20 May 2017

WannaCry: Ransomware Catastrophe or Failure?


Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
Wannacry (or WannaCrypt) is being called the "worst cyberattack in history" or at least the "biggest ransomware offensive in history," but those headlines just don’t line up with reality.
Despite public reports that as many as 300,000 computers in 150 countries have been infected with the malware, the normally observable pattern of delivery, destruction, and payment associated with a ransomware attack are largely missing. Phishing emails have been the primary delivery method for almost all other ransomware attacks to date. With this attack, the delivery method is still under debate but the main spreading mechanism is through Server Message Block (SMB) which is a protocol used by Windows computers to share files between each other. By invoking a flaw in SMB, a single infected computer can infect every other vulnerable machine on the same network. But is the attack size being touted in the media accurate? And is this really about ransomware?  After some very frightening initial headlines, the story just doesn't hold up to deeper inspection.
This is partly because the malware was disabled by a 22-year-old British malware researcher. Malware authors try to detect researchers by checking to see if the malware is running in a simulated network environment. One test is for the malware to ask the computer it is running on: "Can you reach this non-existent website?" If it can, then the malware can be certain it is running in a simulated network, where researchers are routing every Internet request to monitoring stations they control. (For those who do malware analysis – think ApateDNS redirecting everything to iNetSim.)
Figure 1 - WannaCry code calling non-existent domain 
Source: PhishMe
Figure 1 - WannaCry code calling non-existent domain
Source: PhishMe
By registering the "non-existent" Internet address that malware was using for its test, now every Internet user can resolve the address, which made the malware believe that everyone was in a simulated network, so they should not be infected because they were likely researchers.
The researcher, who guards his anonymity fiercely because he routinely ruins the lives of criminals, shares his intelligence here and blogged about his discovery here
The high count of "infected" computers are actually the number of computers that are asked to try to reach the formerly non-existent domain. However, analysis of the code shows that if that domain is reached, the malware simply terminates itself and offers no further risk to the computer that tried to infect itself. Perhaps these would be better counted as malware attempts rather than malware infections.
Payments Don't Add Up
The over-reporting of the malware is further confirmed by looking at the payment method. As far as researchers know, there are only three primary bitcoin addresses:
  • 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
  • 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
  • 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
After reviewing hundreds of screen shots and talking to dozens of other researchers, no one has seen another bitcoin for malware since this round of the attack began on May 12th.
By pasting the addresses above at https://blockchain.info/ you can get a screen shot that will tell you how many payments and how many bitcoins have been made to each of the addresses. For example:
(As of MAY 17, 2017 12:50 PM Eastern – 109  transactions totaling 16.75 bitcoins)
(As of MAY 17, 2017@12: 50 PM ET- 95 transactions totaling 16 Bitcoins)
(As of MAY 17, 2017 12:50 PM ET- 84 transactions totaling 11.17 bitcoins)
That’s only 288 payments totaling 43.92 bitcoins.
Bitcoin is currently trading at a near all-time high of $1,830 USDollars per BitCoin, which is about $80,000.  But if there were 300,000 victims … that wouldn’t make any sense. Certainly more than 1/10th of 1% of the victims would have paid the ransom! IBM claimed last year that 70% of companies admitted to paying ransom to get their files back.
So, $80,000 seems a bit shy of a ransomware catastrophe. Heck, Hollywood Presbyterian yielded 40 bitcoins just in a single ransomware instance in 2016. Want to discuss a ransomware catastrophe? Let's talk about Locky! Let's talk about Cerber! Let's talk about CryptoLocker! Remember that in Q1 2016 the FBI told CNN that ransomware had collected $209 million in ransom fees just that quarter.
WannaCry isn't even close. Sure, a handful of companies that didn't patch their Windows systems got hit hard, but organizations that were broadly impacted were, in many cases, using outdated, unsupported computers that were not patched.
Where are the ‘Mixers?’
The other interesting thing is that the criminals who steal money via Bitcoin normally immediately begin the process of laundering their Bitcoin by using online services called “mixers,” or by gambling with the money in Bitcoin casinos that also act as mixers. Bitcoin tracking services, such as Elliptic, a company that helps law enforcement de-anonymize Bitcoin, confirm that they can find no evidence of the Bitcoin received from ransomware victims being spent or cashed out.  It is likely that the criminals are too frightened to touch their ill-gotten gains knowing that there has never been closer scrutiny on a Bitcoin Wallet than there is right now.
Or is it possible that there is no financial criminal planning to make money from this attack? Could this be merely an attempt to discredit the U.S. intelligence agency, the NSA? Part of the drama about the attack is that, according to Russian security firm Kaspersky Lab, and confirmed by others, the ransomware spreads via an SMB exploit originally created by the NSA under the code name "EternalBlue" and leaked to the world by "Shadow Brokers" back on April 14th, a month after Microsoft patched the underlying vulnerability, known as MS17-010. Because Windows XP has gone through "end of life," security patches were no longer being created for XP, which is part of why XP systems have been said to be infected at a far greater rate than other Windows operating system versions. Microsoft has now issued an Emergency Patch for XP.
A Warning Shot
Whenever the entire world freaks about security, we have an opportunity as security practitioners. When every CEO, CSO, CISO, CIO and CRO on the planet is thinking about a cyberattack, there will certainly be questions asked such as, “Would this have impacted us?” or “Do you need anything to be safer?” This is not the time to go buy a new shiny toy to put on your shelf, but it is time to review your security practices.
In this situation, a March 14th 2017 patch would have saved your organization from a May 12th cyberattack. What is your timeline for implementing an urgent cybersecurity patch globally within your organization?  If it is less than two months, use this as an opportunity to improve that timeline.
In this situation, Windows XP within your network could have a devastating impact. Use this as a time to fight. Whatever reason someone has given to you that defended, "why we still must have XP" – fight them on it. Use this as an opportunity to insist that obsolete software be migrated away. If it’s a budgetary constraint, demand the budget. If it’s considered an irreplaceable piece of legacy special-purpose hardware, demand a replacement anyway, or a thorough penetration test to prove that your Windows XP is truly network-isolated from everything.
Remember that most of the ransomware that is actually being paid out is still being delivered by phishing email. Make sure that your employees know what to do when they see a suspicious email. If you don’t have a way to convert your employees from "the weak spot on the chain" to empowered "security sensors" feeding internal attack intelligence to your response teams then review your internal practices.

