WannaCry Ransomware Attack

What responsibility do intelligence agencies have to release software vulnerabilities they discover?

In 2017, a series of ransomware attacks across the world begged this question. The WannaCry ransomware took advantage of a vulnerability in Microsoft Windows computers. The vulnerability was discovered by the United States National Security Agency (NSA), who wrote a tool to spread it even more easily and kept it to themselves. This tool, Eternal Blue, was stolen from the NSA in 2016 and released onto the internet. When the NSA discovered this, they disclosed that the vulnerability had been stolen and notified Windows, which released a patch to its systems in March 2017. However, many systems didn't update and were therefore affected by the ransomware.

Ransomware holds computers "hostage"--it locks down data on computers until some set of demands are met. In the case of WannaCry, it was money; however, it can be more sinister than that.

WannaCry affected many commercial and government systems, including the United Kingdom's National Health Service and Boeing.

For more information, read: https://www.nytimes.com/2018/03/28/technology/boeing-wannacry-malware.html

Were any systems in your countries affected by WannaCry? Do you think that the NSA had a responsibility to release the bug to Microsoft as soon as they found it, protecting the systems of others from unintended consequences? Should international law prevent against countries holding cyberweapons like Eternal Blue?

Sources:

  1. https://www.cnet.com/news/wannacry-wannacrypt-uiwix-ransomware-everything-you-need-to-know/
  2. https://www.nytimes.com/2018/03/28/technology/boeing-wannacry-malware.html

Comments

  1. UnknownFebruary 15, 2019 at 1:03 PM

    A multitude of Chinese systems were affected by the WannaCry ransomware attack. It completely paralyzed an online payment system and also shut down a police department’s communication system. As a result, the China National Petroleum Corp petrol stations were only able to accept cash payments, internet systems had to be shut down at many universities, and the CNERT (national computer response body) had to urge users to install cybersecurity patches. In addition, in Taiwan’s Semiconductor Manufacturing Company (TSMC), over 10,000 of its most advanced machines were affecting and manufacturing was completely shut down. (South China Morning Post, 2017).

    China strongly believes that is was the responsibility for organizations such as the NSA to release information of the bug as soon as it was discovered. Although the bug was released by North Korea, cyberterrorism must be viewed as an international crisis, just as normal terrorism is. The international community must cooperate to help each other from similar crises, and therefore, to serve its duty to the international community, the NSA should have immediately released the information it gathered. But instead, it kept this information to itself and even helped it spread faster using EternalBlue, something China will not stand for.

    Tools such as EternalBlue should not be tolerated in other countries. Cyberterrorism must be eliminated through international cooperation, and developing cyberterrorism tools is utterly counterproductive and counterintuitive. Actions made by the NSA go against the purposes of this committee.

    The Delegation of China

    “Ransomware Hits Police and Petrol Stations in China.” South China Morning Post, South China
    Morning Post, 15 May 2017, www.scmp.com/news/china/society/article/2094291/
    chinese-police-and-petrol-stations-hit-ransomware-attack.

    ReplyDelete
  2. alison leeFebruary 15, 2019 at 2:07 PM

    This is a blatant violation of cyber sovereignty, however private companies do claim responsibility for their own security. Ideally, the government should have access to private companies' information if it could in any way provide an indirect link to government-owned or government-related information, as that falls under an attack on national security. With the government overseeing all companies' systems, there would be no need for secrecy between government and corporation and it would be in the interest of all to share any vulnerabilities in online systems.

    The Delegation of the Democratic People's Republic of Korea

    ReplyDelete
  3. UnknownFebruary 23, 2019 at 3:26 PM

    The massive WannaCry ransomware attack hit hundreds of thousands of computers from Taiwan to the United Kingdom. Despite the global nature of the attack, few networks and companies in the United States appeared to have been hit. The reason being is a combination of geography and adherence to software updates, though we are by no mean invulnerable to such attacks. WannaCry took advantage of flaws in unpatched copies of some versions of Windows, especially Windows XP. The ransomware encrypted all the files on an infected computer and demanded the equivalent of an estimated $300 in bitcoin, an untraceable digital currency, to unlock a user's data. Of the small portion that was hit in the US, was automaker Renault and US shipper FedEx. However, unlike typical ransomware hacks, which require an individual user to open an emailed attachment or click on an advertisement that contains malicious software, the WannaCry hack was able to transmit itself without the user doing anything. Due to the fact that the malware spread from unprotected network to unprotected network, it relied upon quirks of geography and topology to propagate. Networks within countries and regions tend to be more densely connected than those physically distant from each other, thus, with the largest site of infection in eastern Europe and Asia, there weren't as many jumps it could make to the US. Another reason why the US was not so hard-hit is that companies and individuals in the US are much less likely to run pirated versions of the Windows operating system. We generally pay more attention to security than other countries may and with this, US companies and individuals are more security-conscious attaining security programs that proved protective against the software.

