Last week, as we all know by now, the world was rocked by one of the largest ‘hacks’ in history. Known as WannaCry, the ransomware was released by a hacking group known as the Shadow Brokers.
The hack came to the world’s attention when up to 36 hospitals in the UK were locked out of their computer systems, with a ransom demanded – to be paid in bitcoins – or, the virus warned, the data, which included patient records, would be wiped altogether.
The virus, which is thought to have been activated by a phishing email with a file attachment, which when opened allowed malware to spread immediately to other computers sharing the same network, subsequently attacked police computer systems across India, Russia’s Interior Ministry, Spain’s biggest mobile operator Telefonica, and FedEx in the US – as well as computers across the world, from the Ukraine to Taiwan.
Sound like the work of a sociopathic hacker or group of hackers, acting out of malice or anti-globalist sentiment?
Well, yes and no. Aside from the potentially disastrous consequences of a network of hospitals being forced to turn patients away because of a system lockdown, the truly scary thing about WannaCry – is that it was originally developed by the US National Security Agency (NSA), and had been appropriated by the Shadow Brokers.
How did this happen? To understand the genesis of the WannaCry, you have to go all the way back to 2013.
The ransomware that was used for the WannaCry virus was apparently developed by the NSA as part of an anti-terrorism campaign, who used it to tap into SWIFT service bureaus in 2013, in order to monitor overseas money transactions between the Middle East and banks based in Latin America.
According to reports, at least 2 SWIFT service bureaus were hacked, although one of the services, EastNets, a global provider of compliance, payments and cloud solutions, has taken to Twitter to refute this allegation.
What seems to be undeniable, however, is that software developed by the NSA, intended to aid the fight against terrorism, is now available for sale to the highest bidder.
And if this malware has worked against SWIFT based payments systems in the past, what havoc could the virus wreak if, as has clearly happened, it ends up in the wrong hands?
This isn’t the first time that the Shadow Brokers have flaunted the fact that they are in possession of hacks developed by the NSA.
On Friday, 14th April, the group dumped a list of hacking methods developed by the NSA’s Equation Group online – the same hacks the NSA had allegedly used to access SWIFT data from Eastnets.
The NSA were monitoring transactions under the auspices of the Terrorist Finance Tracking Program (TFTP), which was established in 2001 under the Bush administration as a response to 9/11.
But following ex-NSA employee Edward Snowden’s actions in 2013, the EU decided to suspend TFTP due to concerns about data protection.
The Shadow Brokers initially tried to sell the leaks and data they had obtained to the highest bidder, but having failed to do so, instead, they seem to have decided to show off how powerful the malware really is.
Now, it has become clear that Microsoft had been tipped off about the vulnerabilities in their software months before the virus struck.
The virus strikes at a known vulnerability in earlier versions of Microsoft’s software, which is known as EternalBlue, and it was the NSA that initially discovered this weakness. In their defence, Microsoft say that they had recently issued a patch that could counteract the virus.
Windows 10 users were not affected by WannaCry – the virus is only effective against older versions of Windows, or if Windows Firewall is temporarily disabled or remote access is granted to a machine – but the trouble is, in the world of finance, this could happen at any time!
So, it seems that there is considerable danger that SWIFT services could be attacked again, and considering that SWIFT is responsible for sending trillions of dollars’ worth of fund, payment, and financial information between 11,000 of its members and across 200 countries, the consequences of a hack could be potentially devastating.
The Shadow Brokers have already indicated, via a blog post written in their distinctive pidgin English, that they have a new suite of tools and hacks that will endanger newer kinds of software, such as Windows 10, which is installed on 500 million devices around the world.
And guess what? Yes, the new hacks also seem to have been pilfered from the NSA. The Shadow Brokers, despite the fact that they seem to be advertising for a payoff, rather than acting from more unpredictable or destructive motives, must be considered a significant ongoing threat.
The very fact that SWIFT, which runs its own SWIFT Customer Security Program, has been hacked, should make everybody within the financial services industry a little hot under the collar. With the digitalisation of global financial services, and the onset of the bitcoin blockchain, almost all financial services functions will rely more and more on computer systems to carry out their tasks.
Last week’s hack was devastating, but thankfully seems to have been contained. The worst, however, could be yet to come.
At the same time, we must have faith in the systems that have been created. The more cutting edge the technology, the less likely it is to be hacked. So now is not the time to panic, but it is time to double down on our efforts to protect our own, and customer’s data.