On Friday, May 12, a ransomware attack affected more than 100,000 organisations in 150 countries, thwarting operations of shipper FedEx, train systems in Germany, a Spanish telecommunications company Telefonica, universities in Asia, Russia’s interior ministry and forced hospitals in Britain to turn away patients.
According to media reports, over 200,000 people have been affected by the malware. The initial attack, known as “WannaCry”, has now paralysed businesses in Japan and China too. Media reports suggest that the malware creates a pop-up window “informing users that their files are encrypted and are no longer accessible — without a payment. Screenshots of the malware show an initial request for $300 to be paid in bitcoin, with a timer that says the ransom amount will rise if it’s not paid within a certain time frame, and files will be lost after that.”
Ransomware is an idea first developed more than 20 years ago, and reportedly “reverses the usual form of hacking – where the threat comes from others having access to data; ransomware’s threat is that nobody can access your data, including you.”
The cyber attack has once again exposed chinks in the security armours of the seemingly impregnable software programmes. A statement from Microsoft president and chief legal officer Brad Smith read, “We have seen vulnerabilities stored by the Central Intelligence Agency (CIA) show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”
Attacks like these have the potential of wiping out megabytes of data and can bring a whole economy to a grinding halt. A National Public Radio (NPR) report mentioned Security researcher Brian Krebs, who claimed that there is evidence showing about $26,000 syphoned in payments to the bitcoin accounts associated with the malware. It further said, “A review of the three payment addresses hardcoded into the Wana ransomware strain indicates that these accounts to date have received 100 payments totalling slightly more than 15 Bitcoins — or approximately $26,148 at the current Bitcoin-to-dollars exchange rate.”
While cyber security experts are reeling under the impact of this crimeware, the incident has mobilised concerns about cyber safety and hacking. Driven by the ‘unethical’ hacker principles of vandalism and greed, a large swath of computer experts spend countless hours on the web, scouring for vulnerabilities and infiltrating systems to draw funds and sometimes, sensitive information. Hacking of websites, therefore, amounts to cyber bullying and has become a growing nuisance in a day and age, when our dependence and presence on the internet has increased multifold.
Although in the case of hacking, the line between the ethical and unethical is thin, companies across the globe have tried to institutionalise the positive aspects of hacking to use it to their advantage. To counter the immediate threat posed by the burgeoning ‘business’ of hacking, numerous ‘ethical’ hackers are using their prowess to make the infrastructure systems foolproof.
Arun Ganeshan, an ethical hacker with a leading multinational firm, was quoted by a national daily, ” Hacking is nothing but sporting a questioning attitude towards technology. As an ethical hacker, I need to start thinking where a cracker would ideally stop.”
While an ethical hacker has to stay abreast with the latest advancements in “software, database, operating systems, wireless infrastructure and network management,” the bigger challenge is to ward off the danger of a break-in, especially when the opportunities are countless.
The lines in hacking are blurred; what’s ethical for one could become a breach of privacy for another. It is perhaps impossible to put a stop to the menace of cyber crime, but more awareness and a risk-averse approach could help in stalling an international rampage like this.