** What is Known and Unknown about Changes to the PLA’s Ground Combat Units

By: Dennis J. Blasko

The long-awaited changes in the operational and tactical units of the People’s Liberation Army (PLA) have begun with a formal announcement by President Xi Jinping in April 2017. After initiating major reforms in late 2015 and throughout 2016, the Central Military Commission (CMC), service headquarters, and military regions (now theater commands) have been reorganized resulting in the reallocation of many personnel and the demobilization of an unknown number of active duty personnel. But, as part of the ongoing 300,000 man reduction, even larger cuts in personnel will follow as headquarters and units at corps/army-level and below are eliminated, re-subordinated, or restructured.

By 2020, when the structural changes now underway are scheduled for completion, the PLA should number two million active duty personnel. Though the reforms since 2015 are the most significant set of changes for the PLA since the 1950s, they are but an intermediate step, the 2020 milestone, in the PLA’s “three-step development strategy” initially announced in 2006. The strategy’s final goal was modified in 2008 and defined as “reach[ing] the goal of modernization of national defense and armed forces by the mid-21st century.” [1] As such, more adjustments to the PLA’s structure and capabilities can be expected over the next three decades as technology improves and China’s domestic and the international situations change. Throughout this process the reforms will be evaluated to determine if they meet the objectives of building a strong military to defend China’s core security requirements, capable of deterring and winning informationized wars, and accomplishing a variety of military operations other than war such as anti-terrorism, internal stability maintenance, disaster relief, and international peacekeeping and humanitarian relief operations (MOD, May 26, 2015).

** China’s “Belt and Road” Initiative Must Become a Strategy

On May 14, President Xi Jinping of China will welcome 28 world leaders to Beijing to discuss the most ambitious and least understood initiative in global affairs: the Belt and Road. The effort is bold and has been compared to a traditional Chinese painting made with broad brush strokes. Through new overland and maritime connections, it aims to put China squarely at the center of global economic affairs. Like a painting of the same style, it also begins to lose focus when viewed up close, raising questions about its drivers and ultimate implications.

The Belt and Road is a masterpiece hanging in today’s global affairs gallery. Stagnation has been a watchword for the global economy since 2008, but it also partially describes the foreign policy realm. Lackluster growth, political cycles, and geopolitical crises have relegated states to postures that are more reactive than proactive and, in many cases, more focused internally than externally. What President George H.W. Bush once called "the vision thing” has never been easy, but with lower growth, executing big ideas has only become more difficult.

