The ransomware attack last week, coined WannaCry, has been heralded as a wake-up call for the world on the very material dangers that cyberwarfare can have on society’s infrastructure.
First appearing in Spain on 12 May, WannaCry spread via email, exploiting vulnerabilities in Microsoft operating systems that the US National Security Agency (NSA) had reportedly identified in April. WannaCry encrypts the victim’s files and locks them out of their computers before demanding US$300 in bitcoin currency and threatening to destroy all data if no payment is received.
The major victims include the UK National Health Service (NHS), Spanish telecommunications company Telefónica, logistics company FedEx, German railway system Deutsche Bahn, government agencies in Russia and China, automakers Nissan Motor Co. and Renault SA.
More than 250,000 computers in over 150 countries have since been attacked by the malware. Marcus Hutchins, a small-fry tech blogger and researcher for an IT security firm, accidentally found a so-called “kill switch” in the malicious software and managed to slow its advance. Last week, Wired listed various mistakes that the “amateur” WannaCry attackers made and warned that the attack could have been far more devastating if carried out by professionals.
Ransomware has become popular in the last ten years. In 2012, software company Symantec was able to gain access to data from just one command server and two Bitcoin addresses used in a ransomware attack and estimated that the attackers were making as much as US$394,000 a month. Symantec estimates the total amount of ransoms paid a year to be at least US$5 million.
WannaCry shows that cyberwarfare can have unquestionable effects on, well, everything reliant on networked computers; not just in its financial ransoming, but also in the locking of important systems and data.
The current debate in academia, prompted by attacks such as these, concerns itself with the concept of cyberwar itself. Traditionally, attacks (and wars) have origins and aggressors, but cyberattacks seemingly appear out of thin air. Especially when we consider, as has been reported, that those who programmed the ransomware had little control over its trajectories and life-span, it’s easy to start thinking about such attacks as autonomous viruses.
Does this not remind you of the War on Terror and our perpetual state of security?
A sprawling industry has taken shape that challenges the state’s monopoly on attributing attacks to attackers. Last week, the WannaCry attack led to an 8 percent rise in share valuation for some cyber security firms, an industry that has a formidable amount of political influence in the era of “hacking elections”.
The pairing of cyberattacks’ fluid characteristics with traditional concepts of war is confused further by the internet’s diffused nature and the blurred lines between civilians and state agents. Just about anyone can code and has access to vulnerabilities (so-called cyber weapons) in various systems.
Last week, while some cybersecurity experts called for patience, researchers from two cybersecurity providers came forward to put the blame for WannaCry on North Korea. American software company Symantec and Russian-based Kaspersky Lab say that some of the code used was nearly identical to code used by the Lazarus Group, a North Korean hacking operation which was responsible for the 2014 hack of Sony, according to the US, and also allegedly stole US$81 million from Bangladesh’s central bank.
However, John Miller of another cybersecurity company FireEye said, "The similarities we see between malware linked to that group [Lazarus] and WannaCry are not unique enough to be strongly suggestive of a common operator.”
This brings up another problem with cyberwarfare, that a myriad of private interests – some of which have close ties to various governments and seemingly unrelated businesses – are speculating on who and in what capacity someone is actually taking part in the warfare. Yet, we often can’t escape from the opinions of a cybersecurity company because they provide answers governments cannot because of a lack of transparency, national security concerns or simply a lack of knowledge.