I was recently on the radio with a Dr.Klein to talk about Hospitals selling customer and patient aggregate data to large sponsors like Microsoft and Facebook for "medical research". Well not to go too far into the rabbit-hole that ethical disaster brings up, I want to focus on what the potentiality of a very real world danger that has already happened. The WannaCry or WannaDecryptor ransom-ware, crippling users all over the EU, US, and Australia. Some of those users were hospitals.
This event occurred in May of 2017 worldwide by the WannaCry ransom-ware crypto-worm. The worm targeted computers running Microsoft Windows operating system as well as some Linux test systems running the Wine emulator program, by encrypting data and demanding ransom payments in Bitcoin. The red flag pop-up also went into extensive detail on how to purchase Bitcoin though reports of users that paid the ransom still did not get their files de-crypted. The worm spread through the Eternal-Blue exploit developed by the NSA, WannaCry versions 0, 1, and 2 were created using Microsoft Visual C++ 6.0, and remained unnoticed by Microsoft until the leaks, as a potential attack vector for the United States, for older Windows systems. Eternal-Blue was stolen and leaked by a group called The Shadow Brokers via Wikileaks and Twitter a few months before the attack. While Microsoft had released patches previously to close the exploit, much of WannaCrys spread was from organizations that had not applied the released patches or were using older Windows systems that were past their support date. The attack was halted within a few days of its discovery due to emergency patches released by Microsoft, which did not help those already infected and did not alleviate the ills of those unsupported systems and the primary action that solved the problem, the discovery of a kill switch, discovered by Marcus Hutchins, that prevented infected computers from spreading the worm. The fallout of the attack was estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars. Security experts believed from preliminary evaluation of the worm that the attack originated from North Korea or agencies working for the country, most notably the Lazarus Group. Experts advised during the preceding days that if you were infected against paying the ransom due to no reports of people getting their data back after payment, after the attack had subsided, a total of 327 payments totaling US $130,634.77 worth of Bitcoin had been transferred.
The Tragic Hero, Marcus Hutchins and The Spread of Wannacry
Researcher Marcus Hutchins discovered the kill switch domain hard-coded in the malware after receiving the virus code from a friend. Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransom-ware only encrypted the computers files if it was unable to connect to that domain. On 14 May, a first variant of WannaCry appeared with a new and second kill-switch registered by Matt Suiche on the same day. This was followed by a second variant with the third and last kill-switch on 15 May, which was registered by Check Point threat intelligence analysts. A few days later, a new version of WannaCry was detected that lacked the kill switch altogether. On 19 May, it was reported that hackers were trying to use a Mirai botnet variant to effect a distributed attack on WannaCrys kill-switch domain with the intention of knocking it offline. On 22 May, Hutchins protected the domain by switching to a cached version of the site, capable of dealing with much higher traffic loads than the live site. Within four days of the initial outbreak, new infections had slowed.
In August 2017, Hutchins was arrested in Las Vegas, during Def-Con, after being indicted on six hacking-related federal charges in the US District Court for the Eastern District of Wisconsin. Prosecutors allege that Hutchins assisted in the creation and spread of a piece of banking malware known as Kronos in 2014 and 2015. The charges are not related to WannaCry, but included the allegations that he created the Kronos malware in 2014, and sold it in 2015 via the AlphaBay forums. Hutchins denied any wrongdoing and pleaded not guilty to the charges against him on August 2017. He was out on bail pending trial and remained in Los Angeles. In early June 2018, the US government added four more charges to his indictment. On 19 April 2019 Hutchins pleaded guilty to conspiring to commit wire fraud, as well as distributing, selling, promoting, and advertising a device used to intercept electronic communications. His statement included the quote "I regret these actions and accept full responsibility for my mistakes. Having grown up, Ive since been using the same skills that I misused several years ago for constructive purposes." Hutchins faced up to five years in prison and $250,000 in fines for the two charges. On 26 July, 2019, Hutchins was sentenced to time served and one year of supervised release.
With these events happening VERY recently, I am still shocked and almost appalled by the general lack of oversight and general baffling displays of user data collection not only by the large corporations, but also out Hospitals, Banks, and Government agencies. This was supposed to be the example set to make change in user data collection and digital record keeping but was all too soon forgotten and is now nothing more than a rant on a blog. The Vault 7 leaks were revealed to show how Governments act without public oversight. The Wannacry attack showed us what happens when we let things creep too far into the Digital realm, and the general misunderstanding of digital security by those we trust. Hospitals selling data to Microsoft and Facebook is only asking for the next big attack on our data. Not only are we asking for it, we are signing our names on it.