| Some thoughts on this ransomware stuff 13:29 - May 15 with 3049 views | BOjK |
I know there was another thread on this, but here are my collected thoughts.
Firstly, some background on what happened.
1) The National Security Agency (NSA ) in the States are apparently in the habit of targetting windows systems to see if they can exploit security holes in them. Once they have identified them they sit on the weaknesses, not telling anyone and write tools that allow them to access computers of suspects should they happen to use an old Operating System. Terrorism you see.
2) The NSA were hacked and their tools stolen.
3) The hack and the theft became public.
4) Microsoft (to their credit) patched the problems, on both their newest OSs, and on a number of unsupported legacy OSs (most prominently XP)
5) BadPeople used the information leaked to write ransomware which ended up on a random series of computers - many in the NHS. They didn't target the NHS in particular. It just ended up there. And at Nissan. And at many other places.
Multiple points are worth raising from this.
Firstly the behaviour of the NSA seems as dangerous to me as that of the terrorists here. To know of weaknesses in OSs but not to make the vendors aware endangers us all.
Secondly this amply demonstrates why many of us have been vehemently opposed to the building in of back-doors into phones/computers/encryption algorithms to allow the security services access. Once they exist, they will leak and the BadPeople will use them. This could be ransomware. It could be phishing. It could be just making your computer run slowly (for the lolz). Whatever it will be, it won't be fun.
The point sometimes raised - "why are these systems using out-dated versions of Windows?" - can often be simply answered. Amongst my table of fellow nerds over lunch more than one kept a PC running XP so they could run the software used to control some piece of kit they had. Scanners, EEProm programmers. I dare the NHS has hundreds of these things. Legacy pieces of kit to measure some body function, which they haven't replaced, and which the manufacturer has long since stopped supporting. To use these pieces of kit, you need a computer running XP. You replace the computer, you replace the kit, and money is a bit tight at the moment. Linux wouldn't help here, as it a) much harder for untrained staff to install, maintain and use and b) entirely unsupported from a hardware point of view.
We need a serious (inter-)national dialogue about the way forward, and about what got us into this mess. Can't we stop the NSA doing this? Can we get Microsoft to continue to update XP? How do we educate non-technical people about software updates?
Sadly the media, politicians and media seem unable to grasp the scale of the problem and the real issues behind them. Instead it is easier to describe this as hacking (it wasn't), argue about NHS budgets and put someone outside a hospital in Lincolnshire to talk about how many operations have been cancelled that day.
Some links:
https://arstechnica.co.uk/information-technology/2017/05/wanna-decryptor-kill-sw
https://arstechnica.co.uk/security/2017/05/wanna-decryptor-microsoft-government-
https://arstechnica.co.uk/security/2017/05/what-is-wanna-decryptor-wcry-ransomwa
[Post edited 15 May 2017 13:32]
|  |
| |  |
| Some thoughts on this ransomware stuff on 13:38 - May 15 with 2992 views | SamWhiteUK |
All very good points, but I would imagine that a lot of the machines used to operate the legacy equipment might not be connected to the network. Not saying none of them are, just that it might have been worse. |  | | |
| Some thoughts on this ransomware stuff on 13:42 - May 15 with 2979 views | EJP |
Apparently one London based NHS trust wasn't affected as a few weeks before they had blocked access on their firewall to sites created on GoDaddy. Their firewall took an extremely high amount of hits on Friday where the malware was trying to download the next step and couldn't.
Or so the mate in the NHS trust of the IT bloke who works for me said... haven't seen it reported anywhere else though. |  | | |
| Some thoughts on this ransomware stuff on 13:47 - May 15 with 2950 views | DanTheMan |
Good post.
To kind of tag on, this is exactly why Windows have moved to the model of just continuing to update one OS a bit like Apple do and just rolling those out.
People complain that the newer versions of Windows are more pushy about updates by basically telling you it's going to shut down whether you like it or not. But they've been forced into this because people basically can't be trusted to do it themselves so it's better to force them.
On the NSA point, you're absolutely right that it should have been disclosed to Microsoft and also shows exactly what happens when you make a backdoor public. People think "well I've got nothing to hide" don't realise the reality of what they are saying.
I don't think Microsoft should be forced to continuously update an OS that went end of life 3 years, having given them many years to begin the migration or find some other way of supporting what they had bought.
Annoyingly there'll be a lot of blaming, someone will be made the sacrificial lamb and lessons probably won't have learned their lesson. Security is never a high priority until something bad happens, and then it quickly forgotten about after the damage is done. |  |
| |
| Some thoughts on this ransomware stuff on 14:56 - May 15 with 2844 views | homer_123 |
Not defending the NSA here but I would point out that nearly all programmes ever developed have a 'backdoor'. |  |
| |
| Some thoughts on this ransomware stuff on 15:21 - May 15 with 2805 views | blue_oyster |
| Some thoughts on this ransomware stuff on 14:56 - May 15 by homer_123 |
Not defending the NSA here but I would point out that nearly all programmes ever developed have a 'backdoor'. |
Does that mean that they're not written properly? |  |
| |
| Some thoughts on this ransomware stuff on 15:44 - May 15 with 2762 views | BOjK |
| Some thoughts on this ransomware stuff on 14:56 - May 15 by homer_123 |
Not defending the NSA here but I would point out that nearly all programmes ever developed have a 'backdoor'. |
I definitely don't agree. | |
| |
| Some thoughts on this ransomware stuff on 15:53 - May 15 with 2745 views | homer_123 |
| Some thoughts on this ransomware stuff on 15:44 - May 15 by BOjK |
I definitely don't agree. |
What's not to agree with?
It's a reality and fact - you can go back to the early days of computing to see prime examples of this.
Still applies today as much as historically. | |
| |
| Some thoughts on this ransomware stuff on 15:54 - May 15 with 2742 views | homer_123 |
| Some thoughts on this ransomware stuff on 15:21 - May 15 by blue_oyster |
Does that mean that they're not written properly? |
It depends, backdoors themselves aren't a problem - the exploitation of them is however.
They were developed and put into software for lots of very good decent reasons.... | |
| |
Login to get fewer ads
| Some thoughts on this ransomware stuff on 17:26 - May 15 with 2685 views | BOjK |
| Some thoughts on this ransomware stuff on 15:53 - May 15 by homer_123 |
What's not to agree with?
It's a reality and fact - you can go back to the early days of computing to see prime examples of this.
Still applies today as much as historically. |
You said "nearly all".
I strongly suggest this isn't the case in modern security systems. | |
| |
| Some thoughts on this ransomware stuff on 19:07 - May 15 with 2639 views | blue_oyster |
| Some thoughts on this ransomware stuff on 15:54 - May 15 by homer_123 |
It depends, backdoors themselves aren't a problem - the exploitation of them is however.
They were developed and put into software for lots of very good decent reasons.... |
Maybe you can give an example to explain? I don't think the average person really believe these things exist, myself included. | |
| |
| Some thoughts on this ransomware stuff on 20:58 - May 15 with 2578 views | Eireannach_gorm |
Because the Ransomware exploits a weakness in Microsoft Server Message Block (SMB), PC's that are on the same network but not on the internet can be infected. It is an well known weakness. SMB is how PC's talk to each other and blocking ports 445 and 139 stops this but also blocks print and file services. Health Care facilities are particularly susceptible because they may use older Operating Systems to run diagnostic equipment.
https://www.troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransom |  | | |
| |
By continuing to use the site, you agree to our use of cookies and to abide by our Terms and Conditions.
