In 1999 I traveled to Geneva in the company of a colleague to attend the Windows 2000 Deployment Conference, organized by Microsoft. Upon arriving at the airport, while waiting for hold baggage, We noticed that some of the airport monitors showed a typical error of Windows NT4.0 and 2000 at the high, something like "C ++ Library ...".

The airport was receiving thousands of nerds in the region EMEAs (Europe, Middle-East, Africa), the highest concentration of technological know-how per square meter and there was: the error unloved Windows! We think joke.

The next day, attending a conference of Mark Russinovich, a guru of Windows guts at the time, and que poured in Estabilidade (or lack thereof, like much of UNIX come at the time we knew) I had the opportunity to ask you a question, half joking half seriously, event at the Geneva airport the day before.

- "Ah e tal, Mark, then how can such a thing happen at Geneva airport, ah, ah, ah, take there, we talked about the stability of Windows ... ".

Imperturbável, Russinovich answer-me:

– “Sim, I am aware of what happened. You know that an update to that system and correcting the failure in this case can be induced by the user-programmer software, but that Microsoft wants to address, It had been published there 6 months? The problem is not Microsoft. The problem is a system made by Microsoft (or operating system) - hardware - Technical - user. These are all aspects that make the system. If one of them fails, we have problems, of course. If there is no system administrator's responsibility, if there is a process, a procedure, a work instruction that ensures system stability, there's nothing to do!”

Swallowed, ri-me and all people are riu. But for around half of 600 nerds who attended the lecture immediately sent e-mails to the team who had stayed there in the company to ask if the MS update-001-XPTO was installed. To me answered me: "No. Want to install?”. Six months behind schedule. Six months. “Sim, Quero to install ".

WannaCrypt

Comes the story on the subject of last Friday events, day 12 from May of 2017. One day no will stay in the history of technology, because the worst days will come. Do not doubt.

Since some time ago, in the community of hackers and journalists specialized in cyber security that has been talking about a possible massive attack that could compromise the Internet infrastructure, interrupting services, some more than others critical, but it will be "O" attack, a kind of Judgment Day of the Internet and Computers. Some say that last Friday events exactly constituted this global attack! Perhaps the "virus" WannaCrypt has earned its place in history. Earlier this story, at least.

Even in the midst of the drama, I notice the sense of humor our community (a TI, hackers, os pirates): WannaCypt was the name of "initiative", virus, the problem. But some variants on the name arose, como por exemplo WannaCry (you want to cry?, translation on a suitable).

What has happened?

This attack had the support base phishing technique, in which they are used seemingly innocuous objects, that lead users voluntarily but unconsciously to provide data or to run malicious software. In this case (and many others in the past), the user receives an e-mail, possibly even with the sender your name, with an attachment. To open the attachment, malicious software goes into operation - this attachment is actually the virus code (technically not a virus, but the term is used in the broadest sense). At this point two things happen simultaneously: computer disk data begin to be encrypted using a "key" known by the user and at the same time is explored a venerability of Windows operating systems, mais nas components specifically SMB, allowing the spread of the virus.

Consequences for the victims

The immediate consequence for users is the data encryption of your discs, almost impossible way to decrypt without knowing their "key". In a message on the computer, It required a "rescue" (hence the name given to this type of software: “ransomware”) from 300 American dollars. It is also given a period of 3 days to make this payment. If it is not made within that period, the "rescue" shall be 600 dollars to be paid in 7 days. If this payment is also not made, It is said by the perpetrators of the "information kidnapping" that decryption is no longer possible. Never.

As it happened?

This is the most interesting part of this whole event. How could this attack on such a scale (EUROPOL classifies it as the biggest cyber attack in history, with 230 000 computers to be infected on the first day (12 of May)?

The answer says a lot about our current dependence on technology, the widespread illiteracy of computer users and Internet, including many so-called professionals of information technology. But it says even more about the real game of cat and mouse, if you want, or put another way, the new weapons available to the nations and states (and also people, groups and companies), weapons that can stop the world.

No, is no longer science fiction. The damage caused by this seemingly "financial-abduction-of-information" (a crime with the aim of making a profit before coercion) They go beyond about 50 000€ made so far by criminals (value that would have the potential to 200 000 x 300 = 60 million on first day, but it fell far short. Ops, pirates ...).

