Legal Geek on the WannaCry global hack

It’s nearly 10 days after the global WannaCry hack, and at Legal Geek we’re scratching our heads to work out what the real danger to emerge from this episode has really been. Is it the malware which affected 150 countries or the thinly-founded speculation and blame game which has followed?

In light of that thought, we’ve kept our summary simple.

What we know

On Friday 12 May, a global cyber attack spread across 150 countries affecting more than 200,000 organisations. In the UK, the attack affected 47 NHS trusts, leading to cancelled operations and people being turned away from A&E. According to Moscow-based cyber security agency Kaspersky Lab, the worst affected countries were Russia, Ukraine, India, and Taiwan.

The cyber attack deployed a variant of “WannaCry” ransomware which encrypts data, locks you out of your system, and demands a ransom – paid in bitcoin currency – to release it.

The attack exposed a weakness in Microsoft’s Windows XP software making organisations still running Windows XP – such as the NHS in the UK – especially susceptible to attack. We wonder if any law firms still run on Windows XP and, if they do, how well their IT Director is sleeping?  Especially scary when you consider cyber attacks on law firms have risen 60% in two years, according to PwC’s 25th annual Law Firms Survey.

Estimates so far place the pay-outs made at just over $70,000 – a paltry yield for the number of systems affected.

What we don’t know

It’s more than a week after the attack and SO many questions remain unanswered. Even a tech-savvy Miss Marple would be stuck for where to start. There is speculation of course, but as far as we can see there are no concrete answers to the following questions:

  • Who did it?
  • What was their motive and did they succeed?
  • How was the ransomware acquired?
  • Who was to blame for allowing it to happen?
  • Is it over?

What people are speculating on

We couldn’t cover this topic without highlighting the speculation, rumour and conjecture out there, but we encourage a healthy dose of scepticism to be applied to every theory.

Who did it?

Every organisation to offer a theory on who was behind the attack have caveated their findings with the words “preliminary”, “tentative” or similar. BUT, fingers have been pointed in the direction of a hacker collective behind the 2014 Sony Pictures hack which was identified by US intelligence as a North Korean government operation.

YET, chatter from US experts has also highlighted that parts of the WannaCry virus were amateurish and the payment system unsophisticated. Such a conclusion widens the net of potential hackers.

What was their motive and did they succeed?

If the aim of the hacking group or individual responsible was for monetary gain, then the hack failed spectacularly. Yet, if it were to cause havoc and fear across borders, it’s been devastating. No one can really answer this one without speaking to the group responsible.

How was the ransomware acquired?

The hegemony around this one is that the US government had identified a weakness in Microsoft’s Windows XP platform as long ago as last summer and had even developed a hacking tool to expose such a weakness. But this information was stolen by a hacking group with the theft being announced publically earlier this year. And Microsoft say that what was stolen from the US government formed the basis of this attack.

Who is to blame for allowing it to happen?

The blame game has seen Microsoft’s President and Chief Legal Officer Brad Smith say that the bulk of the responsibility lay with the US government for not informing Microsoft earlier about the vulnerability they had identified.

Smith wrote in a blog post after the 12 May attack:

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA (National Security Agency) has affected customers around the world.

“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today—nation-state action and organised criminal action.”

Is it over?

The attack has slowed down but new forms of the malware continue to be released, according to cybersecurity company Comae Technologies, whose founder Matt Suiche has claimed to have found new variants of the malware.

In addition, the initial attack was slowed down by a UK-based researcher finding the ‘kill switch’ for the virus and activating it – but if new variants of the virus can be created which eliminate this ‘kill switch’ the virus, in an updated form, could continue to spread.

More worryingly though is perhaps the precedent this attack sets and the encouragement it could give to other hackers to launch a virus of their own, for whatever motive they may have, and however twisted it may be.

Learn more about cyber security at our Legal Geek Conference.