{"id":5027,"date":"2017-05-27T10:41:35","date_gmt":"2017-05-27T17:41:35","guid":{"rendered":"http:\/\/occupysf.net\/?p=5027"},"modified":"2017-05-27T12:21:07","modified_gmt":"2017-05-27T19:21:07","slug":"ransomware-nsas-mess-democracy-earth","status":"publish","type":"post","link":"https:\/\/occupysf.net\/index.php\/2017\/05\/27\/ransomware-nsas-mess-democracy-earth\/","title":{"rendered":"Ransomware is NSA\u2019s\u00a0mess (democracy.earth)"},"content":{"rendered":"

\"\"<\/a><\/h2>\n

Largest ransomware attack in history, made possible by abuse of power.<\/h2>\n

Your machine is infected and infecting others, your files have been encrypted and you have a limited period of time to get them back: if you\u00a0pay.<\/p><\/blockquote>\n

By now everyone who\u2019s been online or watching TV in the last few days know about #WannaCry ransomware attack, the hijacking of files and the asking for Bitcoin to decrypt stuff in computers running on Windows, which affected up to 75 countries, companies and UK\u2019s National Healthcare Service<\/a>.<\/p>\n

Most cybersecurity experts that circulated in TV shows these days have explained very efficiently the technical aspects of the attack, somehow managing to belittle the political dimension of the event and making it an \u201cincompetent developers, evil hackers and heroic researchers\u201d drama.<\/p>\n

We think it\u2019s fundamental to highlight there\u2019s more here than anonymous hustlers and that this wouldn\u2019t be a global disaster without Microsoft and the NSA.<\/p>\n

What made such a mess possible?<\/h4>\n

The attack affects particularly Windows, the closed-source operating system which vulnerabilities the virus exploited. One specific flaw that made this attack possible was a bug in Windows\u2019 SMB file-sharing services, which had been detected by the National Security Agency<\/a> of the United States and used with the purpose of peering into people\u2019s computers. The NSA designed a tool to exploit it and extract information: Eternalblue<\/a>, which got stolen and leaked months ago, so the WannaCry authors took advantage of it. The second tool used to complete the job was Doublepulsar<\/a>, a backdoor also designed and installed by the NSA, also leaked by The Shadow Brokers<\/a>months ago. This means vulnerabilities were built in intentionally or allowed by petition (well, demand) of the the National Security Agency.<\/p>\n

The irony of a security agency making everyone more insecure; only an irony if we pretend the NSA is a security agency rather than an organism of domestic and international surveillance with the goal of accumulating power and control over citizens worldwide. Now state-funded tools for surveillance triggers a disaster in UK hospitals.<\/p>\n

\n
<\/div>\n<\/figure>\n

The ethical decision of using the knowledge programmers gain over systems is whether the know-how is used to expand and share public knowledge or to use it for control, to manipulate scarce information and trade secrets. So the meaning of the word \u201chacker\u201d is defined pragmatically by observing what effects their actions produce. In this case it\u2019s extremely important to point out that the authors of the malware are not the only hackers in this scene: Microsoft itself like several other tech companies -who, by the way, control most of the software we run on our computers- are also \u201chackers\u201d: authors of security, exceptions and vulnerabilities.<\/p>\n

When it comes to finding who\u2019s responsible, the largest ransomware attack in history is more about government agencies systematically violating privacy and companies refusing to pay proper attention to security than about extortion.<\/p>\n

\n
<\/div>\n<\/figure>\n

What can be done?<\/p>\n

Cyberattacks are neither inevitable nor incontestable.<\/p>\n

Users can fight back this and future attacks taking a couple basic preventions:<\/p>\n