a group of finance ministers to simulate a similar attack that shut down financial markets and froze global transactions. By several accounts, it quickly spun into farce: No one wanted to admit how much damage could be done or how helpless they would be to deter it.
.. something has changed since 2008, when the United States and Israel mounted the most sophisticated cyberattack in history on Iran’s nuclear program, temporarily crippling it in hopes of forcing Iran to the bargaining table.
.. the sophistication of cyberweapons has so improved that many of the attacks that once shocked us — like the denial-of-service attacks Iran mounted against Bank of America, JPMorgan Chase and other banks in 2012, or North Korea’s hacking of Sony in 2014 — look like tiny skirmishes compared with the daily cybercombat of today.
.. Yet in this arms race, the United States has often been its own worst enemy. Because our government has been so incompetent at protecting its highly sophisticated cyberweapons, those weapons have been stolen out of the electronic vaults of the National Security Agency and the C.I.A. and shot right back at us.
.. the WannaCry ransomware attack by North Korea last year, which used some of the sophisticated tools the N.S.A. had developed.
.. Nuclear weapons are still the ultimate currency of national power, as the meeting between President Trump and Kim Jong-un in Singapore last week showed. But they cannot be used without causing the end of human civilization — or at least of a regime. So it’s no surprise that hackers working for North Korea, Iran’s mullahs, Vladimir V. Putin in Russia and the People’s Liberation Army of China have all learned that the great advantage of cyberweapons is that they are the opposite of a nuke: hard to detect, easy to deny and increasingly finely targeted. And therefore, extraordinarily hard to deter.
.. Cyberattacks have long been hard to stop because determining where they come from takes time — and sometimes the mystery is never solved.
.. Today cyberattackers believe there is almost no risk that the United States or any other power would retaliate with significant sanctions, much less bombs, troops or even a counter cyberattack.
.. “They don’t fear us,”
.. At the State Department, the eviction took weeks, shutting down systems during negotiations on the Iran nuclear deal. The hackers were even bolder at the White House. Instead of disappearing when they were exposed, they fought back, looking to install new malware as soon as the old versions were neutralized.
.. It appears the attackers just wanted to prove they could go, and stay, anywhere in the American government’s network.
.. the United States never called out the Russians for what they were doing.
.. If Mr. Putin thought there was no price to be paid for invading White House systems, why wouldn’t he attack the Democratic National Committee?
.. By the summer of 2016, some Obama administration officials, waking to the threat, proposed counterstrikes that included exposing Mr. Putin’s hidden bank accounts and his ties to the oligarchs and cutting off Russia’s banking system. But the potential for escalation caused Mr. Obama and his top aides to reject the plan.
“It was an enormously satisfying response,” a senior American official told me later, “until we began to think about what it would do to the Europeans.”
Mr. Obama also understandably feared that anything the United States did might provoke Mr. Putin to tinker with election systems just enough to give credence to Donald Trump’s warning that the system was “rigged.”
.. Since the election, the American retaliation has included closing some Russian consulates and recreation centers and expelling spies — actions one Obama national security official called “the perfect 19th-century solution to a 21st-century problem.”
.. The wide-open vulnerabilities in America’s networks have essentially deterred the United States from credibly threatening retaliation against the Russians, the Chinese, the North Koreans and the Iranians.
.. One way to start is to make sure no new equipment goes on the market unless it meets basic security requirements. We won’t let cars on the road without airbags, so why do we do less with the systems that connect them to the internet?
.. Second, we must decide what networks we care most about defending — and make those priorities clear. Mr. Mattis’s threat to turn to nuclear weapons hardly seems credible — unless the cyberattack would create an existential threat to America. That requires an intensive public review of what is critical to our nation’s survival.
..President Trump forfeited the perfect opportunity when he decided against a commission to learn the larger lessons from the 2016 election.
.. the United States needs to end the reflexive secrecy surrounding its cyberoperations. We need to explain to the world why we have cyberweapons, what they are capable of and, most important, what we will not use them for.
.. it is in the nation’s interests to develop global norms clarifying that some targets are off limits: election systems, hospitals and emergency communications systems, and maybe even electric power grids and other civilian targets.
.. Microsoft’s president, Brad Smith, has proposed digital Geneva Conventions that begin to establish those norms, outside the structure of governments and treaties.
.. Intelligence agencies hate this idea: They want the most latitude possible for future operations in an uncertain world. But in any arms control negotiation, to create limits on others, you need to give up something.
Tim Cook’s refusal to help FBI hack iPhone is validated by ‘WannaCry’ ransomware attack
The proliferation of the WannaCry ransomware last week unequivocally justifies Apple’s steadfast refusal to help the FBI break into an iPhone 5c used by one of the San Bernardino terrorists. As a quick refresher, the FBI last year wanted Apple engineers to create a brand new version of iOS that would allow them to skirt around iOS security measures. As a precaution, a security setting in iOS wipes a device clean after 10 erroneous passcode entry attempts. The FBI, as a result, tried to force Apple to release a specialized version of iOS that would not include this security limitation.
So while Cook’s cancer analogy might have struck some as being extreme, the WannaCry ransomware saga last week proves that once a piece of malicious software is created, it’s impossible to keep it out of the hands of malicious actors. According to reports, the WannaCry ransomware — which infected more than 200,000 computers across 150 different countries in less than 24 hours — was based on an NSA exploit released by a hacking collective known as the Shadow Brokers. In fact, WannaCry began infecting computers worldwide just about 4 weeks after the Shadow Brokers released a treasure trove of NSA hacking tools and exploits for anyone in the world to explore and use... There’s probably more information about you on your phone than there is in your house… they’re also loaded with the location of our kids in many cases, and so it’s not just about privacy but it’s also about public safety.”
.. Incidentally, Microsoft on Sunday issued a statement blasting government agencies for hoarding dangerous exploits.
Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.
‘Accidental hero’ halts ransomware attack and warns: this is not over
Expert who stopped spread of attack by activating software’s ‘kill switch’ says criminals will ‘change the code and start again’
I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organisations being hit,” he told the Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”
The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.