I have absolutely no idea if this is plausible / true, but it makes a great story. (The ransomware attack certainly seems to have been real.) From the Washington Post, “How a $10.69 purchase may have sidelined the global malware attack“:
LONDON — As the world began Friday to understand the dimensions of Wanna Decryptor 2.0, the ransomware that has crippled computers worldwide, a vacationing British cybersecurity researcher was already several steps ahead.
About 3 p.m. Eastern time, the specialist with U.S. cybersecurity enterprise Kryptos Logic bought an unusually long and nonsensical domain name ending with “gwea.com.” The 22-year-old says he paid $10.69, but his purchase might have saved companies and governmental institutions around the world billions of dollars.
By purchasing the domain name and registering a website, the cybersecurity researcher claims that he activated a kill switch. It immediately slowed the spread of the malware and could ultimately stop its current version, cybersecurity experts said Saturday. Britain’s National Cyber Security Center confirmed Saturday that it was collaborating with the 22-year-old and other private researchers to stop the malware from spreading.
Hidden in the malware, the kill switch probably was not supposed to be activated anytime soon. Perhaps it was never supposed to be there in the first place.
“What it had not counted on was a researcher doing the world a service and taking advantage of a flaw that now seemed glaringly obvious in hindsight,” said Robert McArdle, a research director with Tokyo-based cybersecurity company Trend Micro…
Read the whole thing for further details, and perhaps send out a blessing to the IT guy who tweets as @MalwareTechBlog.
Major Major Major Major
Haha, I saw that. Such a random killswitch, but I’ve seen weirder ideas in the wild. I guess not everybody named McArdle is an idiot.
some guy
nohave subscription to WaPo. anybody care to paraphrase?
dr. luba
@some guy: Chrome incognito browsing will let you see it.
amk
Sealed Indictment granted against Donald Trump? How believable are Louise Mensch and Claude Taylor?
Major Major Major Major
@amk:
…debatably!
fuckwit
More likely a bug in the malware
Adam L Silverman
@amk: Both have had some scoops that are accurate. They base these on their anonymous Intel Community (IC) sources. Taylor was right about the grand juries. Mensch was right about the FISA warrant, or, at least, one of them. The issue is whether the explanatory narrative of what has happened, is happening, and will happen that they’ve each constructed around the info from their source material and the open source reporting of others is accurate. For instance, I’m just now getting to their joint post, but there is at least one serious factual error. While there is a lively, inside (legal) baseball debate on whether a sitting president can be prosecuted, almost all the arguments against are rooted in Article 1, Article 2, or Federal common law. Yet Taylor and Mensch reference the Supremacy Clause, which has nothing to do with this stuff at all.
Here’s a quick run down from a conference when Clinton V Jones was being litigated:
http://scholarship.law.georgetown.edu/cgi/viewcontent.cgi?article=2573&context=facpub
Corner Stone
I don’t think Steve Martin and Alec Baldwin actually like each other very much.
Keith P.
@dr. luba: Also, there’s Reading View in MSEdge, or clearing out cookies (WaPo uses client side script plus cookie to tell how many articles you’ve read, so clearing or not using cookies tells it you’ve read no articles, and Reading View doesn’t run the script necessary to check)
Timurid
@amk:
They’ve been hit and miss to date.
They do appear to be staking everything on this one allegation. If they’re wrong, they will be pariahs.
Major Major Major Major
@Timurid:
Yeah, that’s definitely a thing that happens in our media.
Timurid
@Major Major Major Major:
They don’t have a major media organization or a Village to prop them up.
They’re throwing stones at a guy who is very popular with all of the above. And Resistance types are going to hold a grudge against somebody that built up their hopes and then crushed them.
They’re already getting roasted hard on Twitter…
Major Major Major Major
@Timurid: Very fair points!
Adam L Silverman
@Major Major Major Major: They’ve been largely ignored by the media. Even when the news media has confirmed their initial reporting it almost never credits them.
kindness
Wonder if it was Russian hackers that did it. Would be par for the course.
amk
@Adam L Silverman: Thanks.
So per your linky, FBI cannot prosecute him without congressional impeachment?
Roger Moore
@amk:
AFAIK, that has been the general understanding; Congress gets first crack with impeachment, and the regular courts have to wait until after he’s been impeached. Though, strictly speaking, the FBI would only investigate and it would be up to a US Attorney to prosecute based on the evidence they collected.
Adam L Silverman
@amk: The FBI doesn’t prosecute anything, they just investigate and make a recommendation up to the Federal prosecutors.
First: I am not a lawyer, just someone with a PhD in both political science and criminology (and while I’ve taught a lot of US Federal government and the US criminal justice system, I’m not a specialist on either). It is, to be honest, unclear. It has never been tried. The legal scholarship on this, and the currently living legal experts on it, are all over the map. I’ve even seen reference to either a Supreme or DC Court of Appeals precedent on this that some think could be challenged in this case and over turned. The argument is that even if the Constitution generally prohibits prosecution until a president leaves office, by whatever mechanism (term ends, impeachment, resignation), what the current President may be charged with is so radically different than what had ever been considered that the general ban should not and does not apply here.
At this point, given some of the real whacked legal theories pushed by the hardcore negative libertarian legal scholars since 2009 (recess appointments for instance) and the ability for those arguments to gain traction somewhere within the Federal appellate system, I think anything is possible. The only thing I can tell you for sure is that the Supremacy Clause has nothing to do with this at all.
a hip hop artist from Idaho (fka Bella Q)
@Adam L Silverman: The supremacy clause indeed has nothing to do with this, but it’s laypeople using legal language they don’t understand, just as with how indictments and are issued and the arrest warrant following same. The presidential prosecutability debate is very inside baseball and rooted where you indicate. Gonna be interesting all around.
efgoldman
@Roger Moore:
However, there’s apparently a parallel NY state grand jury looking into (state) RICO violations.
