Computers run the world
President Trump may want to create a Space Force, but the reality is that wars are already being fought in cyberspace. As cities become more high-tech, hackers can do a lot more damage by taking over computer systems. Not only can they get huge amounts of information about a city’s inhabitants, but they can shut down essential services and the power grid itself. That what makes the story of NotPetya so significant.
Tools of the trade
Before getting into the attack itself, you first need to know about the two tools the hackers used. The first, Mimikatz, was created in 2011 by a French security researcher. Its intent was to show Windows that passwords were floating around in a computer’s memory. The other piece of software, EternalBlue, was created by the US National Security Agency and got leaked in 2017. With EternalBlue, a hacker can run their own code on a hacked computer.
Microsoft released a patch for EternalBlue, but that proved to be useless against NotPetya’s combined arsenal of EternalBlue and Mimikatz. The hackers simply got into computers without the patch and then used Mimikatz to pull passwords and gain access to patched computers.
Armed with these two weapons, the NotPetya hackers struck on June 27th, 2017. Like the ransomware Petya, hacked victims were told they needed to pay $300 in bitcoin in order to get access back into their files. However, unlike Petya, paying wouldn’t do anything. NotPetya was all about destruction, not greed.
Companies in Ukraine were the first victims, though Kaspersky Lab reported attacks in France, Germany, Italy, Poland, the United States, and Russia. Ukraine ultimately suffered the most attacks; around 80% of the NotPetya infections occurred there. The National Bank of Ukraine even got hacked. It started to become clear that this was an attack targeting Ukraine.
By the time NotPetya was over, it had cost companies and governments around the world around $10 billion. Everyone from hospitals to chocolate factories to energy firms had been hit. After an investigation, the CIA accused Russian military hackers of leading the cyberattack. Russia has been targeting Ukraine for some time and experts believe the hack was an attempt to mess up their financial system. The UK and US both came out against Russia. The Kremlin obviously denied everything, saying that the claim was “Russophobic.”
What can we learn from NotPetya? The first lesson is that software patchers aren’t moving fast enough once a vulnerability is exposed. Many government and company computer systems were not prepared for any kind of hacking attack, let alone one on the scale of NotPetya. If the world is going to move into digitizing everything, it needs to have the necessary defenses in place to protect that data.
The other lesson is sobering: we depend on computers and the internet for just about everything. Pharmaceuticals, industry, finances, transportation, and even food are all bound up in technology these days. It isn’t just information that’s at risk; how we live our lives could be crippled by an effective cyberattack. Clearly, we are not prepared.
The internet and social media changes how we interact. How does it change how society fights crime?