Wired has a long article on NotPetya.
EDITED TO ADD (9/12): Another good article on NotPetya.
Wired has a long article on NotPetya.
EDITED TO ADD (9/12): Another good article on NotPetya.
Martijn Grooten • September 9, 2019 6:57 AM
It is very good indeed, and I look forward to Andy’s book on the subject, but the article is from August 2018.
me • September 9, 2019 7:03 AM
That was the first time i noticed real damage caused by a computer virus.
we had TNT Express and others everyday where i work, from that day tnt simply disappeared, we had to relay to other express courriers.
after about one month they started to come back but this time without that kind of “smartphone” to track the shippings, they instead had paper and pen.
after about two month everything was back at normal.
but i have no idea about the costs, it has to be quite a lot.
Phaete • September 9, 2019 7:35 AM
Ooh, just spam for his novel sandworm.
I much prefer technical write ups.
None of that “sadistic seasonal cadence” and other anthropomorphisations in my information diet. Doctor told me to cut down on those.
required • September 9, 2019 7:57 AM
As scary as the story is, the fact that it wasn’t mainstream news (AFAIK) is scarier.
NotShakespeare • September 9, 2019 8:04 AM
A fine example of breathless journalism.
This long article may been considerably shorter if the unnecessary adjectives, breakfast description and exploding phone had been omitted. And no explanation as to why the world’s largest container ship company’s office in a country with $14B of exports only had one computer but no UPS.
Winter • September 9, 2019 8:04 AM
It seems that (not)Petya are another example of Russia not contemplating the collateral damage of it tactics. Incompetent soldiers shooting down MH17, using nerve poison to kill Russians in the UK (and some locals) etc., and notPetya. The backlash of these actions probably undid any tactical advantage.
Also, the article presents the case of Russian operatives waging war on the Ukraine using malware. However, with such tactics the operatives, whichever they are, are showing their hands.
The result is that every country with the resources is busy developing defenses and counter actions, directed at Russia.
The question is now whether the results of these actions against Ukraine were worth waking up the world?
Amsterdam airport has seen a few mysterious outages the last few years following developments in the MH17 case. I would not be surprised if some of these involved cyber attacks.
Vesselin Bontchev • September 9, 2019 9:03 AM
That article is more than a year old, Bruce. Additionally, it is wrong in many, many ways. I sent my corrections to the author at the time but I doubt very much that he will put them in the book he’s writing on the subject.
China • September 9, 2019 9:25 AM
@Winter: “The question is now whether the results of these actions against Ukraine were worth waking up the world?”
Similar question: China busted half a dosen 0-days to iPhones for Ouighours. Why ?
This is how countries (democracies and others) work.
kiwano • September 9, 2019 9:44 AM
something something leaked nsa exploit something nobus something consumer security/crypto vs. government security/crypto something 😛
Anders • September 9, 2019 10:17 AM
Sorry, but the article is not entirely correct.
I have friends in the Ukraine and i has been there.
People had used to the non-working card payment long
ago and do carry cash in their pocket. When there’s
no possibility to pay with card, they use cash, this
does not affect their life nor crippled it. Non-working
card payment systems is something they see every day.
For us this is “extra-ordinal” and i understand that
somebody and journalists want to paint the picture too
Henry Louis Mencken • September 9, 2019 11:11 AM
“How a single piece of code crashed the world”
More cheap salesmanship by an author who has a long history of spinning this kind of ridiculous hyperbole. Sort of makes you wonder what else he’s telling porkies about.
Maybe some day he’ll be able to find honest work as a journalist instead of a corporate shill for the tech barons.
MarkH • September 9, 2019 11:30 AM
It is much more likely than not, that the people who shot down MH17 were at that time Russian Federation soldiers who came into Ukraine with their Buk system, under orders from Russia’s military command authority.
Encourage you to study widely available information about this subject.
SpaceLifeForm • September 9, 2019 3:18 PM
The only take on this incident, that you can really trust, is that Maersk recovered, and recovered quickly, relatively speaking, from a huge mess.
Was it pure luck there was a power outage?
If so, that should reinforce to IT folk, that you just absolutely must keep backups offline. Somehow, someway, you must do mirroring and pull mirrored data storage offline. Every day.
(I say that as one who has dealt with Grandfather, Father, Son replication, and true mirroring, both with removable disc drives. And as one that could not get IT folk to follow procedure. Had to recover a hospital IT because they messed up on procedure. Not fun. Took over a day. No ADT available (Admission, Discharge, Transfer), and other departments such as Radiology, Pharmacy, etc. They had to go manual on paper. The hospital staff was NOT happy. This was approximately 30 years ago.)
A more recent article:
Summer • September 9, 2019 6:36 PM
This should be a giant warning sign that IoT devices, self-driving cars, smarthome equipment and others need to be heavily regulated, licensed, and secured.
Cyberattacks with Slammer/Blaster/NotPetya level of wormability feed on the fragile security monoculture that is currently industry standard.
Petre Peter • September 9, 2019 7:36 PM
Offsite backup wouldn’t have helped without the power outage. They were really lucky.I really didn’t see the necessity of the breakfast description unless marmalade is a code word.
Petter • September 9, 2019 10:10 PM
This article provides an interesting angle into NotPetya:
Ismar • September 9, 2019 10:52 PM
“But the story of NotPetya isn’t truly about Maersk, or even about Ukraine. It’s the story of a nation-state’s weapon of war released in a medium where national borders have no meaning, and where collateral damage travels via a cruel and unexpected logic”
This would be equivalent to a nation state releasing an engineered virus onto the opponent’s population only to have it spread to the rest of the world including the original perpetrators.
Danger with humans is that we are much more skilled in inventing dangerous things than we are in controlling our inventions.
tds • September 10, 2019 9:09 AM
Countries like the USA, Israel, Iran, European countries, Russia, China, North Korea, etc., probably have hacked hardware and software in other countries.
The greatest bang for the buck may be in hacking democratic elections. From a U.S. perspective, but relevant to other countries trying to preserve, or enhance, their democracies: https://www.schneier.com/blog/archives/2019/09/friday_squid_bl_693.html#c6798459
From Thomas Friedman https://www.nytimes.com/2019/09/09/opinion/trump-democracy.html
“Democracies used to collapse suddenly, with tanks rolling noisily toward the presidential palace. In the 21st century, however, the process is usually subtler.
Authoritarianism is on the march across much of the world, but its advance tends to be relatively quiet and gradual, so that it’s hard to point to a single moment and say, this is the day democracy ended. You just wake up one morning and realize that it’s gone.
In their 2018 book “How Democracies Die,” the political scientists Steven Levitsky and Daniel Ziblatt documented how this process has played out in many countries, from Vladimir Putin’s Russia, to Recep Tayyip Erdogan’s Turkey, to Viktor Orban’s Hungary. Bit by bit the guardrails of democracy were torn down, as institutions meant to serve the public became tools of the ruling party, then were weaponized to punish and intimidate that party’s opponents. On paper these countries are still democracies; in practice they have become one-party regimes.”
Regarding NotPetya, from the original post (“‘OP'”)
“When the tense engineers in Maidenhead set up a connection to the Ghana office, however, they found its bandwidth was so thin that it would take days to transmit the several-hundred-gigabyte domain controller backup to the UK. Their next idea: put a Ghanaian staffer on the next plane to London. But none of the West African office’s employees had a British visa.
So the Maidenhead operation arranged for a kind of relay race: One staffer from the Ghana office flew to Nigeria to meet another Maersk employee in the airport to hand off the very precious hard drive. That staffer then boarded the six-and-a-half-hour flight to Heathrow, carrying the keystone of Maersk’s entire recovery process.”
SpaceLifeForm • September 10, 2019 3:11 PM
“Offsite backup wouldn’t have helped without the power outage.”
The power outage in essense created an offsite backup.
I was talking about offLINE backups maintained in the local data centre.
You replicate/mirror to rotating sets of servers every day, and as part of procedure, you disconnect network cables.
And reconnect the cables as needed.
Yes, the costs are higher because you have idle servers.
But, Maersk may have been able to recover quicker if they had a local offline recovery strategy in place.
Note that while this can work well, provided procedure is properly followed, it precludes cloud. Which I do not trust anyway.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Leave a comment