In contrast, the Belt and Road is the most ambitious geoeconomic vision in recent history. Spanning an estimated 65 countries, it can claim to cover roughly 70 percent of the world’s population. It could include Chinese investments approaching $4 trillion, of which nearly $900 billion in deals have been announced. It intends to strengthen hard infrastructure with new roads and railways, soft infrastructure with trade and transportation agreements, and even cultural ties with university scholarships and other people-to-people exchanges. In all these ways, when much of the West is looking inward, China is connecting with the world.

** Globalization’s ongoing challenge

The short-term nature of election cycles coupled with tough tariffs and foreign subsidy programs are just some of the factors that have led to the globalization quandary, particularly in emerging markets. In this interview with McKinsey’s Rik Kirkland, global economist and author Dambisa Moyo discusses the current state of globalization and what can be done to better deliver on its promises. 

I think that there are good reasons for people to feel aggrieved, and I think that a lot of people feel that globalization has not delivered on its promise to “lift all boats.” And therefore, in a nutshell, it is broken. 

Broken promises 

In order to think about whether or not globalization is broken, I think it’s important for us to remember what was promised around the Washington Consensus. And there were essentially four pillars of the Washington Consensus. 

One was around trade—free trade of goods and services. Two, the free movement of capital across border capital flows. Number three was about immigration and the ability for free movement of people. And finally, the size of government. And for each of these, I would argue, we’ve seen a number of failures over time. 

An India-Russia corridor could be New Delhi's answer to China's OBOR

In this photo released by Xinhua News Agency, Chinese President Xi Jinping, center, and countries' leaders and delegates attending the Belt and Road Forum pose for a group photo on stage at the China National Convention Center in Beijing (Photo: AP/PTI)

Does India have an answer to China's 'One Belt, One Road' (OBOR) project and its contentious component, the China-Pakistan Economic Corridor (CPEC)? Only time will tell. However, India is a founding member of the International North-South Transport Corridor (INSTC), a multi-nation project to create transport and logistics infrastructure akin to OBOR.

INSTC's significance might have just gone up as India expressed its reservations against OBOR, refusing to attend China's Belt and Road Forum summit on Sunday following concerns regarding sovereignty over the CPEC. With China moving ahead and securing the endorsement of even the US, the European Union and Asian rival Japan for its initiative, India should lay emphasis on its own transport and trade corridor project. 

CPEC: Where A State Created In The Name Of Islam Hands Itself Over To A Godless Regime

Jai Menon

On 15 May, Pakistani newspaper Dawn published details of what it said was the China-Pakistan Economic Corridor (CPEC) Master Plan. Whether it is accurate, or authentic, remains open to question, but there have been enough reports in the Pakistani media to suggest a lot of it is indeed accurate.

How incredible that Pakistan is in such a state of denial and wretchedness that its military is even considering this “master plan” as a legitimate way forward for the country. Observe the blindness of the "leadership": it is handing the country over to the tender affections of China, which has just put restrictions on the use of the name "Mohammed" on its territory, the prophet of the religion in whose name Pakistan was created; not to mention that the Father of Pakistan was himself named Mohammed.

Still, never mind the symbolism. Let us say that the military establishment (and it is the military leading this effort with the politicians in tow) is acting for strategic gain. Let us assume that pragmatism prevails over Islamist posturing in this case. Pakistan has done that many times before, when its military-bureaucratic elites have smelled the American greenback. Now they are sensing the same thing, from China, the self-declared “iron brother” which has described the Sino-Pak relationship as “sweeter than honey”.

Don’t Fear Pakistan’s Participation in China’s ‘New Silk Road’


Almost 30 heads of state will gather in Beijing this weekend for the “Belt and Road” Forum, the annual conference about the Chinese mega-project to build highways and railroads to the farthest parts of the Eurasian land mass. By some measures, it’s China’s biggest diplomatic event of the year. But the United States and many of its allies will send junior delegations — and India will be conspicuously absent. This reflects caution, if not outright apprehension, about the overall Belt and Road Initiative, and in particular the $50 billion “flagship” portion called the China-Pakistan Economic Corridor, or CPEC.

