Sam Leith: How we came to be undone by the Chuckle Brothers of the hacking world

Under attack: The international cyber attack continues to disrupt the NHS
PA
Sam Leith15 May 2017

Most senior politicians simply don’t understand what Donald Trump, winningly, calls “the cyber”. I don’t blame them. I don’t either. For most of us, phrases such as “zero-day exploit”, “spoofing”, “port-forwarding” and so forth might as well be in Betelgeusian.

I take an interest in this stuff — and I’m a good deal less busy than most of our political masters — yet when I read a detailed blog post by an expert about something catastrophic that just happened online, some mass data-dump, or ransomware contagion, or vulnerability in a major data repository, I tend to come away with no more insight, finally, than that, er, something catastrophic just happened online.

But the bottom line must be that if senior politicians don’t understand the cyber, they need to employ people — seriously good people — who do. And the insights of these people must be passed up the chain of command, adequately translated and fed directly into policy. Because what we’ve got now is half-understandings parsed into gobbledygook policy pronouncements (see every Home Secretary back to Jack Straw on the subject of encryption, which is the absolute shallow end of this stuff, conceptually) and vulnerabilities left unaddressed in a fingers-crossed way until such time as the balloon goes up and we’re into Something Must Be Done territory. And that just ain’t good enough. Not even close.

We make much of Trident, the maintenance of the armed forces, and counter-terrorism measures. But these 20th-century security preoccupations mean next to nothing if our national cyber-security is being treated as an afterthought. As witness those Iranian nuclear centrifuges taken down by Stuxnet, it’s not much use having a nuclear deterrent if the IT systems that operate it are vulnerable to hackers. Everything from the financial system to military intelligence to the very operation of democracy itself — as the examples of America and France warn us — depends on information security. Information war is the new frontline.

The NHS was dinged good and proper last week and, perhaps most dismaying of all, was dinged not by some genius black-hat hackers who systematically targeted the organisation but by, most experts agree, a bunch of random amateurs. The attack was a ransomware virus — it locks a computer’s data and demands the user pay a ransom to unlock it. It wasn’t targeted at the NHS: it was just something that floats around the web in the hopes of snagging a few suckers with badly out-of-date operating systems.

Cyber attack hit 200,000 victims across 150 countries, says Europol chief

We know that its authors (because of the transparent nature of Bitcoin, in which their victims pay up) have made no more than around £20k from their worldwide reign of terror; and we know that so clumsy are they that their attack was stopped by accident: an infosec specialist registered a domain name he found in the malware’s code and discovered that that nixed the spread of the virus.

Essentially, then, the NHS’s computer systems — on which lives depend — fell vulnerable to the Chuckle Brothers of the hacking world because a significant minority of their systems were running the steam-age Windows XP; because they hadn’t been patched since the Government shrugged and let a security contract with Microsoft lapse two whole years ago and didn’t bother to replace it (£5.5 million that was worth: pocket-change in national budgets); and because Jeremy Hunt had ignored serious and well-sourced warnings of the systems’ vulnerability — most eye-catchingly the opinion of a neurology registrar, one day before the attack, that hospitals “will almost certainly be shut down by ransomware this year”.

This is the picture-dictionary definition of taking your eye off the ball. We can’t have a hit-and-hope attitude anymore. Not for one second longer.

It’s time to mind the political bollocks

Emily Thornberry Says Bollocks on Andrew Marr

Oh, what a joy it was to see shadow foreign secretary Emily Thornberry, see off Tory MP Michael Fallon on the Andrew Marr programme yesterday. After Mr Fallon suggested that, under a Labour government, the status of the Falkland Islands would be up for grabs, Ms Thornberry said: “You really can’t just go around making this stuff up. There’s an election on and people need to make decisions based on the truth. You’ve just said, for example, that I want to negotiate the status of the Falklands. That is bollocks. It’s untrue.”

Good English epithet, that; not heard enough. And it’s a useful epithet because there’s a lot of it about. The idea that a huge Tory majority is vital to see off the non-existent parliamentary opposition to Brexit, for instance. Or, to be even-handed, nearly every line of the Labour manifesto. On the same day last week there were three separate books called “Post-Truth” published, all of them dealing with what we might call “bollocks” in public life. The more people prepared to call it what it is, the better.

MORE ABOUT