The global WannaCry cyberattack - a lesson to the World

Published: 2017-05-22 09:30:56
Comment
Share
Share this with Close
Messenger Messenger Pinterest LinkedIn

The global WannaCry cyberattack - a lesson to the World

By Rabi Sankar Bosu

The massive May 2017 global computer hacking attack, dubbed "WannaCry", which infected tens of thousands of computers throughout the world running Microsoft Windows, is an act of terrorism, due to its escalating impacts in recent days. The malicious software started launching a large-scale ransomware campaign against dozens of organizations, including hospitals and telecom companies to all corners of the globe. Reports of infected computers have been seen in as many as 150 countries around the world on Friday, May 12, 2017. Undoubtedly, the ransomware outbreak is an alarming reminder of the vulnerabilities of an interconnected world as the criminal hackers could paralyze the global cyberspace governance system as well as countries' warfare capabilities. At the same time, it unmasks the disastrously risky practices of US intelligence services in terms of cyber weapons.

Friday's massive global cyberattack was one of the biggest cyber attacks in recent history. The ransom-demanding malware has spread around the globe like wildfire. According to Europol chief Rob Wainwright, more than 200,000 people in more than 150 countries were affected — and things could get worse. The coordinated attack was first reported in Britain, where it effectively shut down around 48 National Health Service (NHS) facilities. 13 NHS organisations in Scotland were also affected. But reports soon came in from all over the world. Users in the UK, Russia, Ukraine, China, Italy, Egypt and India were among those affected. Russia was the worst affected with 60 per cent of all infected computers were located in that country.

The audacious cyberattack used a type of malware known as "WannaCry" ransomware to extort money from victims, including governments, companies and organizations. The ransomware is a malicious software that locks the computer or mobile device and prevents users from accessing files, documents and pictures. The ransomware demands the "hostage" pay to have the files decrypted. Payment of virtual currency, $300 Bitcoin, allows the user to access the files with an encryption key only known by the hacker. If the payment is not made within a set period of time, the encryption key is destroyed and the files are lost forever. The White House said on May 15, 2017 that less than 70,000 U.S. dollars has been paid in the ransomware cyberattack. 

Xinhua news agency reported that almost 30,000 organisations had been attacked in China by WannaCry virus. Qihoo 360, China's leading cyber security company, said more than 29,000 institutions ranging from government offices to ATMs and hospitals had been infected by WannaCry, singling out universities as particularly hard-hit. China energy giant PetroChina said that at some petrol stations customers had been unable to use its payment system. Bank of China ATMs were infected with the ransomware virus. Various Chinese traffic police, immigration authorities and Public Security Bureaus were forced to suspend normal work until the malware threat is resolved.

It is reported that on May 18, China's National Computer Virus Emergency Response Center (VERC) and software company AsiaInfo detected the "UIWIX" virus, which is spreading in a similar way like the notorious "WannaCry" ransomware. This is a major concern that needs to be addressed as China strives to develop its cyber power and digital capabilities. 

The list other organisations who fell prey to the malware included Germany's rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, French automobile giant Renault, US logistics giant FedEx, Sweden's Timra municipality and Russia's Interior Ministry. South Korea and Japan have also been seriously impacted. Japanese computer experts said around 2,000 PCs had been affected. India is also one of the victims affected by the massive hacker attack. Three states of India, namely, Kerala, Tamil Nadu and West Bengal were affected by the WannaCry ransomware. According to the Russian anti-virus company, Kaspersky, after the malware struck on May 12, around five per cent of all computers affected in the attack were in India.

Russian President Vladimir Putin accused the US of creating the hacking software used to target Microsoft computers. Many security researchers strongly blamed the US government for the WannaCry infection, and intentionally or not, President Donald Trump's views on this issue are not clear. The virus WannaCry used the EternalBlue was developed by the United States' National Security Agency (NSA) that was stolen by a hacking group named the 'Shadow Brokers'. WannaCry, eternal king, eternal romance, eternal collaboration, emerald fiber, quirky hamster, and EskimoRoll, to name a few, are some of the innumerable powerful weapons in the NSA cyber arsenal. The NSA and other spy agencies look for software vulnerabilities and exploit them for intelligence gathering or law enforcement, which has become a great concern among tech people.

Brad Smith, president and chief legal officer at Microsoft, sharply criticized the NSA for its role in weaponizing a weakness in the Windows operating system and allowing it to be stolen and used by hackers to launch this organized massive cyber attack. Smith wrote that governments "should treat this attack as a wake-up call." "They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world."  Chinese media, Global Times is of the opinion that the US has invested enormously in developing cyber attack weapons, but not enough in guaranteeing cyber security. In the end, even Washington is subject to its own cyber offense.

It's really unfortunate that concerted efforts to tackle cyber crimes have been hindered by actions of the United States. The NSA should shoulder some blame for the attack, which targets vulnerabilities in Microsoft Corp systems and has infected some 30,000 Chinese organisations so far. In light of the WannaCry cyber attack, the China Daily rightly said that the role of the US security apparatus in the attack should "instill greater urgency" in China's mission to replace foreign technology with its own. The People's Daily compared the cyber attack to the terrorist hacking depicted in the U.S. film "Die Hard 4", warning that China's role in global trade and internet connectivity opened it to increased risks from overseas. 

China now has the world's second-largest economy, after the United States, and is home to about 700 million Internet users, the world's largest online population. China opposes all types of cyberattacks and is a victim of such attacks. It should be noted here that China's first Cybersecurity Law with 79 articles was approved by the Standing Committee of the National People's Congress, China's top legislature, on Nov 7, 2016 and will be effective on June 1, 2017. It is anticipated that China's first Cybersecurity Law will play an important role in clarifying the responsibilities of governments, enterprises and individuals in cyberspace and measures on how to deal with online attacks. 

