UK Nuclear Submarines, Microsoft and That Ransomware Attack
By Graham Vanbergen – The BBC has reported that the recent ransomware attack hit 100 countries. Cyber-security firm Avast said it had seen 75,000 cases of the ransomware – known as ‘WannaCry’ and variants of that name – around the world. Russia was hit the worst. State owned organisations such as health care, railway systems, water and electricity seemed target of choice. This along with telecoms infrastructure and energy suppliers, postal services, educations services and financial institutions.
The infections seem, by all accounts to be deployed via a worm – a program that parasitically spreads by itself between computers with alarming speed and effectiveness. So fast, that this cyber-attack had the potential to hit critical infrastructure that supports human life and disable it in under one day to over 3 billion people. The demands by the cyber-criminals were simple – they wanted electronic money such as BitCoin to unlock the data.
Microsoft was the only fully vulnerable operating system and said it was pushing out automatic Windows updates to defend clients from WannaCry.
Who are culprits? The BBC blame hackers known as ‘The Shadow Brokers’, who made it freely available in April, saying it was a “protest” about US President Donald Trump.
Get Briefed, Get Weekly Intelligence Reports - Essential Weekend Reading - Safe Subscribe
But let’s not forget who the really big culprits are here. The American and British government’s are at total fault. They both fund the NSA and GCHQ. Both advocate government snooping and spying into every citizen of the world, let alone their own. Both advocate the banning of secure encryption communication services and both have spent millions on developing tools to hack and crack these systems at will.
The NSA in America lost all of these hacking tools, specifically the one that caused this attack and subsequent mayhem across the world. The hackers exploited a piece of NSA code known as “Eternal Blue.”
From Wikileaks Vault7 Files: “Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
British Ex ambassador Craig Murray: “The arms race between major powers to develop cyber warfare and cyber surveillance capacity is a massive threat to the security of the internet. It is the very governments who most like to claim they need to intervene to protect us, who are in fact creating the dangers they cite. This is NSA software; WikiLeaks “Vault 7” leak has revealed the similar massive effort at the CIA in developing destructive software.
That is not to say the NSA or US government is behind this worldwide attack. But it is to say that western governments are spending billions of pounds on developing malware, which they cannot themselves keep safe. This should be viewed in the same light as chemical weapons programmes. Urgent international action to outlaw weaponised malware development should be a priority for the international community, as the danger to increasingly IT dependent services is extreme. The United States is the biggest aggressor and the biggest danger.”
I have stated for some time now in numerous articles that our own government are becoming our biggest enemies today. Far from being killed by a crazy swivel-eyed black flag waving extremist brandishing a scimitar with a Semtex vest, the likelihood is that a cyber-attack will disable critical services or that your personal data will be stolen causing absolute chaos to normal life.
In Britain, Theresa May was Home Secretary for 6 years. She was, and as PM still is responsible for the cyber-defences of the country. The mainstream press have not mentioned once that Theresa May has failed to protect Britain in any tangible way from this attack.
And as Craig Murray continues:
“Underfunded NHS Trusts have privatised IT management and outsourced the control and security of their computer systems to contractors, as part of the general rip-up of the NHS to provide private profit. These companies are more interested in maximising profits than safeguarding against contingent attacks. Very few NHS Trusts now employ their own NHS team of dedicated computer specialists maintaining and caring for their systems, including their defences.
Corporate profits have been great though. Remember that extraordinary numbers of MPs have financial links to private healthcare firms. If the Tories win a landslide, doubtless the numbers of MPs personally profiting from NHS privatisation will increase still further.”
But it gets potentially worse than cancelled operations and emergency ambulances being sent in the wrong direction. It’s possibly worse than people dying in corridors of hospitals when, metaphorically speaking, the lights go off.
In 2008, the UK’s nuclear submarines were fitted out with exactly the same systems that have just been involved in this cyber-attack.
From a 2008 article – The Register:
“The programme is called Submarine Command System Next Generation (SMCS NG), and uses varying numbers of standard multifunction consoles with two LCD screens, hooked up on an internal Ethernet network installed on each sub. Initial reports as the programme developed suggested that the OS in question would be Windows 2000, but those who have worked on it have since informed the Reg that in fact it is mostly based on XP.”
Windows were so chuffed at “Windows for Submarines” they even advertised the fact to the entire world (HERE)
“Windows for Submarines is the programme undertaken by the Royal Navy and BAE Systems to equip the nuclear-propelled and nuclear-armed warship fleet with a Windows-based command system. The transition to the Windows for Submarines command system on HMS Vigilant, a Trident nuclear missile submarine, was completed in just 18 days.”
This Microsoft blog is an open forum and even then an incredulous audience were questioning such a decision. Here are the first four reactions of dozens of responses.
Russell Quinn December 18, 2008 at 6:31 am : 18 days? You guys tested this right?