Hello, geek faithful. Your humble author is safe and happy within his cozy Linux igloo, as always, and hoping you are all the same. Boy howdy, it sure is convenient running Linux sometimes. So secure, so safe to use, patches happen automatically while I sleep. And so much more control over how my system runs and what can run when with what permissions. It sure is snuggly! Aaaaah, Linux Linux Linux…
Oops, I done forgot my manners! Yes, it’s a terrible shame that the WannaCry ransomware attack is out there terrorizing the world. In case you get hit, BBC advises the sensible course: don’t pay the ransom. Mainly because the author of this attack may never honor their end of the deal, and circumstances are coming together to where they may not even be able to. Most malware attackers don’t count on becoming a worldwide top story overnight.
Instead, the sensible course of dealing with a computer hit by WannaCry is a good old fashioned reformatting, while you thank your company policy for its draconian backup policies. Here’s a good war room for those still fighting it. There was a kill switch discovered for it, only for the malware authors to re-release a new version, and so the cyberwar continues.
But beyond defeating the malware du jur, we’ve got plenty of other bones to pick…
As Usual, This Was Entirely Preventable
The attack spread primarily by phishing emails and unpatched Windows systems. We have all been preaching since the dawn of time about educating users not to fall for phishing emails and to keep their systems updated, no matter what operating system. We’re just never going to win that battle, apparently. Phishing has been a tactic since at least the 1990s; if we haven’t woken up the sheeple by now, they’re never awakening.
New Twist: The Rush To Politicize A Cyber-Attack
Within hours of the first reports of WannaCry, it was blamed on the US National Security Agency. Then Edward Snowden crawled out from under Vladimir Putin’s desk, wiped off his mouth, and blamed the NSA too. Microsoft took time off from issuing its emergency patches to yell, “Yeah, the NSA, it’s all their fault!” A UK news site had to finally point out that if Microsoft had a vulnerability in their software for malware to exploit, maybe it’s just a tiny bit their fault? Finally, Vlad the Putin jumps on the pitchfork-wagon to pin it all on the NSA too.
In the first place, the United States National Security Agency does not have it anywhere in their job description to force patches on commercial, proprietary operating systems. Not even if they find the hole themselves. Contrary to what half the websites out there are claiming right now, the NSA does not itself publish or release malware or malware associated tools, it simply discovers exploits in the routine work of security research. For that matter, the exploit itself was not published by the NSA, but stolen and leaked by a private group.
In the second place, if people want US government intel to help them with their computer security, they could pay attention during cybersecurity awareness month, which partners the NSA, DHS, and FBI to raise public awareness towards “increasing the understanding of cyber threats and empowering the American public to be safer and more secure online.” Look, they offer toolkits for everything from K-12 students to industry, with informative pamphlets to download for lots of practical advice like how not to fall for phishing attacks and why you should keep your systems updated and back up your files. They have videos, publications, promotional materials, all kinds of resources.
Do people expect the NSA to visit their home and scrape the toolbars off grandma’s Internet Explorer in person?
Wait, There’s More!
So you say the NSA isn’t doing enough to secure your computer, eh?
I, “Penguin” Pete Trbovich, will make you the following deal: I will provide you with the most stupendous NSA computer security leak the world has ever known, but in exchange, you have to stop listening to blowhard idiots like Edward Snowden and instead elect me in his place as the world’s cyber-intel guru. Nod your head at the screen so I can see you.
Now then, what if I told you that the NSA has a top-secret software tool which is guaranteed to fix all security vulnerabilities of all Windows systems, not just every version in the past, but all versions in the future! Yes, it’s both past and future compatible for all malware, ransomware, exploits, viruses, and worms on Windows, even the ones that haven’t been discovered yet!
Are you ready for this “leak”?
Maybe I should hold it back and yell about what I’m sitting on until I get 5 million Twitter followers and front page on The Guardian and sign a book deal with Glenn Greenwald and get my own movie. Maybe sway a couple elections. Naw, I have a busy schedule today.
The NSA software tool is called “SELinux,” it’s a Linux operating system package jointly developed by Red Hat Linux and the NSA. Yes, the NSA hires actual programmers to code security packages and release them under the GNU GPL for free! SELinux is supported under most major Linux distributions, including Debian-based and Red-Hat-based Linux releases.
Install any recent Linux distro on your computer (my current favorite is Linux Mint, a snazzy Ubuntu derivative with full multimedia support), install the SELinux package through the applicable package manager, follow the instructions, and you, too, can run the NSA-developed -and-approved software that protects you from every Windows vulnerability, even if you travel in time.
We now return you to the 18 new conspiracy theories about WannaCry that have developed since you started reading this. They should be claiming that the NSA wrote WannaCry to give Putin and Trump an excuse to start WWIII about now.