    As a signal intelligence agency, the NSA comes across many vulnerabilities in software that it can then use to achieve its intelligence goals. This could be mission-critical for the agency. NSA did not have the responsibility to release the bug to Microsoft as soon as they found it. The NSA could not know if anyone else had found this vulnerability, or bought it. They couldn't know if anyone else was using it, unless that someone else was caught using it. When the NSA stumbles upon serious vulnerabilities that could cause devastating damage in the wrong hands, it is crucial that they act with quick and precise measures and ensure that what they have found is in fact what they believe it is to be before causing an alarm. The agency's mission is to protect the United States, and by holding on to the information of the bug, the US was doing exactly that before released by North Korea.

    International law should not prevent against countries holding cyberweapons. Assessing the legality of weapons is in the interest of all States, as it will help them ensure it acts in accordance with their international obligations. The use of cyber operations is essential as means and methods of warfare, in which those currently holding cyberweapons should be able to at their own extent without the intervention of international law.

    The Delegation of the United States

    ReplyDelete
    Replies
    1. UnknownFebruary 27, 2019 at 5:10 PM

      At this point, cyberterrorism is a global crisis that requires international cooperation. The fact U.S. intelligence services had information on this attack yet withheld it from its allies and other countries goes against the values and goals of this committee. While China may disagree with previous actions the United States has taken with this issue, it is still looking forward to working with the U.S. in hopes of tackling future attacks more efficiently, and in a way that keeps the international community aware of such information.

      -The Delegation of China

      Delete

Post a Comment

Popular posts from this blog

Is Cyberterrorism = Terrorism?

Hi Delegates! Hope your research is coming along well. In today's post, I wanted to shed light on the topic of cyber terrorism and how seriously they are considered as threats. If you can recall from the topic synopsis, it was stated that the UN still does not have a proper definition for cyberterrorism and hence why it is so imperative to discuss these issues. In an article released late last year by BBC, it was stated that the UK considers a cyber-security threat as serious as general terrorism, especially after the 600 cyber attacks that required a national response within the last year. This included the attack on the NHS in May last year that resulted in the disrupted hospital and GP appointments. So the real question is this - should every country link cyber-terrorism to the same threat level as general terrorism? Why or why not? Would it help open up the discussion on cyber terrorism? Here is the link to the article: https://www.bbc.com/news/uk-41547478 Give it a ...
Read more

Inequality in the Distribution of Military Aid

Hey delegates! As it gets closer to conference, it is very important that everyone begins to consolidate ideas and grasp a good understanding of certain aspects of the topics. For the topic of military aid, one aspect that we would urge you all to pay attention to is how countries distribute military aid. For example, as noted in our topic synopsis, the regional distribution of US aid is highly disproportionate - over half of aid goes to the Middle East, while equally tumultuous regions in Africa get less than 25 percent. We want delegates to think about the explanation for this unequal distribution of military aid, not just from the US, but from many other countries as well. In addition, I urge everyone to learn about the impacts of this unequal distribution for the regions that receive less attention. A pretty significant example of this is the famine in Somalia that peaked in 2017 and is still ongoing. The article I would like to present to you today is published by Al Ja...
Read more

Critical Infrastructure

In discussions of cyberattacks, one of the most widely-used terms is "critical infrastructure"--infrastructure that is integral in society's functioning. For example, consider the energy grid. If the power in a large city were to go out for an extended period of time, it would impact hospitals and emergency services. In the winter, a lack of heat can be life-threatening in cold areas. In fact, attacks against power grids have already begun--Russia, for example, hacked Ukraine's power grid in 2015, shutting off the power in Kiev, Ukraine's capital. Although the attacks only lasted a few hours, they demonstrated the potential of hacks against critical infrastructure and the need for strong cyber-protection ( More information on the Russia-Ukraine hack .). Other kinds of critical infrastructure include: Communications Chemicals Critical Manufacturing Dams Defense Bases Food and Agriculture Emergency Services Financial Services Healthcare Transporta...
Read more