Skip to main content

Curiouser and curiouser

Some reports suggest that it was not spread by a phishing email[1] (although some hedge their bets by saying that it ‘could’ be, with some suggestions that the attackers had a pre-existing foothold that allowed the initial infection to occur,[2] or that it was through infected websites,[3] although there are also reports based on Darktrace information that it was initiated by a phishing email[4] and an initial email infection in Europe was reported as the source by the FT[5], although phishing is then conspicuous by its absence from the Darktrace blog of 17th May.[6] 

It is probably true that there has been more than a little fear, uncertainty and doubt around the attack vector in particular.

This continues as of today (20th May 2017) with the Register quotes Malwarebytes definitively that the vulnerability was exploited by ports canning for exposed SMB ports and not through phishing emails.[7]

The same report suggests that Windows XP does not now seem to have been impacted (it’s so out of date that even the malware won’t work on it) and it was Windows 7 more at risk.

For me, this does of course beg the question as to why Microsoft rushed out a patch for XP?  And then (for me at least) a secondary question as to how they tested the patch if the malware wouldn’t run on the system they just patched?  Maybe I’m just old fashioned.

In the same report comes the statement that the code that could have led to this exploit being loaded onto Github to work with Metasploit.  (For the conspiracy theorists among you, worth noting that Github is also used by GCHQ to upload ‘benign’ open source tools). 

So, obvious questions. 

Was the Github code used to create the wannacry exploit?

Who uploaded the tool on Github?

Why did it take six days for anyone to notice?

"Curiouser and curiouser," said Alice.


[3] Woollaston, Victoria, WannaCry ransomware: what is it and how to protect yourself available at accessed on 19/05/2017 at 10.25


[6] Tsonchev, Andrew, WannaCry: Darktrace’s response to the global ransomware campaign 17/05/2017 available at accessed on 19/05/2017 at 09:50


Popular posts from this blog

Non-Academic Publishing

As part of the PhD process that is now (thank heavens) rapidly approaching its end, there have been several discussions suggesting that publishing some papers in 'respected academic journals' would be 'a good thing'.   There are a number of chapters in the PhD that could be carved out and turned into stand alone papers, but I have to be honest, after nearly four years, I am more likely to tear them out and burn them. 

I digress.

Having spent four years reading academic journals, I'm  not so sure about the value of contributing to them.  If I want to have a pointless debate about issues of definition I can do that when taking the kids to school. (This morning's starter for ten:  "Now that my son is 18 and technically an adult,does this mean my daughter is an only child?"  Son's view is no, daughter's view - well you can probably guess).

I digress again. 

The issue for me (and if you are one of my 12 regular twitter followers you will know this)…

AI and the Internet: Sometimes it feels like the 1990s again

Over the past few months I have been (as well as editing the thesis) looking at the world of Artificial Intelligence developments, mainly in relating to working it into a module on an undergraduate BA course called Technology and National Security. (That's the name of the module which is 13 two hour lectures and 13 two hour tutorials, covering everything from the nature of war, through military ethics, to robotics, drones and automated weapons, with a quick detour through cyber-security and global security governance.  Very interesting if intensely depressing subject matter. Much more on this module in posts over the next few months as I finish up the materials).

Anyway, the over-riding feeling I was getting when looking at the state of AI developments was that it was just like the commercialisation of the Internet in the 1990s.    In brief:

1. Nobody is too sure how it is going to play out in the long term. 

Just like the commercial Internet in the 1990s there is a huge question …

So why are the NCSC so relaxed about Huawei?

I am struggling to work out why the NCSC seems to wedded to their capability to mitigate risks associated with Huawei kit in the UK telecoms network.  The current argument is very much about the risks are less about being Chinese and more about being not very good. It's worth noting that this is not why HCSEC was set up in 2010 and is in fact only a concern that was first fully referenced in the 2016 Oversight Committee report so the argument is possibly somewhat disingenuous.

It may well be that the reasons are completely mundane - it is very embarrassing for GCHQ to admit that after ten years of saying they can mitigate the risks to start claiming they can't and their arguably petulant reaction to the RUSI report shows that they do not like being publicly embarrassed.

So why are the NCSC/GCHQ so relaxed about Huawei?  Some (fairly random) thoughts:

1. They really can mitigate the risk of Chinese equipment in the UK telecommunications infrastructure.  This is what they would …