the option taken away from you.

For example, in some cases where local governments have switched to Linux, they can use a local business to maintain, say, an older version of LibreOffice, without being at the mercy of the strategy of a multinational.


4. Lamentreat - May 15, 2017

Thanks for making that point Aonrud, it is an interesting clarification.

Maybe I’m jumping to generalize, but ransomware seems like a kind of accelerated version of the general problem of built-in obsolescence in digital media. A comparable threat – “Give us money or all ‘your’ content will be unusable” – is part of the blackmail of endless new versions, formats, and products from hardware and software makers. Shutting down analogue TV and radio seems similar.

I like upgrades as much as anyone – if they are that – and I am ultimately an ignorant consumer of this stuff, with no understanding of how my tools work. But I wonder how different digital technology would look if conservation/preservation/protection was central to how it was developed and distributed.

Liked by 1 person

Aonrud ⚘ - May 15, 2017

Slightly off on my hobby-horse tangent, but it’s precisely that loss of control over technology we ostensibly own that the Free Software movement has been great for counteracting. People have put a remarkable amount of time into things like a Linux distribution specifically for ancient laptops that would otherwise be thrown out. I had an old clip-on mp3 players that was a famously buggy model, no longer supported etc., but there was a free software operating system for it that was far better, played any format, and so on.

To try to counter that, of course, manufacturers do their best to lock systems and treat hardware as essentially something we rent from them as part of a ‘service’, which they can effectively disable at will (Apple and Google are both great fans of that one).


5. CL - May 15, 2017

“As of Monday morning, the WannaCry attackers had received only 23.2 bitcoins, or roughly $40,000, in ransom payments from 157 sources, according to bitcoin transaction data accessible via bitcoin.info.”


6. Torheit - May 15, 2017

Listening to some people from the Chaos Computer Club discuss this incident makes one wonder, what exactly the purpose of this worm was.

Some features make it unusual. Firstly, when you demand moneys via Bitcoin you normally create many new wallets to recieve the ransoms. This worm had only four wallets – none of which can be used to buy anything remotely traceable. Secondly they used DNS as a kill switch – something which anyone could implement and which would also be traceable. Thirdly there seems to be no way of implementing public key cryptography to ensure that only the command and control centre of the worm has the private decryption keys in a table against the identity of each victim.

Which points to three possibilities, as far as I can see.

a) It was an amateurish attempt by people with the technical know-how but few criminal skills in hiding their tracks.

b) It was a kind of warning shot example of something that caused perhaps a billion or so dollars worth of damage but could have been much worse. That would point to a hacktivist bringing to attention just how dangerous the hoarding of such vulnerabilities by agencies that are themselves vulnerable is.

c) An extension of b) The worm was developed by a non-Five Eyes agency in order to put political pressure on the NSA to report these to the manufacturers and have the vulnerabilities closed. If the other agency has different vulnerabilities in their arsenal then they gain an advantage.

Which brings me to my final point – these vulnerabilities have potential to create damage to infrastructure way beyond that “achieved” by WannaCry. Supposing that instead of locking up British NHS data the payload of the worm had been something that changed the recorded blood group or drug requirements of all patient records they found? The results would have been catastrophic before they were detected. I won’t go on but I’m sure you can all fill in the blanks.

The idea that hoarding rather than fixing them is rational is only something that a military mind-set conditioned through Cold War MAD could imagine. And whereas creating nuclear weapons is a complex business requiring a large team and investment, one reasonably motivated person with a modicum of skills could take advantage of the vulnerabilities that have been release by the Shadow Brokers.

If a moderately large country like France were to invest (say a $billion) in buying vulnerabilities and researching their own and immediately insisting that the manufacturers fix these (like Google’s Project Zero does gratis) they would deliver significantly more benefit in terms of risk reduction in terms of the security of the IT infrastructure that we depend on than the trillion-dollar investment in Five-Eyes and their snooping allegedly provide us in terms of a few terrorist attacks prevented.


WorldbyStorm - May 15, 2017

The implications of your analysis are fairly disturbing Torheit. But very very interesting.


7. GW - May 16, 2017

It’s all right – we can go back to hating Microsoft. They had the patches for this vulnerability ready months ago but didn’t release them because they couldn’t make any profit from it.

Them and the NSA/GCHQ – pot and kettle.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: