TOPIC: keycodesoftware

The untold story of notpetya, the most destructive cyberattack in historyBackchannelbusinessculturegearideassciencesafetypodcastsvideoartificial intelligenceclimategamesnewsmagazineeventswired insiderjobscouponsandy greenberg excerpt
The untold story of notpetya, most devastating cyberattack in history
It was a beautiful sunny summer day in copenhagen when the world's largest shipping conglomerate began to go berserk.
A.P. Headquarters møller-maersk is located next to copenhagen's cobbled waterfront. The ship's mast, bearing the danish flag, is set on the building's northeast corner, and six floors of blue-tinted windows open onto the water at the pier where the danish royal family has parked their yacht. In the basement of the building, managers are able to visit the corporate gift market, where you can actually find bags, as well as maersk brand ties, but also a rare lego model of a giant triple-e container ship, a ship about the same size as the empire state building. Its side capable of carrying another load the size of the empire state building stacked on top of it.
This gift shop also houses a tech support center, the only desk staffed by it troubleshooters, next to the cashier shop. And on the afternoon of june 27, 2017, confused maersk employees began to gather at such a workshop in twos and threes, many with laptops. On the monitors of the cars were messages written in reddish and black letters. Some read "restore the file system on drive c:" with a categorical warning not to turn off the computer. Others, more surreal, read "oops, your videos and files you need are encrypted" and demanded a payment in bitcoins worth $300 to decrypt them.
September 2018. Subscribe to wired.
Across the street, an it administrator named henrik jensen worked in your part of the maersk complex, a richly decorated white stone building that in previous centuries served as the royal archive of nautical charts - and diagrams. (Henrik jensen is not his real name. Like almost every maersk employee, client, or partner i interviewed, jensen was terrified of the repercussions of coming out in public to support this story.) Jensen has been busy preparing a virtual gear upgrade for nearly 80,000 maersk employees, in case his computer screen restarted unexpectedly.
He cursed softly under his breath. Jensen speculated that the unplanned reboot was a typical bounce by the central it department of maersk, the little woman-in-europe organization that oversaw much of a corporate empire whose eight business units ranged from ports to route to oil drilling at 574 firms in 130 countries. . Around the world.
Jensen looked up to ask if anyone in his open-plan office days had been interrupted by it musicians, so rudely. And when he stretched his head out, he saw the home computer screens in the apartment flashing rapidly.
“I saw a wave of screens that turned black. Black, black, black. Black black black black black, he says. The computers, jensen and his neighbors quickly discovered, were permanently locked out. The restart only brought them back to the same black screen.
Across maersk headquarters, the full extent of the crisis was beginning to become clear. For half an hour, maersk employees ran down the corridors yelling at their colleagues to shut down computers or disconnect them from the maersk network before malware could infect them, as they realized that every minute could entail tens or thousands of newly invented damaged computers . . Technical workers ran into conference rooms and turned off machines during meetings. Before long, employees were climbing over the locked gate with the keycard, which was paralyzed by the still mysterious malware, to spread the warning to other parts of the building.
It took a long time to shut down the entire maersk global web. It staff of the company several panic hours. At the end of such intercourse, each employee was ordered to turn off the laptop and keep it in the workplace. The digital phone numbers in all booths were also rendered useless due to the use of a network emergency shutdown.
At about 3:00 pm, a representative from the maersk transport company entered the premises where jensen and about a dozen of his colleagues eagerly waited for news and told them to go home. The maersk network was so badly damaged that even the it staff were helpless. Several old school managers ordered their teams to have an office.But often employees, completely idle without computers, servers, routers, and corded phones, simply left.
Jensen walked out of the building into the warm air of a late june afternoon. Like most of maersk's employees, he had no idea when he would be able to take on the job. Of the world's entire carrying capacity, perished in the water.
On the outskirts of fashionable podil in the ukrainian capital of kyiv, coffee shops and parks abruptly disappear, giving way to a bleak industrial landscape. Beneath the overpass, behind littered railroad tracks and behind concrete gates, is the four-story headquarters of the linkos group, a small, family-run ukrainian software development business.
Upper three flights of stairs in the real building is the server room a rack of computers the size of a pizza box is connected by a tangle of wires and marked with handwritten numbered labels. On a weekday, these servers push routine updates—bug fixes, security patches, interesting categories—to a piece of accounting software called m.E.Doc, which is more or less the ukrainian equivalent of turbotax or quicken. Almost everyone who registers taxes or runs a business in russia appoints it.
But for a moment in the new year, these machines served as the epicenter of the most destructive cyberattack since the invention of the internet. An attack that began at least as an attack by one nation against another.
For the past four and a half years, ukraine has been waging a grueling undeclared war with russia that has killed more than 10,000 ukrainians and displaced millions more . The conflict has also led to ukraine becoming a testing ground for russian cyber warfare tactics. In 2015 and 2016, while the kremlin-linked hackers we know as fancy bears were hacking into the servers of the us democratic national committee, another segment of agents, known as the sandworm, hacked into dozens of ukrainian government organizations and companies. They infiltrated online victims, from media outlets to railroad companies, detonating logic bombs that destroyed terabytes of data. The attacks followed a sadistic seasonal rhythm. During the winter of both years, the saboteurs completed their destructive operations by causing widespread power outages - the first confirmed blackouts caused by hackers. In the spring of 2017, unbeknownst to anyone in the linkos group, russian military hackers hijacked the company's update servers in order to gain access to hundreds of computers all over the russian federation and around the world, on which the m.E.Doc program was installed. Then in june 2017, saboteurs used that back door to release a virus called notpetya, the most dangerous cyberweapon they have ever used.
Louise matsakis
The code pushed by the hackers has been honed for automatic, rapid, and indiscriminate distribution. “To date, this has been done by simply the fastest-spreading malware we have ever seen,” says craig williams, director of public relations for cisco talos, one of the first security offerings to reverse engineer and analyze notpetya. “In technical terms, the second you saw it, your information analysis center was already gone.”
Notpetya appeared on 2 powerful hacker exploits, functioning in pairs. The most important of these was a hit toolkit known as eternalblue, created by the us national security agency, but earlier in the new year there was a catastrophic leak of the agency's top-secret files. Eternalblue exploits a vulnerability in a specific windows protocol, allowing hackers to freely run their private code on the network on every unpatched computer.
Notpetya architects combined this digital skeleton key with a very old invention known as mimikatz , created as a proof of concept by french security researcher benjamin delpy in 2011. Delpy originally released mimikatz to demonstrate that windows leaves users with passwords that are in the lives of computers. After the hackers gained initial quick and hassle-free access to the laptop, mimikatz could extract these passwords from ram and follow them to hack into other machines accessible with the same credentials. In a social network with multi-user computers, such a move could even allow an automated attack to move from one piece of hardware to another.
Before launching notpetya, microsoft released a patch for its own eternalblue vulnerability.Yet, together eternalblue and mimikatz created a dangerous combination. "You can infect computers that don't have the patch installed, https://keycodesoftware.com/, and finally get the passwords from those computers to infect other computers that do have the patch installed," says delpy.
notpetya got its name from its resemblance to petya ransomware, a piece of criminal code that surfaced in early 2016. And extorted victims to pay for a key to remove the password from their files. But notpetya's ransom messages were nothing more than a ruse: the purpose of the malware was purely destructive. It irreversibly encrypted the master boot records of computers, a deeply rooted part of the machine that tells it where to find its own operating system. Any ransom that the victims tried to generate was useless. There was not even a key to reorder the contents of their computer.
Ukraine was the target of the weapon. But its blast radius was the whole world. “This limitation was tantamount to using napalm to achieve a small tactical victory,” bossert says.
The release of notpetya was an act of cyber warfare almost unequivocally—more explosive, in fact, than even its creators intended. A few hours after the personal first appearance, the worm broke out of the borders of ukraine and has now spread on the market, there is a huge number of machines all over the world, from hospitals in pennsylvania to a chocolate factory in tasmania. This hurt multinational companies including maersk, pharmaceutical giant merck, fedex's european subsidiary tnt express, french construction company saint-gobain, fruit maker mondelēz and maker reckitt benckiser. In any situation, this resulted in a nine-figure cost. It even spread back to russia, hitting the state oil company rosneft.
As a result, the total damage was more than $10 billion, according to a white house estimate, confirmed wired by former national security adviser tom. Bossert, who at the time of the attack was president trump's most senior cybersecurity official. Bossert and u.S. Intelligence agencies also confirmed late in the winter that the russian military — prime suspects in any kind of cyberattack against ukraine — was responsible for running the malicious code. (The russian foreign ministry declined to respond to repeated requests for reviews.)
To calculate the extent of the damage caused by notpetya, consider the nightmarish but more typical ransomware attack that paralyzed the atlanta city government. In march 2018: it cost up to ten million greenbacks, which is one tenth of a percent of the value of notpetya. Even wannacry, the more infamous worm that spread a month before notpetya in late spring 2017, is valued at between $4 billion and $8 billion. Since then, nothing has come close. “Although there were no human casualties, it was still tantamount to using a nuclear bomb to achieve a small tactical victory,” says bossert. “This is a level of recklessness that we cannot tolerate on the international stage.”
In the year since notpetya rocked the world, wired has delved into the experience of one corporate giant brought to its knees. The russian worm: maersk, whose malware fiasco clearly demonstrates the danger that cyber warfare now poses to the infrastructure of the world around us. The leaders of the shipping giant, like every other non-ukrainian victim approached by wired to talk about notpetya, declined to officially comment on the story. The wired account is instead compiled from contemporary and former maersk sources, most of whom preferred to remain anonymous.
But notpetya's story is not about maersk, by the way, or even about ukraine. This is the story of a nation-state military weapon released on an environment where national borders are meaningless and collateral damage is dealt with a brutal and unexpected logic: when an attack on ukraine hits maersk and an attack on maersk hits everywhere. Immediately.
Aleksey yasinsky expected a quiet tuesday at the office. This was done on the eve of the constitution day of ukraine, a national celebration, and a significant part of its employees were either planning a vacation or had already gone there. However, not yasinsky. Last year, he headed the cyber lab at information systems security partners, which quickly became the go-to firm for victims of the ukrainian cyber war. This work instruction did not allow for downtime. In fact, since the first strikes of russian cyberattacks were carried out in late 2015, he has allowed himself a total of 7 days of rest.
So yasinskiy was unperturbed when he got a call that morning from the director of issp telling him that oschadbank, ukraine's second largest bank, had been attacked. The bank told issp that it is facing a ransomware infection, which is becoming the most common crisis for firms around the world targeted by cybercriminals, dealing with is simple and straightforward. But when, half an hour later, yasinsky entered the it department of oschadbank in its central kiev office, he realized that it was something for himself and his loved ones. “The staff was confused, confused, in a state of shock,” says yasinsky. About 90% of the bank's many computers were locked down, showing notpetya's "disk recovery" messages and ransomware defenses.
After a quick examination of the bank's surviving logs, yasinsky realized that the attack had been an automatic worm that obtained administrator credentials by any means. This allowed him to run amok in the banking network, like a prisoner who stole the keys from the warden.
After analyzing the bank break-in at the issp office, yasinsky began to receive orders and messages from us. In ukraine, telling him about these cases in some companies and public institutions. One told him that another victim had tried to pay the ransom. As yasinsky suspected, the payment had no effect. It wasn't just ransomware. “There was no silver bullet, no antidote,” he says.
This year, the notpetya malware spread from the servers of a modest ukrainian software company to some of the leading companies in all countries, paralyzing their activities. Here is a catalog of approximate damage reported by some of the worm's most severe victims.
Merck pharmaceutical company
Fedex delivery company (through european subsidiary tnt express)French construction company saint-gobain
Danish shipping company maersk
Snack company mondelēz (parent company of nabisco and cadbury)
British manufacturer reckitt benckiser (owner of lysol and durex condoms)
Total damage from notpetya according to the white house
In a thousand miles south, issp ceo roman sologub was trying to take a constitution day holiday on turkey's south coast, preparing to go to the seaside with his family. His phone also began to explode with calls from issp tourists, who either saw notpetya tearing up their internet or read information about the attack and frantically sought advice.
Sologub retired to his own hotel, where he spent the rest of his time , responding to more than fifty calls from tourists who alternately reported that their networks were infected. The security operations center issp, which monitored customer networks in real time, warned sologub that notpetya was saturating victims' systems at a terrifying rate: it took 45 seconds for a large ukrainian bank's network to shut down. Part of one large ukrainian transit hub, where issp installed its equipment in a demonstration role, was completely infected in 16 seconds. Ukrenergo, the energy company whose network issp helped rebuild after the 2016 cyberattack, has also been hit again. “Did you forget that we were going to implement new security measures?” Sologub recalls how a frustrated ukrenergo cio asked for tiles over the phone. "Well, it's too late."
By noon, the founder of issp, a serial entrepreneur named oleg derevyanko, also interrupted his own leisure. Derevyanko was driving north to have sex with his family at a country house for a holiday when notpetya calls started. He soon pulled off the highway and worked at a roadside restaurant. By noon, he had alerted all the executives who called to shut down your constructs without difficulty, even if it meant shutting down their entire company. In most situations, they were already exceedingly slow to wait. “By the time you got to them, the infrastructure was already gone,” says derevianko.
Nationwide, notpetya was eating ukrainian computers alive. Only in ukraine it will affect at least four hospitals, six energy companies, two airports, more than 22 ukrainian banks, atms and card payment systems in the trade network, even on the metro, and almost all federal departments. “The government was dead,” sums up the minister of infrastructure of ukraine volodymyr omelyan. According to issp statistics, at least 300 firms were affected, and one senior ukrainian government official estimated that 10% of all computers in the country were destroyed. The attack even disabled computers used by scientists at the chernobyl test site, 40 miles north of kyiv. “It was a massive bombardment of all our systems,” says omelyan.
When derevyanko left the restaurant in the early evening, he stopped to fill up his car and found that the petrol station's credit card system had also been seized by notpetya. With no cash in his pockets, he looked at the gas gauge, wondering if he had enough fuel to woo his village. Across the country, ukrainians were puzzled by the same questions: will everyone have enough money for goods and gasoline to survive the blitzkrieg, will they receive personal salaries and pensions, will prescriptions be issued. By the time the outside world was still debating whether notpetya was ransomware or a weapon of state-sponsored cyber warfare, the issp staff were already calling it the latest phenomenon: “a massive, coordinated cyber invasion.” / >During this epidemic, a single infection is especially life-changing for maersk: in the office, in odessa, a port city on the black sea coast, the cfo of maersk ukraine asked it administrators to install the m.E.Doc accounting software to one computer. This gave notpetya the one foothold it needed.
The shipping terminal in elizabeth, nj—one of 76 that make up maersk's port operations division, known as apm terminals—is expanding in newark bay on a square mile artificial peninsula. Tens of thousands of stacked, perfectly modular shipping containers cover its vast asphalt landscape, and 200-foot-tall blue cranes hang over the bay. From the high-rise skyscrapers of lower manhattan, five miles away, they look like brachiosaurs gathered at a jurassic water hole.
On a good day, approximately three thousand trucks arrive at the terminal, each tasked with picking up or dropping off large amounts of pounds of everything from diapers to avocados to tractor parts. They begin the process, as do air passengers, by checking in at the terminal gate, where scanners automatically read the barcodes of their containers, and a maersk clerk talks to the truck driver over a speaker system. The driver gets a printed ticket showing where to park so that a massive yard crane can haul their container from the truck chassis onto the stack on the cargo portal, where it was loaded onto the container ship and hauled across the ocean - or the whole step in reverse.
On the morning of june 27th, pablo fernandez was waiting for dozens of truckloads of cargo from elizabeth to leave for a port in the middle east. Fernandez is a so-called forwarder - an intermediary who is paid by cargo owners to ensure that their property arrives safely at a destination on the other side of the world. (Fernandez isn't his real name.)
Around 9:00 a.M. New jersey time, fernandez's phone began to buzz with various screaming calls from angry cargo owners. Both have just learned from truck drivers that their vehicles were stuck near the maersk terminal in elisabeth. “People were jumping up and down,” fernandez says. “People couldn't load their containers into the gate and take them out.”
This gate, the narrow passage for the entire maersk terminal in new jersey, was dead. The clerks at the gate fell silent.
Soon, hundreds of 18-wheelers lined up in a queue that stretched for miles from the terminal. An employee at a nearby corporate terminal in the same port of new jersey watched the trucks assemble, bumper to bumper, farther than he could see. He saw gate systems fail 15 percent percent percent % % minutes or half an hour ago. But a few hours later, without hearing from maersk at all, the port authority announced that the company's terminal at elizabeth would be closed for the rest of the day. “It was at that moment that everyone began to understand,” recalls an employee of a neighboring terminal, “that this was an attack.” The police began evaluating the drivers in their cabs, telling them to unwrap their huge loads and get out.
Fernandez and a host of other enraged maersk customers were faced with a set of bleak options: they could try to withdraw these funds. Precious cargo to other ships at premium rates at the last minute, often traveling the equivalent of a reserve. Or if their cargo was part of a tight supply chain, such as farm components, maersk downtime could mean shelling out for exorbitant air freight or risking work stoppages where 1 day of downtime costs hundreds of thousands of dollars. Some of the containers, known as refrigerated trucks, were electrified and filled with perishable goods that needed refrigeration. They had to be hooked up somewhere or their contents would rot.
Fernandez had to ingeniously find a warehouse in new jersey where he could hide his customers' cargo while he waited for word from maersk. .According to the words, on a certain first day, he received only a single official e-mail that read like “gibberish”, from an exhausted mail or a maersk employee’s gmail social network, where there was no real explanation for the growing crisis. The rental firm's main website, maerskline.Com, was down and not a single person in the company picked up the phone. Some of the tanks he shipped that day on the maersk ships remained lost in freight yards and ports around the world for the next three months. “Maersk became like a black hole,” fernandez recalls with a sigh. “It was just fucked up.”
Actually, it was just fucked up. The same scene played out at 17 of maersk's 76 terminals, from los angeles to algeciras in spain, rotterdam in the netherlands and mumbai. The gates were down. The cranes are frozen. Many thousands of trucks will be diverted from comatose terminals in different countries.
It will be impossible to come up with any new orders that will essentially block maersk's main income from cargo transportation. The computers on the maersk ships were not infected. But the terminal software, designed to enroll the eic files from designated ships that tell terminal operators the exact contents of their massive cargo holds, has been completely destroyed. This left the maersk ports without a guide to assist in the colossal jenga game of loading and unloading huge stacks of containers. The supporting circulatory system of the global economy itself will remain disrupted. “It was clear that this was a problem of unprecedented proportions in global transportation,” recalls one maersk client. Days after his screen went blank in the left corner of the maersk office, henrik jensen was at home. In his apartment in copenhagen, enjoying a breakfast of poached eggs, toast and marmalade. Since the drug left the office on tuesday, its administration has not heard a word from any of its superiors. Then his phone rang.
When he answered, he is now on a conference call with three maersk employees. It was needed, they said, at maersk's office in maidenhead, england, a city west of london where the conglomerate's it company, the maersk group infrastructure services, was based. They told him to drop everything and go there. Immediately.
Two hours later, jensen was on his way to london, driving into the eight-story glass-and-brick building in the center of maidenhead. When he arrived, he revealed that the building's fourth and fifth floors had been converted into a 24-hour operations center. Its sole purpose is to restore maersk's global network after the collapse of notpetya.
As jensen learned, some maersk employees have been in the middle of rebuilding since tuesday, when notpetya first struck. Some slept in the office, under their desks, or in the corners of conference rooms. Others seemed to be arriving every minute from other parts of the world with baggage in their arms. Maersk booked virtually every hotel room within tens of miles, every bed and breakfast, every spare room above the pub. Employees ate snacks that someone had hoarded in the office kitchen after going to the nearby sainsbury's grocery store.
The regeneration center in maidenhead was run by the consulting company deloitte. In effect, maersk gave the british firm carte blanche to resolve the notpetya situation, and at any given moment there were up to 200 deloitte employees in maidenhead, as well as up to four hundred percent of maersk employees. All computer equipment used by maersk prior to the notpetya virus outbreak was confiscated over fears it could infect new circuits and signs were posted threatening disciplinary action against anyone using it. Instead, employees went to all the necessary electronics stores in maidenhead and bought mountains of new computers and prepaid hotspot routers. Jensen, like hundreds of other maersk it people, was given the best of these fresh desktops and told to do his part. “Last of all, it was simple: “find your own place, get down to business, do whatever it takes,” he says.
At the beginning of the operation, the it staff who restored the came to a nauseating realization. They found dslrs of many individual maersk servers dated from 3 to 7 days before notpetya appeared.But almost no one got a chance to find a backup for one critical layer of a company's network: its domain controllers, servers that act like a detailed map of the maersk network and establish the key principles that govern which users are allowed to access which systems. Approximately 150 maersk domain controllers were programmed to synchronize internal information on various parameters, so theoretically each of them was able to function as speculative for all the others. But the decentralized backup strategy cited did not take into account one scenario: when every domain controller is erased at the same time. “If humans can’t restore our domain controllers,” recalls the maersk it specialist, “we won’t be able to restore anything.”
After a frantic global search, administrators finally found the only surviving domain controller in a remote office , in ghana.
After a frantic search that called hundreds of it administrators in data centers around the world, desperate maersk administrators finally found: one surviving domain controller in a remote office-in ghana. At one point or another before notpetya struck, the blackout disabled the ghanaian machine and the laptop remained disconnected from the system. Thus it contained the only known copy of the company's domain controller data, which was left untouched by malware and others thanks to the power outage. “There were a lot of cheers at the office when we found it,” says administrator maersk.
However, when busy engineers at maidenhead connected to a job in ghana, they discovered that its intake is so small that to transfer a backup copy of a domain controller a couple of hundred gigabytes in size, it will take several days to make a british tourist visa. Their next idea is to put a ghanaian subordinate on the next flight to london. But none of the people in the west africa office had a british visa.
So the maidenhead operation set off a special baton: one employee from a firm in ghana flew to nigeria to meet another maersk employee at the airport terminal to give a very valuable hard drive. The employee then boarded a six-hour flight to heathrow, taking with him the cornerstone of the entire maersk recovery process.
With this rescue completed, the maidenhead office can resume maersk's core services. After the first days, maersk's port operations regained the ability to read ship inventory files, so operators were no longer blind to the contents of huge ships with 18,000 containers arriving in their harbours. But it will be some time from the initial outage before maersk starts accepting orders via maerskline.Com for the latest supplies and it will be a full 8 days before terminals around the world start working normally.
In the meantime, maersk employees worked with the tools that they had available to them. They attached paper documents to shipping containers at apm ports and were able to take orders through personal gmail accounts, whatsapp and excel spreadsheets. “I can tell visitors what a rather strange experience it is to order 500 shipping containers via whatsapp, but that’s exactly what our experts and developers have listed,” says one maersk customer.
About two weeks after the maersk attack, the network finally reached a point where the organization could start re-issuing personal computers for most employees. Back at headquarters in copenhagen, the rooftop dining room was turned into a reinstallation conveyor. Computers were lined up in 20's at dinner tables, and service technicians walked the aisles inserting dozens of usb sticks they'd copied dozens of, poring over clues for hours.
A few days after returning from maidenhead, henrik jensen discovered the correct pc in alphabetical order from many computers, its hard disk space was erased, and a clean windows image was installed. Absolutely everything he and another maersk employee stored locally on corporate computers, from notes to contacts to family photos, was gone.
Five months after maersk recovered from the notpetya attack, maersk chairman jim hagemann snabe sat on stage at the world economic forum in davos, switzerland, and praised the organization's "heroic effort" in its efforts to rescue it. According to the provided words, since june 27, in the event that he was first awakened by a phone call at 4 am in metropolitan areas before a scheduled speech at a conference in stanford, it took the company only ten days to restore a personal network of 4,000 servers and 45,000 pcs. .(Full regeneration took many more days and hours: some employees of the maidenhead facility continued to work holiday and night for almost 2 months to restore the maersk software setup.) “We have overcome the problem with human resilience,” snab told the crowd.Since then, snabe continued, maersk has been working not only to improve its cybersecurity, but also to make it a "competitive advantage." Indeed, as a result of notpetya, it pros say many of the security features they asked for were approved almost immediately, for the most part. The company deployed multi-factor authentication, and the upgrade to windows ten was long delayed.
However, snabe said little about the quality of the company's security before ne petya. Maersk's security staff told wired that certain of the corporation's servers before the attack were still running windows 2000, the operating system, so the old microsoft no longer supported it. Now one group of it leaders was pushing for a proactive security change across the entire maersk worldwide network. They looked at the certainly less than ideal maersk software fix, outdated libreelec, openelec, osmc, and above all, insufficient network segmentation. They're the ones who warned that the latest vulnerability could allow malware that has access to the nearest part of the network to quickly take over the boundaries of its original foothold, just as notpetya will do next year.
Update banking information systems had the green light, and financial opportunities. But its success has never been the so-called kpi for the mostmost commonmost in-demandmost famousmost commonmost common maersk cios, so its implementation will not affect their bonuses. They never made any progress on security.
Few firms have paid more for being slow on security issues. In his davos speech, snabe said the firm only reduced its total supply by 20 percent during the notpetya outage, thanks to its quick action and manual workarounds. But in addition to the lost work and downtime of the organization, and in addition to the capital investment to restore the entire network, maersk has also reimbursed many of all customers for the cost of rerouting or storing their abandoned cargo. One maersk customer said he received a seven-figure check from the firm to cover the cost of sending his cargo on a charter plane at the last minute. “They paid me a cool million for a two-minute discussion at the most,” he says.
Apart from the panic and disruption that it caused, notpetya may have erased traces of espionage or even intelligence for possible sabotage.
In general, as snab calculated in his comments in davos, notpetya cost maersk from 250 to 300 million dollars. .
Despite this, these numbers are just beginning to describe the magnitude of the damage. Logistics companies that depend on maersk-owned terminals for their lifeblood were not treated any less flawlessly during the outage than maersk's customers, for example. Jeffrey bader, president of the port newark-based trucking group of the bi-state automobile carriers association, estimates the unreimbursed costs of auto firms and truckers alone at several times the millions. “It was a nightmare,” says bader. "We've lost a lot of money and we're furious."
Maersk's larger cost of violating global supply chain compliance with state regulations and laws that depend on documents getting anywhere quickly and manufacturing components is very measurable. And very difficult. And, of course, maersk was the only casualty. Merck, whose ability to manufacture some drugs was temporarily shut down by notpetya, told shareholders it lost a staggering $870 million to malware. Fedex, whose european subsidiary tnt express was hit by a hack, , , for a long, long time, and took months to recover some of its data, has taken a hit on its 400m greenback value. The french construction giant saint-gobain lost about the same amount. Reckitt benckiser, the british condom maker durex, lost $129 million, and mondelēz, the owner of chocolate maker cadbury, lost $188 million. Many victims without public shareholders have secretly calculated their losses.
Only when you start to multiply the history of maersk - imagining the same paralysis, the same serial crises, the same debilitating recovery - playing out everywhere.Dozens of other victims of notpetya and many other industries, so that the true extent of cybercrime in the country began to emerge.
“This was becoming a very important wake-up call,” said snabe. At his panel in davos. After which he added, with a scandinavian tinge of understatement, “very expensive, one might say.”
A week after the notpetya epidemic, the ukrainian police, dressed in special forces camouflage and armed with assault rifles, poured from vans into a small headquarters linkos group, running up the stairs like a seal team six invading bin laden's compound.
They pointed their rifles at the bewildered will be able to use the services and lined them up in a corridor, according to company founder olesya linnik. On the second floor, next to her office, armored cops even knocked out the door to room 1 with a metal club, despite the fact that linnik offered a key to unlock it. “It was an absurd situation,” linnik says with an annoyed sigh.
The paramilitary police squad finally found what they were looking for: a rack of servers that played the role of a patient. Zero in the notpetya plague. They confiscated the intruder machines and placed them in plastic bags.
Even now, more than a year after the catastrophic spread of the attack, cybersecurity experts are still arguing about notpetya's mysteries. What were the true intentions of the hackers? Kyiv employees of the security company issp, in particular oleg derevyanko and alexei yasinsky, assure that the attack was aimed not only at destruction, but also at cleaning. Finally, the hackers who launched it first had free access to the victims' networks for months. On top of the panic and disruption it caused, notpetya may have even erased traces of espionage or even intelligence for future sabotage. Near the end of spring, the us department of justice and ukrainian security officials announced that they had thwarted a russian operation that infected half a million internet routers, mostly in our country, with the latest form of destructive malware.
while some in the security community still see notpetya's international casualties as collateral damage, cisco's craig williams says russia knew full well how much this worm would hurt the international world. He states that such consequences were aimed at the fact, in order to directly punish anyone who dares even to keep an office near the borders of an enemy of russia. “Anyone who thinks this was an accident is wishful thinking,” williams says. "It was a malware that is needed for quick political correspondence, if you want to do business in our country, something bad will happen in your house."
However, very much who studied notpetya, i agree in some way: it happens first, or even repeats itself on a larger scale. Global corporations are simply too interconnected, information security is too complex, attack surfaces are too wide to spare themselves state-trained hackers bent on unleashing the next worm to shock the world. Russia, meanwhile, is unlikely to have been penalized by the us government's notpetya plan, which was implemented 8 months later by a worm and whose punishments were mixed with other messages condemning russia for everything from misinformation about the 2016 elections to us hacking investigations . The power grid. "The lack of a proper response was basically an invitation to more escalation," says thomas reed, professor of political science at the johns hopkins college of advanced international studies.
But perhaps the most valuable visual notpetya's lesson is simply the strange extra-dimensional landscape of the battlefield of cyber warfare. Such is the intricate geography of cyber warfare: in ways that are still resistant to human intuition, the phantoms inside the m.E.Doc server room in a sandy corner of kyiv wreak havoc in the gilded conference rooms of the capital's federal agencies, in the ports that dot the globe, in the majestic maersk headquarters to the ports of copenhagen. And throughout the global economy. “How does the vulnerability of this ukrainian accounting program affect the supply of vaccines for the national security of the states and global delivery?” Asks joshua korman, a fellow at the atlantic computer security council, as if still trying to figure out the shape of the wormhole that made this causal relationship possible. “The physics of cyberspace is completely different from other military realms.”
In this physics, notpetya reminds us, distance does not protect. Every barbarian has long been at every gate. And the worldwide network of entanglements in this aether that has united and uplifted the world for the past 25 years could bring it to a complete halt in a matter of hours on a summer day.
Andy greenberg (@a_greenberg) — wired senior writer .This story is taken from his subjects "sandworm", published by doubleday.
This article appeared in the september issue. Subscribe now.
- Saving lives with equipment in syria's endless civil war- let's meet the applicant proposing radical blockchain voting plan- why these spiders are wearing painted citizens and fake eyelashes- full details on each character in avengers: infinity war- how 3d printing exposes the fallacy of federal gun laws- planning to learn more? Sign up for our daily newsletter so you don't miss our latest and greatest storiestwitter
Andy greenberg
Gilad edelman
>