[Marxism] The World Is Getting Hacked. Why Don’t We Do More to Stop It?

Louis Proyect lnp3 at panix.com
Tue May 16 06:43:19 MDT 2017


(By a former Marxmailer.)

NY Times Op-Ed, May 16 2017
The World Is Getting Hacked. Why Don’t We Do More to Stop It?
by Zeynep Tufekci

The path to a global outbreak on Friday of a ransom-demanding computer 
software (“ransomware”) that crippled hospitals in Britain — forcing the 
rerouting of ambulances, delays in surgeries and the shutdown of 
diagnostic equipment — started, as it often does, with a defect in 
software, a bug. This is perhaps the first salvo of a global crisis that 
has been brewing for decades. Fixing this is possible, but it will be 
expensive and require a complete overhaul of how technology companies, 
governments and institutions operate and handle software. The 
alternative should be unthinkable.

Just this March, Microsoft released a patch to fix vulnerabilities in 
its operating systems, which run on about 80 percent of desktop 
computers globally. Shortly after that, a group called “Shadow Brokers” 
released hacking tools that took advantage of vulnerabilities that had 
already been fixed in these patches.

It seemed that Shadow Brokers had acquired tools the National Security 
Agency had used to break into computers. Realizing these tools were 
stolen, the N.S.A. had warned affected companies like Microsoft and 
Cisco so they could fix the vulnerabilities. Users were protected if 
they had applied the patches that were released, but with a catch: If an 
institution still used an older Microsoft operating system, it did not 
receive this patch unless it paid for an expensive “custom” support 
agreement.

The cash-strapped National Health Service in Britain, which provides 
health care to more than 50 million people, and whose hospitals still 
use Windows XP widely, was not among those that signed up to purchase 
the custom support from Microsoft.

They were out in the cold.

On May 12, a massive “ransomware” attack using one of those 
vulnerabilities hit hospitals in Britain, telecommunication companies in 
Spain, FedEx in the United States, the Russian Interior Ministry and 
many other institutions around the world. They had either not applied 
these patches to systems where it was available for free, or had not 
paid the extra money for older ones.

Computer after computer froze, their files inaccessible, with an ominous 
onscreen message asking for about $300 worth of “bitcoin” — a 
cryptocurrency that allows for hard-to-trace transfers of money. 
Ambulances headed for children’s hospitals were diverted. Doctors were 
unable to check on patients’ allergies or see what drugs they were 
taking. Labs, X-rays and diagnostic machinery and information became 
inaccessible. Surgeries were postponed. There was economic damage, too. 
Renault, the European automaker, had to halt production.

The attack was halted by a stroke of luck: the ransomware had a kill 
switch that a British employee in a cybersecurity firm managed to 
activate. Shortly after, Microsoft finally released for free the patch 
that they had been withholding from users that had not signed up for 
expensive custom support agreements.

But the crisis is far from over. This particular vulnerability still 
lives in unpatched systems, and the next one may not have a convenient 
kill switch.

While it is inevitable that software will have bugs, there are ways to 
make operating systems much more secure — but that costs real money. 
While this particular bug affected both new and old versions of 
Microsoft’s operating systems, the older ones like XP have more critical 
vulnerabilities. This is partly because our understanding of how to make 
secure software has advanced over the years, and partly because of the 
incentives in the software business. Since most software is sold with an 
“as is” license, meaning the company is not legally liable for any 
issues with it even on day one, it has not made much sense to spend the 
extra money and time required to make software more secure quickly. 
Indeed, for many years, Facebook’s mantra for its programmers was “move 
fast and break things.”

This isn’t all Microsoft’s fault though. Its newer operating systems, 
like Windows 10, are much more secure. There are many more players and 
dimensions to this ticking bomb.

During this latest ransomware crisis, it became clear there were many 
institutions that could have patched or upgraded their systems, but they 
had not. This isn’t just because their information technology 
departments are incompetent (though there are surely cases of that, 
too). Upgrades come with many downsides that make people reluctant to 
install them.

For example, the more secure Windows 10 comes with so many privacy 
concerns that the Electronic Frontier Foundation issued numerous alerts 
about it, and the European Union is still investigating it. My current 
Windows 10 machine is more secure but it advertises to me in the login 
screen. (Are they also profiling me to target advertisements? A fair 
question in this environment.)

Further, upgrades almost always bring unwanted features. When I was 
finally forced to upgrade my Outlook mail program, it took me months to 
get used to the new color scheme and spacing somebody in Seattle had 
decided was the new look. There was no option to keep things as is. 
Users hate this, and often are rightfully reluctant to upgrade. But they 
are often unaware that these unwanted features come bundled with a 
security update.



More information about the Marxism mailing list