Kill Switch Kill

It happens on fridays. Every friday before the cyber security folks get to go home something comes up. This week it was a worm that propagates through a vulnerability that the NSA knew existed in the Microsoft ecosystem of operating systems.

tl;dr don’t use anything written by microsoft until they become my sponsor

Seriously, many folks have been kept up over the weekend trying to figure out how two pieces of software interacted to encrypt your files and hold them for ransom. The software that infected systems globally leveraged a vulnerability disclosed by a group of hackers that stole the idea from the NSA.

The exploit was one that was “wormable,” which means that one computer could search over its LAN for another computer that it could infect. Turns out there were plenty of vulnerable computers that could be infected using the exploit from the NSA.

IMG_1424It is a sad state where national security eclipses the safety of the general population. The NSA knew something that could make microsoft products safer but didn’t tell anyone to fix bugs. This is a calculus that only surfaces during an information war. If we were not at war our government would be more interested in protecting it own citizens that its own power.

Information war involves heat
— 2nt law of thermodynamics

The kinetic aspects of a global information war are beginning to surface. When the national healthcare of england is impacted  — information has become kinetic. Many computer engineers are working to explain how this could come to be. My favorite theory is that the hackers who wrote this bit of software made two mistakes.

  • They didn’t believe that their exploit could traverse their target network. It did and went on a global jaunt though much of the developed world infection other computers.
  • They left a bit of code that checked if a domain existed, the software would stop itself. This was most probably leveraged during their testing and development cycle. This switch the could use during their testing which most likely occurred in a “sandbox” which is a network or set of machines that aren’t connected to the internet.

It was this second point that was leveraged by a security researcher that stopped the worm. When he registered the domain they found hard coded in the malware it turned off all the systems that were infected. He also got to learn where the infections were. This is one of the beautiful aspects of today’s network. By accident, someone positively effected many systems and stopped a real threat.

At best this situation appears that a small group was going to use this code to target a web hosting operation to ransom their computers. Their code got away from them and caused some real problems.

While I don’t think countries will begin turning over their zero-day exploits for the benefit of human kind. We can start the discussion of why countries should not horde exploits and the WannaCry worm appears to be an excellent example.



Categories: Cyberr

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s