Cyberattack: How hackers unleashed global panic online using NSA spy tools

A huge extortion cyberattack hit dozens of nations on Friday.  Hackers declared that computer data was being held for ransom at hospitals, telecommunications firms and other companies.

The attack appeared to exploit a vulnerability purportedly identified for use by the US National Security Agency and later leaked to the internet. The attack hit Britain's health service, forcing affected hospitals to close wards and emergency rooms. Related attacks were reported in Spain, Portugal and Russia. Two security firms Kaspersky Lab and Avast said they had identified the malware behind the attack in upward of 99 countries, although both said the attack has hit Russia hardest.

WHERE DID IT ORIGINATE ?

The malware was made available online on April 14 through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of "cyber weapons" from the National Security Agency (NSA). At the time, there was scepticism about whether the group was exaggerating the scale of its hack.

THE MAGNITUDE OF THE CYBER ATTACK

In Britain, a lot of hospitals were thrown out of gear when the incident happened and there was a mad scramble among doctors to get things back in line. However, British Prime Minister Theresa May said there was no evidence that patient data had been compromised in the attack, and that it had not specifically targeted the National Health Service.

 

Here's the malware attack which appears to have hit NHS hospitals right across England today pic.twitter.com/zIAJ6wbAG5

— Lawrence Dunhill (@LawrenceDunhill) May 12, 2017

 

Hospitals in areas across Britain found themselves without access to their computers or phone systems. Many cancelled all routine procedures and asked patients not to come to the hospitals unless it was an emergency. Some chemotherapy patients were even sent home because their records could not be accessed.  Most of the affected hospitals were in England, but several facilities in Scotland also reported being hit. Doctors' practices and pharmacies reported similar problems.

 

We're aware of an IT issue affecting NHS computer systems. Please do not attend A&E unless it's an emergency. Thank you for your patience.

— NHS Mid Essex CCG (@MidEssexCCG) May 12, 2017

 

British government officials and intelligence chiefs have repeatedly highlighted the threat to critical infrastructure and the economy from cyberattacks. The National Cyber Security Centre said it had detected 188 "high-level" attacks in just three months. Britain's National Health Service is a source of pride for many Britons but faces substantial budget issues and has had previous problems with its huge IT system.

Krishna Chinthapalli, a doctor at Britain's National Hospital for Neurology & Neurosurgery who wrote a paper on cyber security for the British Medical Journal, warned that British hospitals' old operating systems and store of confidential patient information made them an ideal target for blackmailers. He said many NHS hospitals in Britain use Windows XP software, introduced in 2001, and as government funding for the health service has been squeezed "IT budgets are often one of the first ones to be reduced."

The NHS which is accountable to the public, Parliament and the Secretary of State for Health in Britain had made an official statement as well .

The Russian Interior Ministry has confirmed it was hit by the "ransomware" attack, which encrypts data on infected computers and demands payment, usually via the digital currency bitcoin, to release it. As similar widespread ransom ware attacks were reported in Spain, Romania and elsewhere, experts warned that online extortion attempts by hackers are a growing menace. Hospitals, with their often outdated IT systems and trove of confidential patient data, are a particularly tempting target.

The Spanish government said several companies had been targeted in ransomware cyberattack that affected the Windows operating system of employees' computers. It said the attacks were carried out with a version of WannaCry ransomware that encrypted files and prompted a demand for money transfers to free up the system.

Ransomware attacks are on the rise around the world. In February 2016, the Hollywood Presbyterian Medical Center in California said it had paid a $17,000 ransom to regain control of its computers from hackers.

Whistleblower Edward Snowden blamed the NSA for not preventing the global cyber attack. "Despite warnings, (NSA) built dangerous attack tools that could target Western software," Snowden said. "Today we see the cost." "If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened," he said.

Some cyber security experts and privacy advocates said the massive attack reflected a flawed approach by the US to dedicate more cyber resources to offence rather than defence, a practice they argued makes the internet less secure.

 

with PTI inputs