There’s reporting from May saying that the NSA kept the Eternalblue security flaw open for five years. The Petya attacks today have actually hit Chernobyl, and radiation there has been required to be monitored manually. That should be a warning sign to indicate how much damage these attacks can cause, but based on only the past year, they’re going to keep happening frequently. And one of these times it could be much worse than it has been, which is why the NSA should stop hoarding many of their software security flaws.
Computer systems from Ukraine to the United States were struck on Tuesday in an international cyberattack that was similar to a recent assault that crippled tens of thousands of machines worldwide.
In Kiev, the capital of Ukraine, A.T.M.s stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States were scrambling to respond. Even an Australian factory for the chocolate giant Cadbury was affected.
It was unclear who was behind this cyberattack, and the extent of its impact was still hard to gauge Tuesday. It started as an attack on Ukrainian government and business computer systems an assault that appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the Soviet Union. The attack spread from there, causing collateral damage around the world.
The outbreak was the latest and perhaps the most sophisticated in a series of attacks making use of dozens of hacking tools that were stolen from the National Security Agency and leaked online in April by a group called the Shadow Brokers.