[AusNOG] The Ransomware to come

Mark Smith markzzzsmith at gmail.com
Sat May 13 14:10:03 EST 2017 

On 13 May 2017 12:31 pm, "Paul Wilkins" <paulwilkins369 at gmail.com> wrote:

>In light of today's ransomware attack, (74 countries/with demands translated in 28 languages), I'm tempted to take a step back and take a longer optic on the gap between what the internet was meant to be, and what exists today. The OSI model which built the net was built on implicit trust between each layer and the one above. It was never anticipated that in a couple of milliseconds, a few hundred packets from Kazakhstan could span the globe

I'd say that is a perfect description of the problem being solved with
internetworking protocols, from as far back as when they were being
invented in 1970s.


> to hard drives around the world, and a ubiquitous operating system would then lock up people's data with hard cryptography.

However, what the host OSes and applications do with and how they
interpret the packets' payloads when they arrive isn't the
responsibility of an internetworking protocol.

If you think it can easily be made one, how?

>You don't even need to play Cassandra to realise there's a genuine risk sooner or later, someone will sign a driver (ala Stuxnet), and significant portions of the global internet population will lose their data. Actual costs could run to billions of dollars. Unfortunately it will likely take an event of such magnitude before there's broad recognition that the trust model of the internet built on ipv4 is fundamentally broken, and we need a new network protocol that supports integrated security, and this would be a more worthwhile exercise than replacing ipv4 with ipv6.

The best place to solve a problem is as close to as possible or
ideally where the cause exists. This ransomware is infecting Windows
OS only ... if it was a network layer protocol cause, then those of us
running Linux, Android, Chrome OS, Mac OS X, iOS etc. would also be
effected by it.

This is a Windows OS problem and needs to be solved there - which from
what I've read apparently it was a month or so ago with a security
patch. (There is the broader issue of why Windows PCs aren't being
patched in a timely manner, however that is also not a problem that
can be solved by a network layer protocol.)

I'd also observe that there is no reason why this same issue couldn't
have occurred when viruses were being propagated via floppy disk
between PCs running MS-DOS.

Actually, looking it up, it did (it's now ringing a bell when I think about it).

https://en.wikipedia.org/wiki/AIDS_(Trojan_horse)


Regards,
Mark.

More information about the AusNOG mailing list