While CPEC reveals China’s model for geopolitical influence, U.S. policymakers need not overreact nor feel compelled to counter it. There are essentially two possible outcomes: success or failure. Either could advance or create opportunities for the United States.

The apprehension turns on worries that CPEC may increase support of Pakistan’s civil nuclear program, help China expand its naval presence in the Indian Ocean, and generally undermine south Asian stability by emboldening Islamabad to aggressive behavior or even fostering a “quiet cold war” in India-China relations.

CPEC Is China’s Plan To Make Pakistan A Client State, But Latter Will Pay For The Privilege


Beginning with the economic corridor, China plans a virtual colonisation of Pakistan. As a result, not only does India have to worry about Chinese might on its northern and eastern borders, but also its western one. 

Pakistan’s Dawn newspaper has revealed key details of the China-Pakistan-Economic Corridor (CPEC) which make China’s hidden intentions quite clear: it plans to reduce Pakistan to a vassal state, by promising economic gains to that country in lieu of greater Chinese control of that country’s economic direction. Given the congenital nature of Pakistan’s animosity to India, the chances are it will ultimately buy the Chinese idea. Hate means a willingness to sell yourselves to the devil.

CPEC is not just about building roads and infrastructure, but taking over “thousands of acres” of Pakistani agricultural land for “demonstration projects”, creating a “full system” of monitoring and surveillance for major Pakistani cities from Peshawar to Karachi, and a free run for Chinese propaganda through Pakistani TV, delivered through fibre optics cables.

Countering Insurgencies, Terrorism and Violent Extremism in South Asia

Shanthie Mariet D’Souza

South Asia continues to remains a hotbed of various forms of extremism. Indiscriminate violent terrorism with a strong religious overtone claims the highest number of victims, most notably in Pakistan and India. Islamist Jihadi movements backed by external actors keep the state of Jammu and Kashmir on a boil. Globally inspired Jihad in search of a shariah-ruled state has recurrently raised its head in Bangladesh. Linkages with global jihad and movements that have rallied support to an anti-West platform have escalated their violence potential. They remain a threat not just to the region but have demonstrated an inclination to network with groups having a trans-regional agenda.

Beyond violent radical Islamist upheaval, there are insurgencies with secular political demands ranging from secession to varying levels of autonomy. The LTTE in Sri Lanka has been militarily defeated. The Maoists in Nepal have learned to be a part of the democratic process they rebelled against and yet have continued until recently to use terrorism as method of violence. In the Indian context, insurgencies continue in the northeastern region as do Maoist efforts in several of its states. In Afghanistan and Pakistan there is a proliferation of armed groups with transnational linkages. Notwithstanding the improved security situation translating into a decreasing number of violent incidents and fatalities, the ability of these armed groups to orchestrate violence remains a serious challenge. This is partly due to their continuous effort to innovate and also linked to the proliferation of capacity enhancement techniques by groups worldwide.

The United States Is Losing Asia to China


With Washington in disarray, the Belt and Road Forum kicking off this weekend in Beijing should be a blaring wake up call that U.S. leadership in Asia is in peril. For two days, China will play host to more than 1,200 delegates from 110 countries, including 29 heads of state. The event will be centered on China’s “One Belt, One Road” program — more recently rebranded as the “Belt Road Initiative” (BRI) — which aims to provide much-needed infrastructure to connect Asia, the Middle East, and Europe.

Announced by Chinese President Xi Jinping in 2013, BRI is nothing if not ambitious, with plans to involve upwards of 65 countries and marshal in the neighborhood of $1 trillion. While skepticism is warranted about the novelty, value, and feasibility of many of the proposed projects, leaders around the world — with nary a better prospect of satisfying their development needs — are pining to take part. This is only the latest manifestation of Chinese leadership at a time when U.S. commitment to the region is less certain than ever.

Confirm Mark Green as USAID Administrator

When President Donald Trump nominated Ambassador Mark Green to run USAID on Wednesday, it was the absolute best choice…

Who’s Who in Syria’s Civil War

Zachary Laub

Syria’s civil war has grown ever more complex in the six years since protesters first challenged the government. President Bashar al-Assad aims to reassert control nationwide, while predominantly Sunni Arab opposition forces seek to wrest the state from him. The diverse groups making up the opposition, however, differ on their visions for a post-Assad state, with their ostensible aims ranging from liberal democracy to theocracy.