In the past years, Chinese authorities have made lots of progress not only in cybersecurity governance, but also in the development of internet and international cooperation on cybersecurity. President Xi's central leadership helps guarantee cybersecurity and informatization, key for China's long-term development. On November 16, 2016, while giving a speech via video to the opening ceremony of the third World Internet Conference in Wuzhen in east China's Zhejiang Province, President Xi Jinping, called for increased international cooperation in cyberspace governance and the building of a cyberspace community of shared destiny. Cybersecurity was also among the issues on the discussion list during the meeting between Xi and his US counterpart Donald Trump in Florida in last April.

The recent attack is a testimony to President Xi Jinping's remarks that "No Internet safety means no national security. No informatization means no modernization." He made this landmark remark while meeting with China's Central Internet Security and Informatization Leading Group on February 27, 2014. The strategy of unilateral and separated cyberspace defense no longer works in a globalized environment. Reliance on absolute security through one or a small number of software defenses has proven unable to safeguard national cyberspace security.

The latest WannaCry virus attack "again reminds the world of the great harm the US' network hegemony and its network weapons can bring about". The NSA's failure to manage such type of cyber weapons caused global chaos. It is an act of irresponsibility for which the NSA should be answerable. It can be boldly said that the NSA's actions had allowed low-skill criminals to launch "government-scale attacks." However, the spread of malicious software WannaCry has exposed the lack of preparedness among governments and private institutions. Therefore, the WannaCry attack should be a lesson never to be forgotten. If governments across the world don't step up, the outbreak of the global 'epidemic' could be a far greater cascade of threats.

The wrath of the well-coordinated ransomware cyber attack by the hands of the Shadow Brokers has created urgency for enhancing cybersecurity and global cooperation as the Frankenstein's monsters promise more chaos and malice. China has long called for enhanced cybersecurity and the establishment of a rules-based order in cyberspace. Like the real world, China wants governments to work together to formulate universally accepted international rules and norms of state behavior. In the face of intensifying cyber warfare, it is our hope that China and other responsible countries, including the US, should advance building the non-proliferation regime of global cyberspace as soon as possible.

Rabi Sankar Bosu is the Secretary of New Horizon Radio Listeners' Club in West Bengal, India.

Related stories

Share this story on

Columnists

LU Xiankun Professor LU Xiankun is Managing Director of LEDECO Geneva and Associate Partner of IDEAS Centre Geneva. He is Emeritus Professor of China Institute for WTO Studies of the University of International Business and Economics (UIBE) and Wuhan University (WHU) of China and visiting professor or senior research fellow of some other universities and think tanks in China and Europe. He also sits in management of some international business associations and companies, including as Senior Vice President of Shenzhen UEB Technology LTD., a leading e-commerce company of China. Previously, Mr. LU was senior official of Chinese Ministry of Commerce and senior diplomat posted in Europe, including in Geneva as Counsellor and Head of Division of the Permanent Mission of China to the WTO and in Brussels as Commercial Secretary of the Permanent Mission of China to the EU. Benjamin Cavender Benjamin Cavender is a Shanghai based consultant with more than 11 years of experience helping companies understand consumer behavior and develop go to market strategies for China. He is a frequent speaker on economic and consumer trends in China and is often featured on CNBC, Bloomberg, and Channel News Asia. Sara Hsu Sara Hsu is an associate professor from the State University of New York at New Paltz. She is a regular commentator on Chinese economy. Xu Qinduo Xu Qinduo is CRI's former chief correspondent to Washington DC, the United States. He works as the producer, host and commentator for TODAY, a flagship talk show on current affairs. Mr. Xu contributes regularly to English-language newspapers including Shenzhen Daily and Global Times as well as Chinese-language radio and TV services. Lin Shaowen A radio person, Mr. Lin Shaowen is strongly interested in international relations and Chinese politics. As China is quite often misunderstood in the rest of the world, he feels the need to better present the true picture of the country, the policies and meanings. So he talks a lot and is often seen debating. Then friends find a critical Lin Shaowen criticizing and criticized. George N. Tzogopoulos Dr George N. Tzogopoulos is an expert in media and politics/international relations as well as Chinese affairs. He is Senior Research Fellow at the Centre International de Européenne (CIFE) and Visiting Lecturer at the European Institute affiliated with it and is teaching international relations at the Department of Law of the Democritus University of Thrace. George is the author of two books: US Foreign Policy in the European Media: Framing the Rise and Fall of Neoconservatism (IB TAURIS) and The Greek Crisis in the Media: Stereotyping in the International Press (Ashgate) as well as the founder of chinaandgreece.com, an institutional partner of CRI Greek. David Morris David Morris is the Pacific Islands Trade and Investment Commissioner in China, a former Australian diplomat and senior political adviser. Harvey Dzodin After a distinguished career in the US government and American media Dr. Harvey Dzodin is now a Beijing-based freelance columnist for several media outlets. While living in Beijing, he has published over 200 columns with an emphasis on arts, culture and the Belt & Road initiative. He is also a sought-after speaker and advisor in China and abroad. He currently serves as Nonresident Research Fellow of the think tank Center for China and Globalization and Senior Advisor of Tsinghua University National Image Research Center specializing in city branding. Dr. Dzodin was a political appointee of President Jimmy Carter and served as lawyer to a presidential commission. Upon the nomination of the White House and the US State Department he served at the United Nations Office in Vienna, Austria. He was Director and Vice President of the ABC Television in New York for more than two decades.