Forum adverts like this one are shown to any user who is not logged in. Join us by filling out a tiny 3 field form and you will get your own, free, dakka user account which gives a good range of benefits to you: No adverts like this in the forums anymore. Times and dates in your local timezone. Full tracking of what you have read so you can skip to your first unread post, easily see what has changed since you last logged in, and easily see what is new at a glance. Email notifications for threads you want to watch closely. Being a part of the oldest wargaming community on the net. If you are already a member then feel free to login now.

I wonder who was behind it?

http://www.bbc.com/news/world-europe-39907965

A cyber-attack that hit organisations worldwide including the UK's National Health Service was "unprecedented", Europe's police agency says.

Europol also warned a "complex international investigation" was required "to identify the culprits".

Ransomware encrypted data on at least 75,000 systems in 99 countries on Friday. Payments were demanded for access to be restored.

European countries, including Russia, were among the worst hit.

 Ratius wrote:
I wonder who was behind it?

We don't know, but according to The Guardian, its the Tories fault it happened.

https://www.theguardian.com/society/2017/may/13/jeremy-hunt-ignored-warning-signs-before-cyber-attack-hit-nhs

In Spain it affectet some of the bigger telecomunication business, Telefónica for example.

Supossely, the hackers where chinese, and they blackmailed Telefonica and others, looking for Bitcoins instead of dollars or other currency.

Nobody's blamed Putin and his shadowy army of "Russian Hackers" yet?


Automatically Appended Next Post:

 Orlanth wrote:

 Ratius wrote:
I wonder who was behind it?

We don't know, but according to The Guardian, its the Tories fault it happened.

https://www.theguardian.com/society/2017/may/13/jeremy-hunt-ignored-warning-signs-before-cyber-attack-hit-nhs

Doesn't The Guardian blame the Tories for everything?

This seems to have just been an opportunistic of a vulnerability with no real aim that managed to get in before some people had the chance to apply security patches. Unfortunately this takes time. What government ministers and the media don't seem to understand is it's not quite like your home PC where you get a pop up and press "yes. Update now"

 Orlanth wrote:

 Ratius wrote:
I wonder who was behind it?

We don't know, but according to The Guardian, its the Tories fault it happened.

https://www.theguardian.com/society/2017/may/13/jeremy-hunt-ignored-warning-signs-before-cyber-attack-hit-nhs

Well, give that the reason it has been so widespread is the NHSs reliance on old software, because of the cost to get it rewritten, and the Torres have been responsible for NHS funding for the past 7 years, it doesn't seem unreasonable to place a significant chunk of the blaim on them.

There is also a significant part of the blaim that needs to be placed on the NSA for being aware of the vulnerability and keeping it for their own uses. I hope the Tories learn that their wish for intentional back doors in security and encryption is a monumentally stupid idea and this is why.

Private Eye,18 April 2014.

Ha! The the old civ service. Light years behind everyone else when it comes to cyber security. And that includes my ape-like knowledge of security.

Whilst in some ways accurate, it makes the same mistakes as the MPs and media have. It's not the PCs that is the problem, or the IT staff. No one likes supporting old kit, especially stuff that gaks it's pants every so often and needs to be reinstalled like old XP. The problem is that the NHS has so much software that has been written for it at great cost, which only works on XP. The IT support will have tried to get rid of all of it, but been told by the business there is no choice as they need the software and can't afford to get it rewritten. Identifying and rplacing the XP PCs is reasonably easy (if expensive). Replacing the specialist software that only runs on XP less so.

Replacing often costs much more than just introducing something new with small stuff. Between trying to replicate the functionality of the original, meeting the expectations of more modern software and doing data migration, all whilst your users expect you to just diliver it, perfect, with no input on their part and often very little documentation from the original developer (developers are gaks for writing stuff then walking away without doing the documentation). Not easy. This is why my boss try's to insist on shrink wrap products only, but the business always wants something changing.

 Steve steveson wrote:
Whilst in some ways accurate, it makes the same mistakes as the MPs and media have. It's not the PCs that is the problem, or the IT staff. No one likes supporting old kit, especially stuff that gaks it's pants every so often and needs to be reinstalled like old XP. The problem is that the NHS has so much software that has been written for it at great cost, which only works on XP. The IT support will have tried to get rid of all of it, but been told by the business there is no choice as they need the software and can't afford to get it rewritten. Identifying and rplacing the XP PCs is reasonably easy (if expensive). Replacing the specialist software that only runs on XP less so.

Very true. I did some work for a major UK bank a few years ago who still used IE6 as a corporate browser because of legacy systems that depended on it.

As a service delivery manager it makes my teeth itch every time I go in a bank and see my financial data being handled on software with a GUI with late 90s design.

My brother-in-law's first computer engineering job in the late 1990s was rewriting legacy COBOL programs from the 1960s to avoid Millennium bug problems.

To be fair to the NSA, Microsoft released a patch for this particular vulnerability two months ago.

Galas wrote:In Spain it affectet some of the bigger telecomunication business, Telefónica for example.

