The problems and the how's and why's

Tell me why you don't like Mondays

In 1979, The Boomtown Rats, fronted by Bob Geldof released a song entitled “I don’t like Mondays.”

The song was inspired by a tragic event in which Brenda Spencer, a 16-year-old with a history of petty theft and violent thoughts, opened fire from inside her house at students outside San Diego’s Grover Cleveland Elementary School across the street. In a 15-minute spell, she fired 30 rounds of ammunition from a semi-automatic .22-caliber rifle her father gave her for Christmas. The school Principal Burton Wragg and custodian Mike Schar were killed in the attack; eight children and a policeman were wounded.

Spencer, who had told classmates a week before that she “wanted to do something big to get on TV,” then locked herself in the house as the SWAT team descended. The standoff lasted nearly seven hours before Spencer finally surrendered. During that time, a reporter from the San Diego Tribune spoke to her on the telephone. She explained her actions by saying, “I just did it for the fun of it. I don’t like Mondays”.

In the Lyrics of the song, one line resonates with today’s lifestyle as we become more and more immersed into a technological social world and reliant on tehnology to be able to perform our day to day tasks, that line being “The silicon chip inside her head - Gets switched to overload”.

On Friday 12th May, the world witnessed one of the largest cyber-attacks ever affecting 150 countries. Known as the WannaCry ransomware attack, it crippled 42 National Health Service trust centres in the United Kingdom, hundreds of computers at the Russian Interior Ministry, and many university networks in China.

Tens of hundreds of computers at private companies had also been affected including German rail operator Deutsche Bahn, international shipper FedEx Corp, car manufacturers Renault and Nissan, and Spanish telecommunications company Telefonica. The attack continued to affect businesses across the world in the coming days.

The attack occurred in 5 Phases:

Phase 1: On Friday, in some part of Europe, a computer user opened an email with malware attachment. This compressed file allowed the WannaCry malware or virus attacked the machine’s hard drive.

Phase 2: WannaCry encrypted all the data stored on hard drive. Later, it asked for $300 to $600 in bitcoins to decrypt the data.

Phase 3: Meanwhile, this malware communicated with new machines, eventually spreading to 200,000 Windows computers at banks, hospitals, and oil companies through emails.

Phase 4: By Sunday, WannaCry had disrupted services of Spanish mobile operator Telefónica, carmaker Renault in Germany, mobile phone provider MegaFon, and Sberbank in Russia, and FedEx in the US.

Phase 5: Although the attack had slowed down by Monday, WannaCry’s creators continue to ask for ransom for decrypting data. It was still possible that many companies hadn’t noticed the attack yet.

This malware primarily targeted PCs and laptops that still use Windows XP, more recent Microsoft systems, including Windows 8 and 7, were also be infected.

There is plenty of blame to go around for the WannaCry ransomware. First, there are the writers of the malicious software, which blocks victims' access to their computers until they pay a fee. Then there are the users who didn't install the Windows security patch that would have prevented an attack. A small portion of the blame falls on Microsoft, which wrote the insecure code in the first place. One could certainly condemn the Shadow Brokers, a group of hackers with links to Russia who stole and published the National Security Agency attack tools that included the exploit code used in the ransomware. But before all of this, there was the NSA, which found the vulnerability years ago and decided to exploit it rather than disclose it.

All software contains bugs or errors in the code. Some of these bugs have security implications, granting an attacker unauthorized access to or control of a computer. These vulnerabilities are rampant in the software we all use. A piece of software as large and complex as Microsoft Windows will contain hundreds of them, maybe more. These vulnerabilities have obvious criminal uses that can be neutralized if patched. Modern software is patched all the time -- either on a fixed schedule, such as once a month with Microsoft, or whenever required, as with the Chrome browser.

When the US government discovers a vulnerability in a piece of software, however, it decides between two competing equities. It can keep it secret and use it offensively, to gather foreign intelligence, help execute search warrants, or deliver malware. Or it can alert the software vendor and see that the vulnerability is patched, protecting the country -- and, for that matter, the world -- from similar attacks by foreign governments and cybercriminals. It's an either-or choice. As former US Assistant Attorney General Jack Goldsmith has said, "Every offensive weapon is a (potential) chink in our defence -- and vice versa."

The vulnerability in WannaCry is code-named EternalBlue, and it was discovered by the US government -- most likely the NSA -- sometime before 2014. The Washington Post reported both how useful the bug was for attack and how much the NSA worried about it being used by others. It was a reasonable concern: many national security and critical infrastructure systems contain the vulnerable software, which imposed significant risk if left unpatched. And yet it was left unpatched.

The Washington Post says that the NSA used EternalBlue "for more than five years," which implies that it was discovered after the 2010 process was put in place. It's not clear if all vulnerabilities are given such consideration, or if bugs are periodically reviewed to determine if they should be disclosed. As a former NSA employee said, “the quality of intelligence that could be gathered was "unreal." But so was the potential damage. The NSA must avoid hoarding vulnerabilities.”

Perhaps the NSA thought that no one else would discover EternalBlue. How likely is it that someone else will discover the vulnerability? This is often referred to as NOBUS, short for "nobody but us." Can the NSA discover vulnerabilities that no one else will? Or are vulnerabilities discovered by one intelligence agency likely to be discovered by another, or by cybercriminals?

When the NSA realized that the Shadow Brokers had stolen the tool, it alerted Microsoft, which released a patch in March. This prevented a true disaster when the Shadow Brokers exposed the vulnerability on the Internet. It was only unpatched systems that were susceptible to WannaCry a month later, including versions of Windows so old that Microsoft normally didn't support them. Although the NSA must take its share of the responsibility, no matter how good or how many vulnerabilities the NSA reports and the vendors fix, security won't improve unless users download and install patches, and organizations take responsibility for keeping their software and systems up to date. That is one of the important lessons to be learned from WannaCry.

It’s not a question of if there will be another crippling ransomware attack; it’s a question of when.

To be prepared, you need several layers of defences against these attacks.

1.Review your patch management, web protection, mail protection, and integrated backup.

2. Back up your data

3.Secure your data and reduce your potential financial risk in the event of a breach.

4. Patch or Update your software

5. Do not pay the ransom

So what has this got to do with the song that we started with? The WannaCry attack was directed at big business. Nobody died? No one got hurt? Well, in this scenario, the hackers ARE Brenda Spencer. The girl in the song. WannaCry is the .22 calibre rifle her father gave her for Christmas and her father, the NSA.

The hackers and ransomers wanted to do something big to get global coverage. They did it for the fun of it. Because they could. It didn’t matter to them what the consequences were or if anybody DID or didn’t get hurt. And it was never really about the money. They probably knew that few of the targeted users would pay any kind of ransom and that the disruption they had created would be temporary. But that didn’t matter. It exposed vulnerabilities. Its showed how ill prepared large organisations were and probably some still are.

In a bizarre twist the real outcome of this attack is a positive thing in that it exposed risks and therefore changed the way users now respond to a potential threat with heightened caution. They have become educated where before they were unaware and unprepared.

And the silicon chip Inside her head? The one that got switched to overload? A warning. Not for the hackers. But for us. We are all vulnerable to the point of distraction from the world around us. Our family. Our Friends. The world itself. Acting before thinking. Not questioning. Our lives have become so immersed in receiving information that we no longer take the time to process what we are seeing and hearing. There are no reasons to not like Mondays. But we are running the risk of creating the reasons for ourselves. Because we can.