Unlike Assad and the opposition, the self-proclaimed Islamic State is intent on erasing Syria’s borders to establish a state of its own in territory spanning parts of Iraq and Syria. Kurdish militants, who have fought to establish an autonomous, if not independent, national homeland in the country’s northeast, are the group’s primary foe.

The fight has been further complicated by outside powers who have funded and armed combatants and, in some cases, backed them with air support or manpower. Outgunned by pro-regime forces, many opposition groups have aligned with jihad factions.

By 2017, tens of thousands of combatants were involved in the fighting. Up to half a million Syrians have been killed, most by pro-regime forces, and more than half the country’s prewar population of some twenty-two million has been displaced. The armed groups have been marked above all by flux—in their membership, capabilities, alliances, and ideologies. Broadly speaking, they each belong to one of four networks. 
Pro-Government Forces 

The Ten Main Defense Challenges Facing Macron´s France

by the War on the Rocks,

OK, so what are going to be President Macron’s primary security challenges? According to Jean-Baptiste Vilmer, they include 1) funding France’s growing defense needs; 2) adapting or replacing Operation Sentinelle, the domestic protection program put in place after the 2015 terrorist attacks; 3) renewing two component’s of France’s nuclear forces; 4) confronting Russia’s “strategies of influence”; 5) preserving Euro-Atlantic unity, and much more. 

Emmanuel Macron will be the next president of France. For the first time in the history of the Fifth Republic (since 1958), both final candidates were outside the bipolar, mainstream left-right party system. The winner, France’s youngest-ever president, has never held elected office before, and is not a member of any political party. That is indeed a political “revolution” — the title of his campaign book.

Now is the time to consider the main defense challenges France will face with Macron at the helm. Although the unexpected twists and turns of recent history demand a certain humility when making forecasts, one can still wager that geopolitics will remain eventful over the next five years. Below are the ten main defense challenges, in no particular order, that await the presidency of Macron.



Varoufakis is the former Greek finance minister (January to August 2015) who became infamous for his unconventional style when he led his country’s debt negotiations with the European establishment. He is, it is fair to say, a very polarizing figure: Like Russell Brand, he is loquacious and loves peacocking. Like Donald Trump, he is arrogant and narcissistic. But he is also a well-regarded economics professor and self-confessed Marxist.

Hence, we are obliged to pay attention and Adults in the Room does not disappoint. It is a fascinating insight on a host of levels: From an international politics point of view, it really challenges those old political debates of who is in charge of a country. And what are the real intentions during political decision-making?

Varoufakis begins his story in a Washington meeting with Larry Summers, the former secretary of the treasury. Summers asks him point blank: Do you want to be on the inside or the outside? “Outsiders prioritise their freedom to speak their version of the truth,” Summers explained, “The price is that they are ignored by the insiders, who make the important decisions.”

Defence policy has to be a joint effort between civilians and the military

Srinath Raghavan

Speaking to a military audience in 1973, the eminent war historian Michael Howard said that he was tempted “to declare dogmatically that whatever doctrine the Armed Forces are working on now, they have got it wrong.” But he went to add: “It does not matter that they have got it wrong. What does matter is their capacity to get it right quickly when the moment arrives”. I was reminded of this speech after reading the recently unveiled Joint Doctrine for the Indian Armed Forces. The first such doctrine to be published by the Indian military, it has been panned by many perceptive analysts of military affairs. 

All the same, the doctrine is an important attempt by the armed forces to inform and influence public debates on strategic issues. From this standpoint, the most curious part of the document is an appendix on “Civil-Military Relations”. These couple of pages lay out the military’s perspective on what is wrong with our existing institutional arrangements of civil-military relations and how to set it right. 

The Army Wants to Let Troops off the ‘Digital Leash.’ That’s Easier Said Than Done.


Gen. Mark Milley’s injunction against IT-enabled micromanagement will require leaders at all levels to re-think what it means to be part of the profession of arms. 

Troops in future wars will have to think and act independently, especially as adversaries like China, Russia, and Iran undercut American technological superiority with cyber warfare, jammers, and anti-satellite weapons. Army Chief of Staff Gen. Mark Milley knows this, which is why he recently castigated Army leaders’ tendency to use sophisticated information technology to micromanage troops.

It’s a noble goal, to be certain. But separating subordinates from the so-called “digital leash” works against several broad trends.

