"The Biggest Cyberattack in History Just Happened"
by Jim Rickards
"Governments and corporations are grappling today with a massive cyberattack that started Friday and rapidly spread to thousands of computers around the world. The unprecedented attack initially infected over 200,000 computers in at least 150 countries. One Chinese cybersecurity firm said that 29,372 institutions had been infected, including government offices, transportation networks, universities, ATMs and hospitals. The virus struck later in the day on Friday, when businesses were shutting down for the weekend. So many feared the full impact would be felt today as businesses came back online.
Here’s a map The New York Times produced to highlight the attack’s global reach:
It’s the largest attack of this type we’ve seen yet. Europol executive director Rob Wainwright said "We've never seen anything like this." Reports suggest the attack has been contained, but it’s still too early for a complete assessment. The attack was only discovered accidentally on Friday by a cybersecurity specialist in England.
Britain’s National Health Service (NHS) was apparently heavily impacted, although the worst seems to be over. Some experts fear it may have even affected Britain’s nuclear submarine fleet, which may have used software the virus attacks. British officials have downplayed concerns. But it just proves that when it comes to cybersecurity, the lines between the civilian and military worlds are becoming increasingly blurred.
What exactly is this virus? The virus is a type of “ransomware” called “WannaCry.” It encrypts computer files with encryption that’s virtually unbreakable. And the attackers demand a $300 ransom to unlock them, paid in the cryptocurrency Bitcoin to avoid tracking. Two separate countdown clocks appear on infected computers saying how much time remains before the ransom is doubled and when the encrypted files will be deleted.
The software behind WannaCry was allegedly developed by the National Security Agency (NSA) to penetrate computers using certain versions of Windows. It was leaked in April by a group called Shadow Brokers. The virus affected computers using older versions of Microsoft Windows that hadn’t been upgraded with a security patch Microsoft issued in March. But of course it can take large organizations quite a while to install these patches, so they were vulnerable.
Experts don't yet understand how the virus traveled from the internet to computer networks. Unlike a lot of the computer viruses in use today, for example, WannaCry doesn't appear to rely on opening an email to infect a computer. Instead, experts say it appears to somehow spread on its own. On Friday an outfit called SpamTech claimed responsibility for the attack. But there’s no proof to suggest their claim is valid. For now, it remains a mystery. But many experts think the attack was probably carried out by relatively unsophisticated hackers, despite its reach and impact. The ability to stop it was too easily found, they say.
Is this latest threat contained? Probably not. Apparently several new variants of the virus have already been detected. And apparently these newer versions can't be tricked by the same techniques that contained the initial attack. So we cannot assume it’s over. Please do not assume that your personal computer is safe from such attacks. It isn’t. This is a problem that will only grow worse.
The lines between civilian and military are becoming increasingly blurred, as I said earlier. And national security strategies must address this growing threat. Microsoft’s president and chief legal officer, Brad Smith, likened the hacking of the NSA software to "U.S. military having some of its Tomahawk missiles stolen." James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), agrees that cyberwarfare is now an integral part of national security: As a superpower, if the U.S. didn’t have these cyber weapons, they’d be pummeled by any and every adversary that had an interest in doing so. It’s important to understand that the best cyberdefense is a potent and profound next-gen cyberoffense.
The bottom line is that the cyber realm is more important than ever. Read on to see how cyberattacks may have already compromised our national security, and how they can turn a bad day on Wall Street into a full-blown crash.
Friday’s cyberattack just highlights the growing nature of the threat, and the need for much greater security. WikiLeaks’ March release of 7,818 web pages, called the “Vault 7,” was a major development. This collection amounted to more than several hundred million lines of code, and gave away the entire hacking capacity of the CIA. It was by the largest release of CIA intelligence documents in history. And WikiLeaks’ released proved that U.S. intelligence agencies have lost control of its hacking tools.
This is part of a much larger problem. Barely a day goes by without some company or government agency announcing that one of its systems has been compromised or attacked. These attacks can take many forms. The most common is a distributed denial of service, or DDOS. In this type of attack, a system is overwhelmed with malicious message traffic so that legitimate users of a website cannot gain access. A DDOS attack does not actually penetrate the system or steal information. It simply obstructs normal access so that the target site is effectively shut down.
Attacks that penetrate firewalls and get inside a system are more serious. These are often conducted by criminal cybergangs who steal credit card and password information that can then be used to conduct unauthorized purchases of goods and services. This is a more serious kind of breach, but the damage is usually limited by cancelling compromised credit cards or accounts and issuing new ones to affected customers. This can be annoying, time-consuming and somewhat costly, but not life-threatening to the parties involved.
