This weekend my friend will be working to restore her small corner of the NHS’s systems, after it was compromised by the WannaCry malware. Across the country many other NHS staff are probably doing the same. Trying to restore vital records of our past that have been captured and held to ransom.
This was not an attack on the NHS. Calling it one is like ascribing intent to a cold virus — albeit a variant that came out of a lab. No-one pointed a weapon at the NHS and pulled the trigger. It just so happened that the NHS was particularly vulnerable to a spreading infection that could — and did — land anywhere it found the right environment.
The NHS was vulnerable for two reasons. Firstly, scale: with over 1.7 million employees, it has a huge amount of ‘surface area’ on which the virus could land. Just one person needed to click on the wrong thing and the malware had a route in. Of course, not all parts of the NHS are interconnected — something that is often a weakness was a defence in this case. But because of a large cohort of ageing and insecure machines, the malware could spread rapidly once it got inside. This was the second reason.
The mechanism for this machine-to-machine communication of the malware was something called EternalBlue. This vulnerability in the Windows operating system allowed one machine to execute code on others on the same network. Microsoft released a patch for all supported versions of Windows not long after the vulnerability came to light — when it was stolen from a cache of tools created by the NSA. But they didn’t patch really old versions of Windows and not everyone had applied the patches when the malware hit.
As usual when an event like this happens, my phone started ringing. Various radio stations wanted me to go on and explain aspects of the story. The questions they asked were interesting.
“What is bitcoin?”
The ransomware asked for payment in bitcoin, something that is still little understood by most of the public.
“Was this Microsoft’s fault?”
One interviewer was most interested in the effect this attack might have on Microsoft. Will people now look for alternative software for their desktops given the security threats to Windows? I didn’t think so. Microsoft behaved pretty well through all this and was compromised only because its own country’s government conspired to keep from it a major threat to the integrity of its product, and because its customers and partners failed (albeit often for understandable reasons) to maintain their systems.
“How can people keep themselves and their businesses safe from threats like this?”
I started answering this with the usual responses: keep backups, be vigilant etc. But after the interviews I found myself straying back to an old idea I had when speaking at a conference on the future of security a few years ago.
Our past, our memories — both personal and professional — are increasingly stored in digital form. Documents, scans, photographs, videos, audio recordings. The more we have instant recall with a few taps into a search engine — or increasingly a call out to our voice assistants — the less we are likely to store in our heads. This expands our capabilities, making us functionally bionic, but it also leaves us exposed.
Ransomware is only going to become more effective — and affecting — as a threat. Not because we store more digitally —for the fraction of the population to whom this wasn’t already clear, the damage to the NHS demonstrated quite clearly that we are absolutely reliant on digital storage. Rather, because we store less and less physically: in our heads or on other media outside of them. And because we are getting closer and closer to that digital storage, blurring the boundaries between human and machine.