Historically, every improvement in information technology has led tomore centralized and direct control—a phenomenon observed both on the battlefield and in business. Prussian generals griped about constant telegrams from higher headquarters during the 19th century. Ditto for American GIs and radios during the Second World War. Today, satellite communications and surveillance drones allow so-called “tactical generals” to bypass several layers of leadership and send orders to individual soldiers on the battlefield.

Reform of the Global Energy Architecture

David Goldwyn, Phillip Cornell 

This report focuses on the current state of international energy governance and whether the overarching global energy regime should be reformed. After exploring these topics in detail, the text’s authors conclude that 1) there is no consensus on the direction of transnational energy policy and governance; 2) the governance structures that do exist don’t always reflect contemporary realities and have obvious capability gaps; and 3) for several reasons, the sheer number of initiatives now competing to shape the world’s energy architecture aren’t necessarily a bad thing. Finally, the authors close their analysis by providing policy options for those in the US government who work in the international energy governance field.


Mining for growth

David Hunter: Hello and welcome to this edition of the McKinsey Podcast. I’m David Hunter, an editor with McKinsey Publishing. Today we’re going to talk about mining—one of the most cyclical, most capital intensive, and to my mind, most fascinating of all industries. With me here to discuss the issues are McKinsey partner Chris Mulligan and senior expert Mukani Moyo. Chris, for listeners who don’t closely follow the mining sector, can you start by setting the scene? 

Chris Mulligan: Over the course of the past 15 years, the most pronounced trend has been what people call the supercycle, which was a Chinese-demand-driven desire for more commodities as they continue to industrialize their country. And that had a lot of effects. 

It was a little unexpected how quickly demand grew. And even though China is a resource-rich country, the amount of extra coal, iron ore, and copper, as well as a bunch of other commodities that China needed to consume in order to grow at the rates that it wanted to, entirely outstripped its own national ability to serve their own demand. It created a large global demand for many commodities, which others then scrambled to provide. 

Article McKinsey Quarterly May 2017 Pushing manufacturing productivity to the max By Robert Feldmann, Markus Hammer, and Ken Somers

Many companies do their best to optimize production processes using established rules of thumb or incomplete data. But at the end of the month or reporting period, they often discover sizeable gaps between actual profits and what they had expected. In our experience, that is because they typically lack precise-enough measures to understand the small, real-time variations in process flows and manufacturing steps that cumulatively erode returns at facilities such as mines, steel mills, or other manufacturing plants. This information, moreover, is rarely shared quickly enough for managers to respond in the tight time frames required.

Our work across a number of industries suggests that companies can eliminate these profit-draining variations, as well as speed up reaction times by using advanced data analytics combined with upward cascades of data to manage performance. A metric we have termed profit per hour—which in an earlier article we described as a way to improve resource productivity—provides a much more exact view of fluctuations in the operating environment and a much better means of communicating the implications to top managers.
Extending the measurement frontier

Is NSA Behind Bitcoin Price Drop and Global Cyber Attack?

By Evander Smart 

On Friday Bitcoin suffered one if it’s steepest declines in months, losing over 10% of its market value after three straight weeks of massive gains. The question is why? The answer may lie within “The Deep State,” or more specifically, the NSA.

Yesterday, an epic cyber attack was waged in nearly 100 countries worldwide, an attack that may have been the largest of its kind. The ransomware attack encrypted files of all those who received it, affecting an estimated 125k computers worldwide. The ransomware program, known as “WannaCry”, demands $300 USD in Bitcoin for the keys to decrypt the computer’s files. The byproduct seems to have been a devaluing of Bitcoin around the world that exceeded 11%. The timing of the attack coincides with the drop in Bitcoin market value.

Ransomware: The smart person's guide

By James Sanders 

In the past, security threats often involved scraping information from systems that could be used for other crimes such as identity theft. Now, criminal organizations have proceeded to directly demanding money from victims by holding their devices—and data—hostage. This trend of ransomware, in which data is encrypted and victims are prompted to pay for the key, has been growing rapidly since late 2013.

TechRepublic's smart person's guide about ransomware is a quick introduction to this security threat, as well as a "living" guide that will be updated periodically as new exploits and defenses are developed.

Executive summary 

What is it? Ransomware is malware. The hackers demand payment, often via Bitcoin or prepaid credit card, from victims in order to regain access to an infected device and the data stored on it. 

Why does it matter? Because of the ease of deploying ransomware, criminal organizations are increasingly relying on such attacks to generate profits. 

