On June 27 a computer virus spread quickly through networks across Russia and Europe. The ransomware (which has been called “NotPetya” because of some similarities between it and an earlier virus called Petya) appears to lock and encrypt computers, demanding payment before allowing those affected to unlock and get to their files. The original Petya virus, similar to the WannaCry outbreak from earlier this year, would allow users to get their files back after paying a sum of money via a pseudo-anonymous cryptocurrency called Bitcoin.
NotPetya also prompted for payment, and payments of more than $6,000 were in fact made before the payment method was shut down. Security researchers quickly discovered that the demand for payment was simply a money-making ruse: NotPetya did not actually store any information that would let victims unlock their files.
Who was responsible?
Blame was quickly pointed at the Russian government by the mass media and some technical publications, for a few faulty reasons. First, “Petya” (incorrectly thought to be the initial infection) is a Russian diminutive for the name Pitor: a child named Pitor could be called Petya by his elders.
Second, and more importantly: Some of the initial targets of NotPetya were based in Ukraine. Western governments have supported the new anti-Russian, semi-fascist government in Ukraine that took power in a 2014 coup. Since the coup, the United States government under the Obama and Trump has sided with the Ukrainian government, sending aid to the government, meeting with Ukrainian President Petro Poroshenko, and imposing sanctions on the Russian government over its support for anti-coup resistance in Ukraine.
NotPetya does seem to have spread first by infecting Ukrainian tax software vendor MeDoc, one of only two approved software packages for filing business taxes in Ukraine; from there it hit Ukrainian banks and other companies. From there, it spread to corporate networks across Europe, Asia and the United States. Advertising company WPP, a giant holding company in the marketing world that owns nearly a dozen agencies, was hit first in a subsidiary’s London offices. International shipping company Maersk was also infected, forcing it to shut down multiple terminals around the world. As of June 29, the Maersk terminal at the port of Los Angeles was still shut down. A hospital in Pittsburgh, Pa. was also affected, along with others.
It is important to note that Russian agencies were also impacted by NotPetya. State-owned oil company Rosneft was infected, along with the Russian section of the mining and steel company Evraz.
It may not ever be clear who was responsible for the initial infection of MeDoc. It may have been a disgruntled individual hacker, a hacker group out to cause destruction, or one of many other possibilities, but the swiftness with which the Russian government was blamed can only be ascribed to anti-Russian sentiment.
The real criminals: The NSA and CIA
While the unknown source of the NotPetya attacks has likely caused hundreds of millions of dollars of damage, the real criminal in this case is the National Security Agency. NotPetya used multiple ways to infect and attack systems. The most significant of these three is called EternalBlue. The NSA developed the EternalBlue exploit, taking advantage of a vulnerability in Microsoft’s Windows operating system, which is widely used by businesses worldwide.
The NSA, unlike other spy and intelligence agencies like the CIA and FBI, specializes not in espionage based on individual sabotage but on signal intelligence – the collection and analyzing of communications and electronic signals across the world. The NSA routinely monitors telephone and Internet communications around the globe, creating a massive database under the guise of “counter-terrorism.” While the NSA claims it does not collect any information on U.S. citizens, there have been multiple examples of it doing exactly that, thanks to heroes like Edward Snowden and others.
Under the George W. Bush administration, the NSA was officially authorized to spy on Internet browsing – learning which websites people went to, how often, and what articles they read – and received retroactive approval for similar collections before the authorization.
The PRISM program, made infamous by Edward Snowden’s leaks, showed how the NSA worked with major Internet companies like Facebook, YouTube and AOL to collect information about the users of those services.
As far back as the 1960s, the NSA worked with Australia, the United Kingdom, New Zealand and Canada in a mass surveillance program called ECHELON, which monitored communications with the Soviet Union.
The world learned of EternalBlue in April 2017, when a hacker group called Shadow Brokers leaked it and a handful of other exploits used by the NSA to infect computer systems, making them publicly available over the Internet to anyone.
Security bugs in computer software are nothing new. When a software maker learns of or discovers a security hole, they usually work quickly to fix it and release a software patch to customers so that they aren’t vulnerable. An entire industry of security researchers sometimes known as “white-hat hackers” practices responsible disclosure, giving the companies a reasonable amount of time to fix the security problems before publicly announcing them.
The NSA also looks for security vulnerabilities to exploit in software so it can further its surveillance and intelligence collection, but does not notify vendors of the issues it finds: Fixing those issues would cause the NSA to lose access to its targets. Microsoft released a fix for the EternalBlue exploit used in WannaCry and NotPetya a month before the ShadowBrokers release, but many computers remain vulnerable because they haven’t been fixed.
The NSA is not the only U.S. government agency that engages in this kind of electronic sabotage. In March, Wikileaks announced “Vault 7,” a series of leaks from the CIA’s Center for Cyber Intelligence. The first part of Vault 7 alone covers 8,761 documents from just this one CIA department. Contained
in these thousands of documents are instructions for CIA agents on how to break into computers and computer networks, how to cover their tracks, and how to misdirect blame by, for example, leaving notes in Russian or Arabic. Other documents explain how to hack into iPhones, cars and televisions to monitor those using them.
As noted by Wikileaks, “The CIA had created, in effect, its ‘own NSA’ with even less accountability” and essentially an unlimited budget.
The U.S. intelligence community uses both passive (collection) and active (attack) methods to spy on, monitor and attack people around the globe, including those living in the United States. Like the U.S. military, these agencies are part of the state power that guarantees the continuation of capitalism.
While we correctly and righteously rage against the racist, sexist and anti-worker policies of the President, we must also recognize that he is just part of what Marx called “the executive of the modern state,” which is “but a committee for managing the common affairs of the whole bourgeoisie.”
Real change, real protection from these attacks by shadowy government agencies and sub-agencies, will only come from building an entirely new system that respects the people and puts their needs first: socialism.