The weapon’s target was Ukraine, its blast radius was the entire world.
August 23, 2018 10:00 AM Subscribe
The Untold Story of NotPetya, the Most Devastating Cyberattack in History (Andy Greenberg, Wired)
Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world.
Metafilter coverage at the time.
Metafilter coverage at the time.
Finding the code untouched in Ghana was my favourite. Ghanaian lack of a UK visa added to the spice.
posted by infini at 10:39 AM on August 23, 2018 [2 favorites]
posted by infini at 10:39 AM on August 23, 2018 [2 favorites]
It wasn't code found in Ghana, it was the Active Directory data for the company. Which didn't have a backup, because lots of live replication is safe. Until it isn't.
A properly configured and patched network of computers would not have succumbed to this attack. Maersk (and so many other places) did not have such a network. The problem isn't that we cannot build secure systems, it's that we cannot maintain them, either because it costs too much or because it feels like it costs too much (and 'too much' in that case may be surprisingly little). In Maersk's case, as the article notes, the IT division knew this and pushed what sounds like a sensible plan to tighten things up considerably. This was adopted but nobody was actually made responsible for doing it. It didn't get done. The ability of the body corporate to avoid making decisions it doesn't want to make is unbounded.
We won't actually get to the place were the cost of doing business accurately reflects spending money on sufficiently robust IT systems until it is legally mandated. At the moment, we're in a phase analogous in aviation to wanting bigger, faster and higher-flying planes every year and not caring if they crash every other day or just fall apart in flight. Or buying a fleet of planes and expecting them to last twenty years with no maintenance or safety checks.
People say that IT security is the biggest threat to business and government in the world, and perhaps they believe it. But they don't act like they believe it.
posted by Devonian at 12:30 PM on August 23, 2018 [26 favorites]
A properly configured and patched network of computers would not have succumbed to this attack. Maersk (and so many other places) did not have such a network. The problem isn't that we cannot build secure systems, it's that we cannot maintain them, either because it costs too much or because it feels like it costs too much (and 'too much' in that case may be surprisingly little). In Maersk's case, as the article notes, the IT division knew this and pushed what sounds like a sensible plan to tighten things up considerably. This was adopted but nobody was actually made responsible for doing it. It didn't get done. The ability of the body corporate to avoid making decisions it doesn't want to make is unbounded.
We won't actually get to the place were the cost of doing business accurately reflects spending money on sufficiently robust IT systems until it is legally mandated. At the moment, we're in a phase analogous in aviation to wanting bigger, faster and higher-flying planes every year and not caring if they crash every other day or just fall apart in flight. Or buying a fleet of planes and expecting them to last twenty years with no maintenance or safety checks.
People say that IT security is the biggest threat to business and government in the world, and perhaps they believe it. But they don't act like they believe it.
posted by Devonian at 12:30 PM on August 23, 2018 [26 favorites]
If the NSA exploits NotPetya used came from the Snowden leaks, I wonder whether, should he end up in US custody, this fact could be used by the prosecution to draw a precedent to Julius and Ethel Rosenberg’s H-bomb espionage, and make a case for capital charges.
posted by acb at 12:52 PM on August 23, 2018
posted by acb at 12:52 PM on August 23, 2018
Snowden didn't leak the code. It was a group called The Shadow Brokers.
posted by CheeseDigestsAll at 1:10 PM on August 23, 2018 [7 favorites]
posted by CheeseDigestsAll at 1:10 PM on August 23, 2018 [7 favorites]
Lest we forget; no one "leaked" NSA's cyberweapons. They were stolen from them and then released by a hostile foreign government as a form of hostility and humiliation. I'm still absolutely furious with NSA that they would discover these security holes and instead of work to protect American companies from them, keep them secret and develop weapons to exploit them. And then lose control of those weapons.
This is an excellent essay. It's a bit odd to have it so focused on Maersk since the larger story here is the attack against Ukraine. But it makes sense in the context that this article is one chapter of a coming book on Russian cyberwarfare.
posted by Nelson at 4:08 PM on August 23, 2018 [11 favorites]
This is an excellent essay. It's a bit odd to have it so focused on Maersk since the larger story here is the attack against Ukraine. But it makes sense in the context that this article is one chapter of a coming book on Russian cyberwarfare.
posted by Nelson at 4:08 PM on August 23, 2018 [11 favorites]
From the article linked by CheeseDigestsAll:
Countries like Israel and France are capable, but would never publish, because they wouldn’t want to incur the wrath of the U.S. Country like North Korea or Iran probably aren’t capable. (Additionally, North Korea is suspected of being behind WannaCry, which was written after the Shadow Brokers released that vulnerability to the public.) As I’ve written previously, the obvious list of countries who fit my two criteria is small: Russia, China, and—I’m out of ideas. And China is currently trying to make nice with the U.S.
I've bolded assumptions that I think are evidence of weakness in analysis and perception. Too much ideology (exceptionalism, assessment of capability by the Other, etc for instance) can be a dangerous blindspot, as dangerous as a wide open back door.
posted by infini at 12:25 AM on August 24, 2018 [1 favorite]
Countries like Israel and France are capable, but would never publish, because they wouldn’t want to incur the wrath of the U.S. Country like North Korea or Iran probably aren’t capable. (Additionally, North Korea is suspected of being behind WannaCry, which was written after the Shadow Brokers released that vulnerability to the public.) As I’ve written previously, the obvious list of countries who fit my two criteria is small: Russia, China, and—I’m out of ideas. And China is currently trying to make nice with the U.S.
I've bolded assumptions that I think are evidence of weakness in analysis and perception. Too much ideology (exceptionalism, assessment of capability by the Other, etc for instance) can be a dangerous blindspot, as dangerous as a wide open back door.
posted by infini at 12:25 AM on August 24, 2018 [1 favorite]
Finding the code untouched in Ghana was my favourite. Ghanaian lack of a UK visa added to the spice.
Not to mention that a London based crisis center where Maersk IT staffers and a Deloitte crisis team came together from all over Europe and threw around unlimited funds will not be possible post Brexit. That'll have to happen somewhere else in the remaining EU countries next time around.
posted by srboisvert at 4:35 AM on August 24, 2018 [3 favorites]
Not to mention that a London based crisis center where Maersk IT staffers and a Deloitte crisis team came together from all over Europe and threw around unlimited funds will not be possible post Brexit. That'll have to happen somewhere else in the remaining EU countries next time around.
posted by srboisvert at 4:35 AM on August 24, 2018 [3 favorites]
I work in IT and was not able to get past the first few paragraphs of this. Total nightmare fuel.
posted by Ampersand692 at 5:42 AM on August 24, 2018
posted by Ampersand692 at 5:42 AM on August 24, 2018
Indeed, in the wake of NotPetya, IT staffers say that practically every security feature they’ve asked for has been almost immediately approved. Multifactor authentication has been rolled out across the company, along with a long-delayed upgrade to Windows 10.Well.
posted by lucidium at 6:19 AM on August 29, 2018 [2 favorites]
« Older “This order of things cannot always endure.” | A Journey Through Contested Lands Newer »
This thread has been archived and is closed to new comments
posted by eviemath at 10:35 AM on August 23, 2018 [5 favorites]