Is this the World’s first Cyber-war?

Posted By on June 29, 2017

In 2016 a piece of malicious code was attached to a popular accounting package in the Ukraine. Although the publishers strenuously deny it, all the indicators point to the code being part of an update to Ukraine’s MEDoc accounting software package. This gave birth to the ransomware that came to be known as Petya, which in turn evolved into the “Notpetya” virus attack. But is it really ransomware or are we seeing the first salvo of a true cyber-war?

First came the Wannacry ransomware that had a devastating effect, in terms of infecting systems. It relied on a single flaw to access computer systems. Once inside a system, it quickly spread to all the computers attached to that system. The code itself, was rather amateurish, with a simple kill switch (registering the domain it was looking for). However in hindsight, was it a test for what was to follow?

Next came the Petya ransomware. This spread in a similar manner to Wannacry, utilising the “Fatalblue” code that the USA’s NSA developed to spy on people’s computers  but unlike Wannacry, it uses multiple flaws to get around computer security measures. This one is playing havoc with the Ukraine power grid and somehow jumped from there to some hospital systems in the USA and to the computer systems of Maesk, the international shipping line.

Both of these were ransomware. They demanded a payment in Bitcoin. We assume the objective was for profit. The Wannacry ransomware was removed once confirmation of payment was received. So far we have no evidence that any system infected by the Petya ransomware, has been freed, once the money has been paid.

Now we have the next evolution – the “Not-Petya” or “Netya” ransomware. Like the Petya ransomware, this uses a variety of vulnerabilities to gain entry into a system. Once inside, it wreaks havoc by encrypting the files, like Petya and displays a ransom note. However, the Notpetya ransomware then attacks the master boot record (MBR), crashing the entire system, to the point where it will not start up at all – no more ransom note. This begs the question, if the ransom note cannot be displayed, was the goal really ransom? Since it wipes the hard drive it has been reclassified as “Wipeware” and its aim is to shut down the whole system

If there is no way to make any payment, no ransom note and no master boot record to start the computer up, to the point where it can operate, then what was the purpose of the attack? Even if the MBR was repaired, the files are encrypted – unreadable.

Experts in several computer security companies agree that the Notpetya attack code was designed on a large budget. There are examples of repeated amendments to the code after trials. That is not usual where a single person or few hackers have collaborated. This looks like a larger group of very professional programmers, have spent a lot of time writing multiple exploits, for a wide range of vulnerabilities. If we are not looking at a small group on a tight budget, then we are looking at an organisation. There’s no demand for payment or any way to recover the files, so what was their aim?

The only option left, is cyber-war.

Let’s look at the evidence:

  1. The USA claims Russia hacked the emails of different election candidates to swing the votes in favour of Donald Trump, a self confessed friend of Vladamir Putin and therefore Russia. They claim to have evidence that points to Russia directly.
  2. The French claim to have evidence of Russian cyber tampering with their recent elections.
  3. The Petya and Notpetya ransomware first attacks appear in the Ukraine – a country at war with Russia, the perfect test bed for a cyber attack.
  4. There appears to be a progression of developments and tests leading up to the Notpetya ransomware. Not typical of a sole operator. Were these tests for Notpetya or is something worse coming?
  5. The code seems to be written by an organisation aiming to disable systems en masse, not for any financial gain.

Postscript

Since writing this, the Netya attack has jumped from the Ukraine and USA to thousands of other systems in various countries, as far away as a chocolate business in Tasmania, Australia, Port of Auckland and Port of Tauranga in New Zealand. Container ships are arriving in ports, unable to forward their manifests before they are docked. In some instances no-one knows whats on them until they are unloaded.

About The Author

Mimenta.com is the online voice of a collection of consumer advocates working independently to represent people who would otherwise be unheard. We speak for those who are bullied by corporations and don’t realise they can have a say.

Comments

Comments are closed.