If Schneiderman decides to indict, it’s going to create… interesting constitutional challenges. NY state can’t remove any federal officer. Whether he could be arrested under those circumstances? Going to be a hell of a fun ride to find out.
Agnew was indicted as sitting VP (for state violations); as part of his plea deal, he resigned, so congress didn’t need to take any action.
As a practical matter, a state indictment would probably shred any remaining credibility Saffron Shitheel had as a political actor.
Adam L Silverman
@a hip hop artist from Idaho (fka Bella Q): I responded to your email. And then sent a follow up.
I am going to be racking out shortly, so anything else over the transom will have to wait for daylight.
amk
@Roger Moore: @Adam L Silverman: Thanks. While the rationale to protect the president against rogue prosecutors is understandable, no one seems to have a clue on how to handle the twitler presidency given a treasonous & corrupt congress.
NotMax
@efgoldman
He’ll just try to sell NY state to Russia.
“They sold us Alaska, why can’t I sell them New York?”
TenguPhule
@kindness:
I believe that’s pretty much been confirmed.
TenguPhule
@NotMax:
“And I got twice as many bead necklaces from them then what we bought it for! Am I a smart cookie or what?”
TenguPhule
@amk:
Oh no, that’s not the problem. The problem is that nobody likes any of the answers to that question.
Betty Cracker
@Timurid: I hope they’re right, but I’ll believe it when I see it. I follow them on Twitter, and they seem to be getting loopier by the day.
bago
No, seriously, nobody understands how weak DNS is. It gives you the power to move ALL of the traffic, is the root of all of your certificate based security, and is only marginally more secure than BGP. It wasn’t built for this Morty.
It’s only going to be weaker when people use IDN spoofs for certificates. Sure, that looks like the letter “e”, but in what codepage?
bago
@Keith P.: This is a transport protocol layer lookup. TCP, not HTTP. Sockets have no cookies!
NotMax
@Betty Cracker
How did the Hollandaise turn out?
bago
I’m just surprised they appear to be obfuscating their code by hand, and not randomly padding the variable names for “random” execution.
NotMax
@Keith P.
As I normally surf the web with cookies disabled and Javascript turned off, have never encountered any difficulty getting to WaPo articles.
(Have an additional add-on for Firefox which axes LSO cookies, but that’s a different situation.)
Betty Cracker
@NotMax: It turned out very well! Fastest and easiest recipe I’ve ever used, and no whisking — emulsification is achieved in a couple of minutes with an immersion blender.
bago
Yeah, that’s a pretty deadass killswitch. Can’t proxy or cache your way around it. Highly intentional.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa385096(v=vs.85).aspx
Those hardcoded params…
NotMax
@Betty Cracker
Excellent.
Only downside is that it can result in a tepid temperature for the end result. My immersion blender comes with a whisk attachment so am more partial to using the few minutes longer stovetop method.
NotMax
@Betty Cracker
While on the subject of food, bought a bag of frozen fruit chunks (various melons and strawberries, mostly) to attempt making a white sangria sometime soon.
Shall be leaving out the mint as that’s a taste I don’t care for.
Major Major Major Major
I made a new drawing with my new tablet.
Betty, you asked on a long-dead thread that I saw this morning, about software. The tablet came with two years of Clip Studio Paint so I’m using that.
Betty Cracker
@NotMax: It’s true the sauce wasn’t super hot, but the food it was drizzled over was pretty warm, so it worked out well. That white sangria recipe sounds refreshing. I’ve never made it with melon before, but I’m gonna have to give that a try.
bago
@Major Major Major Major: Cart and horse issue, for sure.
Le Comte de Monte Cristo, fka Edmund Dantes
@Adam L Silverman:
Louise is a bit breathless and crazy (traits that draw me to women like a moth to flame), but this one is off the charts loopy.
Too many players involved for there to not be a broad salvo of leaks.
bago
@bago: https://twitter.com/darienhuss/status/863192540203409408
Elizabelle
Good morning all.
Happy Mother’s Day, to the usual mothers among us.
Good wishes to greennotGreen and her family.
Shalimar
@TenguPhule:If you think you will kill the guilty and then everything will be normal, you don’t have the answers. Think of every person you admire and how you will feel when they are killed too in retaliation.
Starfish
Here is the guy’s story about how he stopped the malware in his own words on his own blog for those who could not get to the Washington Post or who were interested in reading more.
BruceFromOhio
Thanks, IT guy!
Open thread, right?
HAPPY MOTHERS DAY, MOMS OF EARTH AND ELSEWHERE!
Spending the morning drinking mimosas and doing whatever MrsFromOhio tells me to do. So far, it’s pretty awesome, and we’re getting shit done. Time to weed the front garden now that it has dried up a bit …
BruceFromOhio
@Starfish: That was fun. How awesome is it that these people are out there doing this because they want to, and because it seems like a lot of fun when you catch a win.
dr z
@Starfish: @Major Major Major Major: It was not a kill-switch. It was a way to detect if it is being examined in a sandbox by antivirus researchers – if so, the call to a non-existent website would not return an error while in that ‘sandbox’, so the malware would not ‘unspool’, preventing examination. It is clever, but the malware creators did not think through all scenarios.