Seven Day. Week Out almost over. And I had to hawg’ tabs this morning.
Several of those tabs had to do with the WannaCry [Link] extortion that has preempted Nawth Korea from its implication of Nuclear War one (and last? Well, at least it would set back global climate change and make the deaths quicker.)
I have been reflecting on this and have come up with a few questions.
How many annoyances equal a crime, that is, something that can be punished by the justicers? The related question is how many people have to be annoyed before the annoyance becomes a crime?
Why do things like this happen? Why do people let them happen?
The latter are simpler, maybe. Things like this happen because they can. There is a rule of Nature that if something can happen, it will. Human society is a bit more difficult in this regard. For example, we haven’t been hit with a movement for siblings to wed, mostly because of something called an incest aversion, but it can happen. Probably wouldn’t be any worse than the anti-vaxers. What difference is it if parents break their children by medical negligence or genetic negligence? The end result is much the same.
Similarly, WannaCry happened because the bits and pieces were available and for some reason greed is a survival asset. Not sure how that jibes with altruism, but since greed is so widespread I can’t imagine it not being biological in origin.
But why were the bits and pieces available? A bit of blame is being put on the NSA. That clearly is a waste of time and effort. Yes, some scapegoat may be retired early (and be rewarded with a greased job at some contractor,) but organizations have no scruples nor ethics. They talk about them a lot but that’s mostly to sell their product or otherwise help the organization. Simply put organizations don’t care about people beyond their own self-interest.
Over and above that, the NSA is under no obligation to share findings of its work that could be harmful to American citizens. Like this particular computer weakness. That warning isn’t part of its charter. So NSA isn’t going to tell people about the weakness.
Besides, MegaHard figured this one out on their own. My suspicion is that they likely figured it out before the NSA did. And then they kept mum about it. Why? Because that’s how big organizations operate. Do big food organizations tell you their product uses toxic chemicals as preservatives? Do cosmetic companies tell you their products have ingredients that cause cancer?
Organizations are different from people. People have to have some morals or they end up in jail. Why we have to treat organizations as pseudo-humans and don’t jail them for lack of morals is another example of how whacked out legal system is. And perhaps how biased against people?
One thing they have in common is stupidity. Organizations are stupid because they are fundamentally dependent on people. They are staffed with people, they are managed by people, and they generally depend on people for continued existence. Of course, this will be less obvious when AI comes to reasonable maturity. Then the organizations will be the real robot overlords.
Of course, MegaHard released a security update two months ago to fix this weakness. (Well, maybe. After all, we have to take MegaHard’s word for it, don’t we?) And lots of people didn’t install the update. Heck, lots of folks are still running Winders XP, which is only supported with updates if its in an ATM machine. And the whole of the British National Health Service still runs XP. But that’s a case of organizational stupidity. And probably greed?
But when it comes to updates, MegaHard is its own enemy. The way it does updates, by trying to pre-empt the machine, is seriously nasty. It makes Winders the equivalent of Listerine – the taste and sting you hate twice a day – but without any inkling of benefit. And given MegaHard’s recent history of smoking boxes with updates, alienation and second thoughts are natural.
But a lot of problem with malware like this is simple not thinking. People get emails from strangers and they click links. Without doing any checking for authenticity. Or consideration of likely outcomes. It would be easy to say these are bogs and they refuse to think but that’s too simple. Geeks and nerds do stupid things too. They’re just more likely to learn from their mistakes. Not assured, just more likely.
And there’s no reason those people have to use Winders. Other than stupidity and probably, laziness. And greed. They know about Apple and how expensive its computers are. And they have to use Winders at work because organizations are stupid too. And they don’t know about Linux but they’ve heard stories about it’s HARD and they are too insecure to try it. Despite the community making trying relatively easy.
Incidentally, the guy who shut this whole thing down almost certainly speaks Linux.
So the reason this sort of thing works is because of our consumerist love affair with stupidity as a life style.