Sunday, August 26, 2018

Sunday Long Read: Hack The Planet

Wired's Andy Greenberg gives us this week's Sunday Long Read, with the story of Russia's most wide-ranging cyber warfare strike to date.  Last summer's NotPetya worm devastated Ukraine and the European Union and served as a clear warning shot that Russia could disable computer networks around the globe if it chose to, and the truth behind the attack was that it was far more powerful and destructive than first thought, reading like a modern Bond villain's plot.

IT WAS A perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind.

The headquarters of A.P. Møller-Maersk sits beside the breezy, cobblestoned esplanade of Copenhagen’s harbor. A ship’s mast carrying the Danish flag is planted by the building’s northeastern corner, and six stories of blue-tinted windows look out over the water, facing a dock where the Danish royal family parks its yacht. In the building’s basement, employees can browse a corporate gift shop, stocked with Maersk-branded bags and ties, and even a rare Lego model of the company’s gargantuan Triple-E container ship, a vessel roughly as large as the Empire State Building laid on its side, capable of carrying another Empire State Building–sized load of cargo stacked on top of it.

That gift shop also houses a technology help center, a single desk manned by IT troubleshooters next to the shop’s cashier. And on the afternoon of June 27, 2017, confused Maersk staffers began to gather at that help desk in twos and threes, almost all of them carrying laptops. On the machines’ screens were messages in red and black lettering. Some read “repairing file system on C:” with a stark warning not to turn off the computer. Others, more surreally, read “oops, your important files are encrypted” and demanded a payment of $300 worth of bitcoin to decrypt them.

Across the street, an IT administrator named Henrik Jensen was working in another part of the Maersk compound, an ornate white-stone building that in previous centuries had served as the royal archive of maritime maps and charts. (Henrik Jensen is not his real name. Like almost every Maersk employee, customer, or partner I interviewed, Jensen feared the consequences of speaking publicly for this story.) Jensen was busy preparing a software update for Maersk’s nearly 80,000 employees when his computer spontaneously restarted.

He quietly swore under his breath. Jensen assumed the unplanned reboot was a typically brusque move by Maersk’s central IT department, a little-loved entity in England that oversaw most of the corporate empire, whose eight business units ranged from ports to logistics to oil drilling, in 574 offices in 130 countries around the globe.

Jensen looked up to ask if anyone else in his open-plan office of IT staffers had been so rudely interrupted. And as he craned his head, he watched every other computer screen around the room blink out in rapid succession.

“I saw a wave of screens turning black. Black, black, black. Black black black black black,” he says. The PCs, Jensen and his neighbors quickly discovered, were irreversibly locked. Restarting only returned them to the same black screen.

All across Maersk headquarters, the full scale of the crisis was starting to become clear. Within half an hour, Maersk employees were running down hallways, yelling to their colleagues to turn off computers or disconnect them from Maersk’s network before the malicious software could infect them, as it dawned on them that every minute could mean dozens or hundreds more corrupted PCs. Tech workers ran into conference rooms and unplugged machines in the middle of meetings. Soon staffers were hurdling over locked key-card gates, which had been paralyzed by the still-mysterious malware, to spread the warning to other sections of the building.

Disconnecting Maersk’s entire global network took the company’s IT staff more than two panicky hours. By the end of that process, every employee had been ordered to turn off their computer and leave it at their desk. The digital phones at every cubicle, too, had been rendered useless in the emergency network shutdown.

Around 3 pm, a Maersk executive walked into the room where Jensen and a dozen or so of his colleagues were anxiously awaiting news and told them to go home. Maersk’s network was so deeply corrupted that even IT staffers were helpless. A few of the company’s more old-school managers told their teams to remain at the office. But many employees—rendered entirely idle without computers, servers, routers, or desk phones—simply left.

Jensen walked out of the building and into the warm air of a late June afternoon. Like the vast majority of Maersk staffers, he had no idea when he might return to work. The maritime giant that employed him, responsible for 76 ports on all sides of the earth and nearly 800 seafaring vessels, including container ships carrying tens of millions of tons of cargo, representing close to a fifth of the entire world’s shipping capacity, was dead in the water.

Maersk recovered, but since businesses around the world treat IT as an grudging expense that destroys profit and data protection as a waste of resources that should never be needed, the NotPetya scenario will happen again and again.


No comments:

Post a Comment