In addition to financial losses, such attacks can cause enormous reputational damage to the entity whose systems were breached. For example, the 2013 hack of Target Corp. was executed just ahead of the Thanksgiving-to-Christmas shopping season and involved the theft of 40 million credit card numbers and 70 million pieces of personal information, such as customer addresses and phone numbers. Target’s stock crashed, and the company was subject to over 90 lawsuits alleging negligence. Target spent over $60 million in damage control immediately following the attack, but final damages were much higher. Many customers closed their Target accounts and refuse to make further purchases there. The reputational damage to the Target brand continues to this day. Similar attacks were launched against JPMorgan Chase, Home Depot and Anthem Health Insurance. Many more have happened, and many more are yet to come.
The most damaging attacks are not those launched by criminal gangs seeking financial gain. The most dangerous are those launched by the military and intelligence agencies of Iran, China, Russia and other rivals of the United States aimed at damaging national security and critical infrastructure. These attacks may involve the theft of secret military, intelligence and diplomatic files. Some attacks seek to gain control of critical infrastructure and involve the use of sleeper viruses that can be switched on to disrupt a system at a particularly opportune time for an enemy.
For example, a virus implanted in the control system of a hydroelectric dam could open floodgates to inundate downstream targets, killing thousands by drowning and destroying bridges, roads and agriculture. Other viruses could shut down major stock and commodity exchanges.
In 2010, the FBI and Department of Homeland Security discovered an attack virus in the computer systems of the Nasdaq stock market. That virus was disabled, but others may remain. On Aug. 22, 2013, the Nasdaq was mysteriously shut down for over three hours, disrupting trading in Apple, Google, Facebook and other investor favorites.
Military planners make use of a fighting doctrine called the “force multiplier.” The idea is that any given weapon can be used with greater-than-normal effect when combined with some other state or condition that gives the weapon greater impact. For example, if Russia wanted to disrupt a U.S. stock exchange, they might wait until the market is down over 3%, say, 500 points on the Dow Jones index, for reasons unrelated to the cyberattack. Launching the attack on a day when the market is already nervous would “multiply” the impact of the attack and possibly result in a drop of 4,000 Dow points or more, comparable in percentage terms to the one-day drop on Oct. 19, 1987.
All of these scenarios are worrying enough, but a couple years ago the U.S. government suffered a cyberattack even worse than shutting a stock exchange or opening the floodgates on a dam. Chinese hackers had gained access to the files of the U.S. Office of Personnel Management (OPM). Estimates of individuals affected range from 4 million up to 32 million. The Chinese hackers actually obtained credentials to gain access to the system, and once inside systematically downloaded the database. If the stolen information were limited to names, addresses, Social Security numbers and the like, the damage would be immense and the affected individuals would be at constant risk of harassment and identity theft.
But the damage was far worse. Many of the files consisted of responses to a questionnaire called Standard Form 86, or SF-86. This is the form used to apply for security clearances up to and including the top-secret level. The form itself is 127 pages long, which is daunting enough. But the attachments and documentation required to support the information on the form, including tax returns, personal net worth statements, explanations of answers to certain questions, etc., can run to hundreds of pages more.
The government requests this information in order to evaluate the fitness and loyalty of those applying for security clearances. A typical question is: “Have you EVER been a member of an organization dedicated to the use of violence or force to overthrow the United States government, and which engaged in activities to that end with an awareness of the organization’s dedication to that end or with the specific intent to further such activities?”
The U.S. government also requests extensive personal financial information. The reason is that someone with a security clearance who is in personal financial distress can be compromised by a foreign intelligence agency that offers that individual cash to betray his country. Treason for money was the motivating factor in the notorious cases of Aldrich Ames at the CIA and Robert Hanssen at the FBI.
Since the U.S. uses SF-86 to identify vulnerabilities in our intelligence agents, the Chinese can do the same. By gaining access to the SF-86 files in the OPM computers, the Chinese gained a virtual playbook on how to identify and compromise those entrusted with America’s most sensitive top-secret information.
Many observers believe that such cyberwarfare and criminal cyberhacking is inevitable and there is not much that computer systems operators can do to fight it. This is not true. In fact, there are effective firewall, encryption, compartmentalization, verification and other cybersecurity techniques that companies and governments can use to safeguard their information.
The problem is that such solutions are expensive, and companies and government agencies have been slow to take the needed measures to protect critical data. This mindset is changing, and the Trump administration has pledged to greatly increase spending on cybersecurity. In fact, just last week President Trump signed an executive order giving cybersecurity high priority. The costs of data breaches, both financially and in terms of national security, are simply too high. Suddenly solutions that used to seem expensive now seem cost-effective compared with the damage caused by systems compromises.”