Sometimes playing around in the shop can be a lot of fun and lead to all kinds of unexpected discoveries, but it can also lead to some unforeseen blowups and disasters. Your high school chemistry class might be a good source of memories for such experiences where a playful experiment may have gone seriously wrong. A puff of smoke or a broken beaker may have told you to go back and reexamine the steps of the experiment.
Or the kid playing around in his father’s workshop might stumble upon a better way to cut the wood for that doghouse his father is working on. Or perhaps discover a more efficient way to assemble the pieces after they’ve been cut. Outside of any workshop accidents or injuries, the worst that can happen is producing a doghouse that is misshapen and ready for the trash.
But when some kids get a bit older they want to do more than simply help dad build doghouses or make fluorescent Jell-O in their high school chemistry lab. With a few classes of computer programming under their belt, they can try their hand at more sophisticated and adult stuff, like developing malware for a government spy agency.
Wouldn’t it be cool to write a code that hijacks someone’s computer, locks them out, and demands that they send you money, and if they don’t, it destroys all of their data? And the best part? You can do it without risk of arrest or prosecution because you work for the government. How cool is that?
But the consequences of failure at this level of puttering around the lab is much greater than a broken beaker or a puff of smoke. If you don’t guard your malware code carefully and ensure that it doesn’t fall into the wrong hands, you might be putting millions of people around the world at risk. If you are careless with protecting the code, some very bad things can happen, not to you, of course, but to other, innocent people.
Hospitals may not be able to access the records of their patients, delivery companies like FedEx may be unable to deliver urgent, life-sustaining medicines to those most vulnerable, and computer users everywhere around the world will lose data and projects they have spent years working on.
And that is exactly what happened. Hospitals, major companies and government offices were among those that had their computer networks hijacked and taken over by the ransomware. The majority of the attacks targeted Russia, Ukraine and Taiwan. But British hospitals, Chinese universities and international companies like Fedex also reported that their IT networks were affected by the hack.
If that’s not enough chaos for your tastes, how about learning that Britain’s Defense Secretary was unable to deny that his country’s Trident nuclear submarines run on the same outdated Microsoft software that is targeted by the malware.
And this all started in some NSA office with a few government employees trying to find ways to exploit vulnerabilities in the programming code of Microsoft’s XP software. You can never have enough information on everyone so why not exploit a backdoor in one of the most widely used computer operating systems.
With more than 200,000 victims in at least 150 countries reported, it’s difficult to estimate what this little experiment or project may have cost.
But like Dr. Frankenstein’s inability to prepare for the unforeseen consequences of his grotesque creation, the NSA’s carelessness in protecting the public from the monster they created has wreaked havoc everywhere and placed the burden of their recklessness on others.
Vladimir Putin put it succinctly when he described the NSA’s inability to anticipate unexpected results of creating something so dangerous:
“We are fully aware that the genies, in particular, those created by secret services, may harm their own authors and creators, should they be let out of the bottle.”
Although, he was wrong about this genie causing harm to its creators. The creators of this genie over at the NSA are feeling no pangs of guilt or responsibility for creating their monster and have most probably already moved onto the next project listed on their office’s whiteboard.
Whether or not this will teach the NSA to be more careful in the future is hard to say. But a good start would be for the NSA to pick up the tab for every single ransom paid by the victims of their little experiment. That would seem only fair and is something any company guilty of the same level of neglect would do, either voluntarily or court-mandated, to compensate the victims of their gross negligence.
But this is a government agency, one within the national security apparatus, where such rules of fairness and responsibility simply don’t apply. Not even an utterance of “oops” or “my bad” is required here. Working for the NSA means never having to say you’re sorry.
