It’s Day Two of a cyber attack that’s so far hit shipping companies, law firms and pharmaceutical conglomerates. Companies worldwide are still recovering, and cybersecurity experts are still trying to figure out exactly what’s going on. The one thing that companies, cybersecurity analysts and journalists seem to agree on is that it’s bad. Nicole Perlroth covers cybersecurity for the New York Times. She talked with Marketplace host Kai Ryssdal about what’s concerning about the most recent global cyber attack. The following is an edited transcript of their conversation.
Kai Ryssdal: Do me a favor and compare and contrast with the WannaCry from last month. Is it the same or different?
Nicole Perlroth: It’s related in that both the attacks last month the, WannaCry attacks and the attacks this week, used NSA cyber weapons but for very different reasons. The attacks this week were in many ways a little bit more concerning. We think that, in this case, the ransomware was actually just a smoke screen or a cover for the true motivation of the attacks, which appears to be destruction.
Ryssdal: All right. So, the question then becomes: Who’s in charge of the response? Is it private cybersecurity companies? Is it the FBI? Am I on my own?
Perlroth: Well, what’s interesting on the government side of things is yesterday, we reached out to the NSA. Remember, it’s their weapons that are being retrofitted for these attacks in the first place. And the NSA said, “This really isn’t our area. You need to go talk to the Department of Homeland Security,” which deals with these type of attacks. The Department of Homeland Security, they’ve just said, “Make sure you’re running your patches. We’re still investigating,” et cetera.
|Massive ransomware attack in Europe all but promises more to come|
|3 ways to protect your online privacy|
|Your computer’s security updates may be annoying, but they’re crucial|
Ryssdal: That’s a remarkably unsettling answer, “Make sure your patches are up to date.” Because, as you said, if Department of Homeland Security is in charge of this on the homefront, they would also be responsible to guard against attacks on infrastructure, on power grids, on ports, on railways. Right? I mean, that’s where this eventually goes.
Perlroth: That’s right. So, it’s only been two months since these weapons were dumped online, and in just the last two months we’ve now seen them used against hospitals, we’ve seen them used against FedEx. FedEx just had to stop trading shares because of a computer virus. We don’t know if it was directly connected to the attacks yesterday, but it appears to be. The real nightmare scenario here is that these weapons will be used on the computers that control pipelines, that control remote access to oil rigs, to transportation systems. And there’s a big worry among intelligence officials and even some of the analysts at the NSA who developed these weapons in the first place that that time could be coming.
Ryssdal: As I understand part of your reporting, there is also an active black market for these tools that have now been obtained from the NSA. I mean, like, they trade them.
Perlroth: That’s right. So, you know these weapons, the raw ingredients for these NSA weapons are basically just vulnerabilities in Microsoft software, Google software, and those vulnerabilities are traded on a black market. They have been for decades. And for a long time, the U.S. government, U.S. intelligence agencies were the biggest player in this market. We know from the Snowden documents they spent $25 million in 2013 to pay hackers to turn over vulnerabilities in these systems. The problem is you can take these vulnerabilities and develop a cyber weapon, but can you keep that cyber weapon from leaking out onto the web where anyone can take them and dismantle them and retrofit them for their own purposes? And what we’re seeing over the last two months is that even the NSA couldn’t keep its most coveted cyber weapons and stockpile of vulnerabilities safe.