Now it is clear that one single hacker from any remote corner of the world can deface electronic information in any website, block any computer to catch a user for ransom, and intrude into systems and networks for paralysing anything that is dependent on a computer. And there is nothing in the present-day world which is not computer-based---call it warfare, missile systems, nuclear reactors, general traffic system, production of any sort in any modern factory, driverless cars, and even your refrigerator and other household gadgets which are soon going to be part and parcel of Internet of Things (IoT).
Last Friday, one single hacker or a group of hackers fired a silent and soft missile equipped with lethal virus that hit more than 100 countries including Bangladesh (as far as the map of the affected countries indicates). The countries that were hit were mostly in Europe and North America. The attack infected more than 125,000 computer systems. Many vital institutions, hospitals, commercial organisations, including National Health Service of England, had to stop their activities before their system could be restored.
It was an unprecedented cyber attack, a "ransomware attack" introducing itself "Wanna Decryptor" or "WannaCry" that was unleashed to demand ransom from the victims. The virus exploited vulnerability in Microsoft Windows operating system. After taking over a computer the malware first blocked all the files stored in a computer and then displayed a message demanding payment in Bitcoin (a virtual currency) if the computer user wanted his files back. On receipt of payment, about US Dollar 300 in Bitcoin in each case, the files were unlocked and returned to the owner. The shrewd hackers have already made away with US Dollar 28,500.
What an easy way to make money! There is no reason for the hackers to stop this touchstone-like money-making machine. They can now effortlessly change the code of the virus and then start over with a new variant to churn in money in Bitcoin.
The security experts are warning that another major attack may be imminent. The computer users have been advised to save their important data in detachable hard disks so that they don't have to pay the ransom. To immune themselves from future malicious attacks the computer users need to upgrade their systems and update their software and anti-virus security apps.
Meanwhile, MalwareTeck, a 22-year-old 'accidental hero', who wants to remain anonymous, emerged to beat the hacker. The hero first noticed that the malware was trying to contact a specific web address which was not registered, a long jumble of letters, every time it infected a new computer. He decided to register that domain for 10 dollar to track the spread of the 'ransomware virus' and serendipitously managed to halt further spread of the attack. The hero advised: "It's very important that people patch their systems now. We have stopped this one, but there will be another one coming soon and it will not be stoppable by us."
Investigators are, however, working hard to track down those responsible for the ransomware used on Friday.
It is now high time for policymakers and security professionals to think of the impossible to happen anytime, anywhere and devise retaliatory measures to thwart cyber attacks which could be much more devastating than any war the civilization witnessed in the past.
The developed countries are already spending time and resources to protect their computer systems. But developing countries like Bangladesh are the most vulnerable ones as the security of information technology is not as prioritised as other demanding areas like natural calamities.
The Bangladesh government should rise to the occasion and must raise and maintain a heightened level of cyber alert and advise the vital institutions, both public and private, to apply a recognised standard and follow the best practices for computers and their physical security.
All computer users should be advised to backup their data, and update their systems. Suspicious activities found by anybody should be reported to a central body like, for example, 'Cyber Security Control Room' so that immediate measures can be taken to thwart a cyber attack. There should also be provisions for rewarding successful reporters of cyber threats.
Many of us, especially the computer users in the private sector, use pirated copies of software including those of the operating systems because the poor among us cannot afford to purchase the original copies of the software. Many of us don't know that pirated software is not updateable and hence more vulnerable to cyber attacks. And in any attack, call it cyber or natural, it is usually the poor who are the first victims. To encourage the use of original software subsidies may be given by the government to all and sundry in any form.
The way we all are getting intoxicated with the zaniest and the smartest computers, mobile phones, and a plethora of apps we perhaps have no escape door from the world of information technology. The technology has given us the easiest tool of communication almost free of charge. We have discovered free domains like Facebook, email, Web Space, etc., to occupy and advertise our personal identities. Online purchase is like a piece of cake. Online reading has liberated us from the prison of ignorance opened windows for quenching our thirst for knowledge. E-government has made business and governance unbelievable efficient.
And on top of all we have been acquainted with, a new magic of information technology is going to touch our everyday life in the form of "Internet of Things" (IoT), a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and sensors. IoT will enable our smart phones to tell us how many eggs are left in the refrigerator and when we must send our car to a workshop for repairing or replacing one of its vital parts. Internet has made our phones smart and IoT will make our whole home smarter.
Computers and the Internet have been integrated into our lifestyle. Any attack on our computerized way of life should be deemed an existential dread.
There was a time when a typical hacker was just a youngster operating from his home PC and his attacks were mostly limited to pranks and vandalism.
But nowadays hacking has become much more sophisticated, more dangerous, and harder for even a government to stop. Today, cyber attacks are being carried out by organised crime rings, which make millions each year by stealing from or extorting businesses, governments and consumers. There are also state-sponsored hackers who target businesses and governments as part of a geopolitical confrontation. A state-sponsored hacker has already mastered the science of manipulating election results of a country or crippling a missile operation of an enemy.
Preventing such global cyber attacks is not easy, and there's no such thing as a "silver bullet" to thwart the attack " But if we know ahead of time how our computers are likely to be hacked, that gives us a crucial advantage when defending against a sophisticated hacker. Legislative measures should be taken to protect our cyber domains and information must be shared to take clues from one attack and use the same to protect our computers from future attacks.
[email protected]