Who does this affect? While home users have traditionally been the targets, healthcare and the public sector have been targeted with increasing frequency. Enterprises are more likely to have deep pockets from which to extract a ransom. 

How the WannaCry Attack Will Impact Cyber Security

The worldwide cyber attack that began last Friday and goes by the name of “WannaCry” has highlighted the need for governments and businesses to strengthen their security infrastructure, in addition to calling attention to the need to mandate security updates and educate lawmakers about the intricacies of cyber security.

At last count, WannaCry had affected more than 230,000 users in some 150 countries. Prominent among the victims of the attack are the National Health Service (NHS) in the U.K., which found many operations disrupted and had to divert patients to other facilities, Spain’s telecom company Telefonica, U.S.-based FedEx and organizations in South America, Germany, Russia and Taiwan. Aside from FedEx, the U.S. was surprisingly spared, thanks to an alert researcher who discovered a “kill switch,” or a way to contain the spread of the attack. The hackers behind the attack have been demanding ransoms of $300 in bitcoins from each affected user to unscramble their affected files with threats to double that if payments are not made within 72 hours.

Meanwhile, threats of similar – or perhaps worse – attacks have continued to surface. “This was not the big one. This was a precursor of a far worse attack that will inevitably strike — and it is likely, unfortunately, that [the next] attack will not have a kill switch,” said Andrea M. Matwyshyn, professor of law and computer science at Northeastern University. “This is an urgent call for action for all of us to get the fundamentals finally in place to enable us to withstand robustly this type of a crisis situation when the next one hits.”

U.S. Diplomacy Options for Security & Adaptability in Cyberspace

By Matthew Reitman

National Security Situation: U.S. competitors conducting national security activities in cyberspace below the threshold of war aka in the “Gray Zone.”

Background: State actors and their non-state proxies operate aggressively in cyberspace, but within a gray zone that violates international norms without justifying a “kinetic” response. Russian influence operations in the 2016 U.S. election were not an act of war, but escalated tensions dramatically[1]. North Korea used the Lazarus Group to circumvent sanctions by stealing $81 million from Bangladesh’s central bank[2]. Since a U.S.-People’s Republic of China (PRC) agreement in 2015 to curb corporate espionage, there have been 13 intrusions by groups based in the PRC against the U.S. private sector[3]. The State Department has helped to curb Islamic State of Iraq and Syria propaganda online via the Global Engagement Center[4]. The recent creation of another interagency entity, the Russia Information Group, suggests similar efforts could be effective elsewhere[5].

The State Department continues to work towards establishing behavior norms in cyberspace via multilateral channels, like the United Nations Group of Governmental Experts, and bilateral channels, but this remains a slow and tedious process. Until those norms are codified, gray zone activities in cyberspace will continue. The risk of attacks on Information Technology (IT) or critical infrastructure and less destructive acts will only grow as the rest of the world comes online, increasing the attack surface.

Stop Blaming the NSA for the Ransomware Attack


An inside look at how the intelligence community deals with the exploitable software bugs it finds.

Friday’s global ransomware attack has reignited the debate about how the U.S. intelligence community conceals or reveals knowledge about critical software bugs. As confirmed by a former NSA official, WannaCry exploited a vulnerability stockpiled by the agency and exposed in last year’s Shadow Brokers dump. But how much blame should the NSA bear for WannaCry’s rampage across 200,000-plus computers in 130 countries?

On the one hand, the intelligence community really does keep a trove of zero-day bugs. Spies need them to intercept communications — and much more, according to Michael Daniel, an Obama-era White House cybersecurity coordinator.

“Disclosing a vulnerability can mean that the U.S. forgoes an opportunity to collect crucial intelligence that could thwart a terrorist attack, stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks. So automatic disclosure is not always the right policy choice,” said Daniel in an email to Defense One.

Yet the notion that the NSA simply hoards every bug it discovers is false. Since July 2011, Daniels said, representatives from various agencies and departments have periodically assembled to discuss newly discovered bugs and vulnerabilities. They vote on each one: reveal or conceal?

NHS cyber-attack: GPs and hospitals hit by ransomware

Media captionThe ransomware involved has been defeated before, reports the BBC's Chris Foxx

NHS services across England and Scotland have been hit by a large-scale cyber-attack that has disrupted hospital and GP appointments.

The prime minister said the incident was part of an untargeted wider attack affecting organisations globally.

