Invisible weapons pose constant threat to cybersecurity
Vulnerability in Microsoft OS exploited by US government, then stolen by hackers
TOKYO -- Cyberspace is a battlefield where countries, big or small, compete to obtain intelligence to attack others. Last month, it was ordinary citizens and businesses that fell victim to invisible cyber weaponry.
An international conference on information technology was held on May 25 in China's Guizhou Province. Shen Changxiang, the 76-year-old cybersecurity authority in China, told executives of the world's leading IT companies that hundreds of thousands of computers are reported to have been affected in China by a recent computer virus and that the virus has disrupted the education, transport, health care and energy sectors, among others.
China first learned of the global cyberattack in the early hours of May 13. The news came just before the country welcomed some 30 heads of state to a conference on its Belt and Road Initiative, a cross-border economic cooperation framework.
It was a big stage for Chinese President Xi Jinping, so Public Security Minister Guo Shengkun ordered ministry staff to ensure network safety at the event. Tens of thousands of cyber police officers protected the conference from cyberattacks, but failed to protect the ministry itself.
On May 13 and 14, the immigration office and the office responsible for issuing driver's licenses suspended operations because their systems were found to have been affected by the computer virus. In Beijing, Shanghai, Tianjin, and Jiangsu Province, visa issuances stopped. In Jilin Province, tests for obtaining a driver's license were postponed. In Henan and Sichuan provinces, traffic control systems, such as issuing driver's licenses, were affected.
Businesses were also hit by the attack. Payment systems at some petrol stations in Beijing, Shanghai, Chongqing and Jiangsu Province, among other places, that are run by major oil company PetroChina went down.
The latest cyberattack took advantage of vulnerabilities in Microsoft's Windows operating system. The cybersecurity expert Shen, who established the public security ministry's system, said China needs to build its own operating system. China, which does not allow Google's search services in the country, may further seek to be more self-reliant for internet-related technologies.
In the U.K., the cyberattack downed information systems at factories and hospitals. St Bartholomew's Hospital in London, known as the initial meeting place for Sir Arthur Conan Doyle's characters Sherlock Holmes and Dr. Watson, had to postpone operations and patient appointments.
Rob Wainwright, executive director of Europol, the European Union's policing unit, said he had been worried that the health care sector is especially vulnerable in many European countries. In the U.K., the National Health Service, which provides public health care services, had its budget slashed by austerity measures taken amid a European debt crisis. As a result, 90% of the service's computers still use operating systems for which Microsoft stopped offering support in 2014.
Tracking the source
The cyberattack, which held systems hostage for a ransom, not only caused panic but also prompted researchers and companies to search for a solution.
A 22-year-old researcher in the U.K. discovered a way to stop the ransomware from attacking computers. To prevent the virus from getting beyond the control of its creators, it was programmed to halt activity if given an emergency order. A website was set up by researchers to spread the order, and the epidemic was contained.
Experts, including Symantec, a U.S. security software company, pointed out that the people behind the recent cyberattack have connections with Lazarus, a group of hackers. In 2014, Lazarus launched a cyberattack against the U.S. film unit of Japanese electronics company Sony. The U.S. government blamed North Korea for that attack.
Russia, which has long been suspected of having links to cyberattacks and been criticized by the U.S. and Europe, also suffered damage to its government systems in the latest incident. On May 15, Russian President Vladimir Putin seized the opportunity to put the blame on the U.S. government, citing a comment by Microsoft. CEO Brad Smith had publicly condemned the U.S. government when he said, "This vulnerability stolen from the [National Security Agency] has affected customers around the world."
The NSA software in question infects a computer by taking advantage of Windows' vulnerabilities. It was secretly developed to obtain confidential information from foreign governments and terrorist organizations. The Shadow Brokers, a prominent hacker group alleged to have links to Russia, released the software in April, and it was used in the May cyberattack.
The Shadow Brokers said on its blog that it will target appropriate enemies, threatening to challenge the U.S. No country or organization can escape such danger if they fail to prepare.