Supossely, the hackers where chinese, and they blackmailed Telefonica and others, looking for Bitcoins instead of dollars or other currency.

oldravenman3025 wrote:


Nobody's blamed Putin and his shadowy army of "Russian Hackers" yet?


Automatically Appended Next Post:

 Orlanth wrote:

 Ratius wrote:
I wonder who was behind it?

We don't know, but according to The Guardian, its the Tories fault it happened.

https://www.theguardian.com/society/2017/may/13/jeremy-hunt-ignored-warning-signs-before-cyber-attack-hit-nhs

Doesn't The Guardian blame the Tories for everything?

One...

Bitcoins are pretty damn hard to trace, high ability to hide ownership and thus harder for anyone to trace back.
As a currency for the hackers its perfect. Dollers, euro's and others are so much easier to trace, and the agencies have far more experience hunting them.

Two.

Russia has been one hit heavily to so if there own somewhat a friendly fire incident.
Plus blaming Putin is so overdone no one seems to belive it!

 Kilkrazy wrote:
My brother-in-law's first computer engineering job in the late 1990s was rewriting legacy COBOL programs from the 1960s to avoid Millennium bug problems.

To be fair to the NSA, Microsoft released a patch for this particular vulnerability two months ago.

Testing and implementation of any patch takes time. Two months should be plenty, if you have the resources, but if you don't, as is the case in many public sector businesses, it can take time, especially if the patch has prerequisites and makes functional changes. The NSA held on to this for their own use. If they had passed it on to Microsoft then it could have gone in an earlier patch and this would never have been an issue.

 Kilkrazy wrote:
My brother-in-law's first computer engineering job in the late 1990s was rewriting legacy COBOL programs from the 1960s to avoid Millennium bug problems.

To be fair to the NSA, Microsoft released a patch for this particular vulnerability two months ago.

Only for operating systems it still supports right? My wife's didn't get an update.

Is this cyber-attack the law of unintended consequences?

We know from the Snowden leaks that the NSA and the CIA have been actively designing stuff to hack into systems, thus making them weaker and more vulnerable to criminal elements.

So the American taxpayer pays these clowns for 'security' and then has to pay more money to clean up the mess when schools, hospitals, and tax systems are affected...

It's a mad world...

 Frazzled wrote:

 Kilkrazy wrote:
My brother-in-law's first computer engineering job in the late 1990s was rewriting legacy COBOL programs from the 1960s to avoid Millennium bug problems.

To be fair to the NSA, Microsoft released a patch for this particular vulnerability two months ago.

Only for operating systems it still supports right? My wife's didn't get an update.

That's true, but MS retired XP in 2014 and users were advised to upgrade to a new system.

The issue arises when users have some collection of hardware and software that might only run on the older system, or would be too expensive to upgrade.

For example, I have a MacBook laptop that is 9 years old. Although battered, it still runs fine and I don't see any reason to junk it and buy a new one. However, the version of MacOS is so out of date that Chrome and so on are no longer being updated. At the same time, Apple don't offer an upgrade for the OS that will actually run on the old hardware. I'm going to have to install Ubuntu Linux or something, and eventually buy a cheap Chromebook.

That's my petty problem. The NHS's problem is that they have hundreds of thousands of computers doing things like accounting, appointment booking, and clinical support functions all the way up to running gamma cameras. Quite apart from the desktop machines, the medical equipment and its software has an upgrade cycle that isn't necessarily tied in with Windows's.

Given what a huge organisation the NHS is, it might in some ways make better sense for it to have its own in-house software engineering teams.

State-employed software designers? Careful now, that sounds like Communism!

 Kilkrazy wrote:

 Frazzled wrote:

 Kilkrazy wrote:
My brother-in-law's first computer engineering job in the late 1990s was rewriting legacy COBOL programs from the 1960s to avoid Millennium bug problems.

To be fair to the NSA, Microsoft released a patch for this particular vulnerability two months ago.

Only for operating systems it still supports right? My wife's didn't get an update.

That's true, but MS retired XP in 2014 and users were advised to upgrade to a new system.

Aka, pay us. Computer geek persons (how does my kid graduates summa cum laude in computer science and applied mathematics but doesn't know crap about laptops and why ours are messing up-come on I paid $60 Large for some proper tech support here! and whats up with forgetting your own SS#???) on BBC discussing this were discussing whether or not that really means thats ransomware and new laws need to be passed. Your car company doesn't get to say "well we have a new model out so you need to pay us if you know whats good for you or your alternator might have an accident."

No but car companies can and do stop making spare parts for your car,

although if there is enough demand you'll get secondary market sellers making look-a-like replacements,

maybe the law needs to change so when a company 'abandons' an OS it becomes fair game to write software based on it to keep the OS up to date an functional (which it isn't at the moment as the XP software, for example, is still microsofts and you're not allowed to effectively reverse engineer it)

 OrlandotheTechnicoloured wrote:
No but car companies can and do stop making spare parts for your car,

Nor are they exactly required to replace old parts with newer improved ones for free either.

Well guess one way would be some sort of yearly payment you pay for software developer which gives you updates including new OS. But of course that's not that popular especially with "forced" updates to new OS.