The real losses will never be published, because commercial interests speak louder than the sharing of information. But to get an idea, in Portugal, companies such as PT, years, Vodafone, a EDP, some hospitals and many SMEs saw some of your encrypted computers from one moment to the other. Large organizations, merely in response contingency, hung networks, entire infrastructure, to quickly contain the spread. Now multiply this scenario is the rest of the world ... we can imagine the magnitude of the losses involved.

it was avoidable?

History repeats itself, with refinements update and impact. As in the history of the beginning of this article, Also now this was avoidable. I mean, more or less.

The fragility of the Microsoft operating system that was used, It was published in 14 of April, by a group of hackers who published various information about how the National Security Agency (NSA) US was to take advantage of flaws in systems to access illegally and without knowledge of anyone and information systems. But Microsoft had detected the fault, developed the fix and published an update to affected systems to ... 14 March! O attack 12 It may thus appears two months after the solution that would prevent the spread of the virus being available.

So yes, it was avoidable, at least the exponential spread of plague.

(Note to ease consciences: primary infection, However, It would not be preventable in this way. we last 3 months at least 4 My clients have seen your PC encrypted by Petya, another "ransomware" active lately. One of those customers was affected TWICE on the same computer. The technique was the same, Petya but apparently not propagated through the vulnerability now used, but only from the email infrastructure and so-called "social engineering" that requires the user unwittingly collaborate for infection).

O “aftermath”

This event gave visibility to various aspects of the widespread use of IT and Internet, cognizant of them long, suddenly are pressing concerns to address.

One of the most important, controversial and worthy of attention is the involvement of organizations intelligence or spying. first because, in the name of security, themselves use malicious software spreading it in the same way that hackers, and in the direction of all of us. What will be roughly equivalent to making or using tapping without permission of a court or use torture in interrogation of a terror suspect.

another, less evident, more related, is that the failure in Windows that allowed the spread of WannaCrypt be known NSA, long allegedly. The agency will not have disclosed the information in their own interest (to use), as we learn from another "leak". About this topic, vale a pena ler a Microsoft President's position Brad Smith.

The Hold:
issue:

A technique phishing, complemented by "social engineering", allows users of any service voluntarily provide authentication (login / password) a hackers.

countermeasure:

Do not be fooled by appearance (as in the "real world" must do the). Check the sender address. No you will legitimately send an email asking you to change the password through a "click here".

He received an email from someone you do not know, with a socially acceptable text? For example "Olá Paulo, I send you herewith the report on the first quarter sales. Take a look and tell me qq thing ", followed by an attachment. If the message does not come from someone known or if it is unexpected, wary. If you open the attachment probability then be paying $300 a hacker is high.

issue:

Fragility Operating System

countermeasure:

Keep up to date updates .... Sim, is a nuisance waiting around twenty minutes the computer turns off (or start) because it is or operating system upgrade. But that's how it works unfortunately our industry: Products do not come out perfect the first (or the second, third, ... fourth topic for another article!).

generic countermeasures

A good anti-virus

Your computer will run slower. Will have another update to regularly. You will spend more money on a software license. Believe it will want to have gone through all this as losing all the information in the case of not having this basic protection.

preventive habits

If your browser warns you that the website you want to see is not safe, not consult, for more curiosity that has.

Avoid illegal software installation. Many of the "cracks" to use software without buying contains virus, backdoors, trojans, etc. Often not the infection is immediately evident. But it will be later (anti-virus give a good support in this case).

Ended up?

No. never ends. What we can do is to mitigate the risks. online threats there will always, as there are "offline". So we vaccinate children (not all!), so there is police surveillance, intrusion alarms, doors with locks. And above all, there Law. In the case of our "online life", it is weak, recent, often based on wrong assumptions and all ineffective.

In these times when we ride the high-speed technology, social habits, legislation, politicians and all of us will have to change at the same speed.

Some links on the subject

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

https://www.theregister.co.uk/2017/05/15/wannacrypt_sitrep/

https://betanews.com/2017/05/16/symantec-wannacrypt-ransomware/

https://www.itnews.com.au/news/bigger-than-wannacrypt-attackers-use-same-nsa-exploits-to-mine-cryptocurrency-461932