Some hospitals and GPs have been unable to access patient data, after their computers were locked by a ransomware program demanding a payment worth £230.

But there is no evidence patient data has been compromised, NHS Digital said.

The BBC understands about 40 NHS organisations and some GP practices have been hit. The NHS in Wales and Northern Ireland has not been affected.

There is no indication of who is behind the attack yet, but the hackers demanded their payment in the virtual currency Bitcoin, which is harder to trace.

Prime Minister Theresa May said: "This is not targeted at the NHS, it's an international attack and a number of countries and organisations have been affected."

Microsoft’s Response to WannaCrypt

By Herb Lin

In a recent blog post, Microsoft argued that the use of a vulnerability for Windows XP stolen from the NSA and released by the Shadow Brokers has caused widespread damage in the public domain, and the lesson that governments should learn from this incident is that government stockpiling of vulnerabilities that might be inadvertently revealed presents a hazard to safe computing around the world.

It’s certainly fair to suggest that the risks of government stockpiling vulnerabilities present a downside risk to safe computing that needs to be taken into account in deciding whether or not to reveal vulnerabilities to vendors so that they can be fixed. But the Microsoft statement implies that the only reasonable outcome of such a decision is to reveal vulnerabilities, and that doesn’t follow at all. That downside risk does add some additional weight to that side of the argument, but in any given instance, it might not be sufficient to tilt the scale in that direction depending on the weight on the other side of the argument.

Here’s what the world will be like in 2045, according to DARPA’s top scientists

Paul Szoldra, Tech Insider

Predicting the future is fraught with challenges, but when it comes to technological advances and forward thinking, experts working at the Pentagon's research agency may be the best people to ask.

Launched in 1958, the Defense Advanced Research Projects Agency is behind some of the biggest innovations in the military — many of which have crossed over to the civilian technology market. These include things like advanced robotics, global-positioning systems, and the internet.

It's pretty likely that robots and artificial technology are going to transform a bunch of industries, drone aircraft will continue their leap from the military to the civilian market, and self-driving cars will make your commute a lot more bearable.

But DARPA scientists have even bigger ideas. In a video series from October called "Forward to the Future," three researchers predict what they imagine will be a reality 30 years from now.

Dr. Justin Sanchez, a neuroscientist and program manager in DARPA’s Biological Technologies Office, believes we'll be at a point where we can control things simply by using our mind.

Spying made simple: Hackers using old tools against government computers

by Raphael Satter

PARIS (AP) — A Romanian security firm says it has discovered a ring of digital spies using bottom-rung tools to break into hundreds of government computers. The find suggests that you don’t necessarily need sophistication to steal secrets.

Bitdefender analyst Bogdan Botezatu said the previously undiscovered hacking group flew under researchers’ radar by using well-worn electronic espionage techniques, some more than a decade old.

He told The Associated Press in a telephone interview that the group’s “simplicity is its strength.”

Botezatu wouldn’t be drawn on the group’s identity or its targets beyond saying that victims included a slew of government agencies. He said he needed to be discreet to avoid disrupting ongoing investigations.

The group, dubbed Netrepser, is dissected in a 20-page report published Friday.

Attempts to reach the hackers were unsuccessful.

What next for blockchain?

Bitcoin isn’t mainstream yet, and some skepticism of the digital currency remains. But the buzz surrounding the technology underlying it—blockchains—has started to take a different tone. Blockchain, headquartered in Luxembourg, is a company that provides a software platform for digital assets. Its product offerings are on the forefront of advancing blockchain technology. In this interview with McKinsey’s Rik Kirkland, Liana Douillet Guzmán, senior vice president for growth, discusses what areas are ripe for development and how the story is changing. An edited version of her remarks follows.

I think it was Time magazine in maybe 1994 had a cover on the Internet, and it was all about how it was for the dark net. That was very much the Bitcoin story a year ago. I’m finding we’ve matured out of that story. People are realizing that anything can be used for illicit means. But actually, this is not the ideal thing to use for illicit means, because though it is private, it is fully traceable.

Blockchain technology is a distributed ledger. It allows for the permanent and immutable transparent recording of data, essentially, and transactions specifically. That can be used to exchange any number of things that have value, whether that’s an actual item [or something else]. It could be tea leaves making their way to the final tea maker. Or it could be me sending you a payment person to person without the need for intermediaries.