It’s ok if you want to cry…
If a message were to suddenly appear on your computer screen informing you that all of your material had been encrypted and that you would have to pay a ransom in bitcoins to decrypt it, chances are you’d have several questions. How did this happen? Why did this happen? Will paying the ransom work? How the heck do I even get bitcoins? You might feel as though you want to cry, which in fairness, is ostensibly the goal of the ransomware attack WannaCry that has managed to infect computer networks in multiple countries.
There is much puzzlement in the midst of highly publicized attacks like WannaCry, especially when they occur at moments of ramped up geopolitical tension. A large number of the questions that get asked have to do with some variation of placing the blame: on specific hackers, on a specific nation, on a specific vulnerability, on a specific tech company, and so forth. And though the answers that are given may be largely accurate and serve to expose the chain of events that has allowed the attack to be so successful, the frantic desire for answers may often occlude some of the larger matters that are hanging in the background. Yes, WannaCry’s success can be blamed on hackers, a malware vulnerability, and on computers that were not kept up to date – but WannaCry’s success should also be attributed to the highly technologized state of the societies where the attack has been most successful.
While ransomware attacks are not particularly new, what has set WannaCry apart is that it seems to have been successful in ensnaring some very high profile victims such as England’s National Health Service (NHS). Though being subject to a ransomware attack is hardly ever a laughing matter, the case of the NHS is particularly galling as WannaCry resulted in all manners of chaos: forcing ambulances to be re-routed, surgeries to be canceled, and interrupting the lives of patients as doctors struggled to gain access to information that had been rendered inaccessible as a result of the ransomware attack. WannaCry exploits a vulnerability in older Windows operating systems that was revealed in leaked NSA documents, and in this saga there is a certain degree of the computer security expert knowingly saying: “see, I told you to run updates.” A self-satisfied sentiment that actually seems somewhat valid seeing as Microsoft had released an update to protect against this vulnerability – one which, clearly, some groups failed to install in time.
At risk of being crass, and recognizing fully that the attack on the NHS represents a genuine threat to people’s lives, WannaCry can be read as a story about the risks facing societies that merrily embrace all things high tech. This is not to say that things like WannaCry are inevitable, but it is to say that things like WannaCry should not be treated (alas) as particularly surprising. Operating systems have vulnerabilities, sometimes more and sometimes less, tech companies may be continually working to patch those problems but for every hole they stop up they find another one demanding their attention. Or, to put it slightly differently: there is a race going on between the groups trying to fix the vulnerabilities in operating systems and those trying to exploit those vulnerabilities – sometimes one group is in the lead and sometimes the other group is in the lead – but this race is going to continue as long as vulnerabilities exist. And vulnerabilities are going to continue to exist. While this may be a race between programmers and hackers there is a lot riding on who wins or loses, insofar as the broad public has become ever more reliant on those operating systems. We have gotten roped into this race whether we realize it or not.
What is key to recognize is just how vulnerable we are as a society even if we may feel insulated as individuals. After all, a person may be quite careful to always keep their own computer updated with the latest security patches – but how can that person be certain that all of the services they rely on are equally dogged? It may be difficult to know for certain how many of the things you (yes, you) rely on in your daily life are themselves reliant on the smooth functioning of their networks – but it does not take much of a leap of the imagination to realize how thoroughly your life could be thrown into a tizzy should some of those networks suddenly find themselves locked out by ransomware. What if your health insurer, your bank, your employer, your credit card company, your local utility company – was to be the victim of such an attack? What would that mean for you?
Disruption indeed.
Ultimately, it isn’t that ransomware works because it successfully targets vulnerabilities in operating systems, it works because it successfully targets vulnerabilities in contemporary society – without access to the information on computer networks that society careens into a wall. Therefore, that WannaCry wreaked havoc on the NHS has less to do with WannaCry than it does with the fact that the NHS has become so highly reliant on computer systems that – surprise – are not themselves totally reliable. It is difficult to imagine WannaCry being successful in ravaging the NHS if the NHS had not itself become so reliant on the types of systems that something like WannaCry can ravage. Without wanting to romanticize the bygone days of paper files, it should still be noted that it’s harder for hackers in another country to hold those for ransom.
WannaCry, and similar ransomware attacks, can be seen as updates to the old adage that those who live by the sword shall die by the sword. Except now it can be rewritten as: those who live by the network shall die by the network. As the case of the NHS makes woefully clear – you may be living “by the network” without fully realizing it, and as the case of the NHS also makes clear “die” might be a real possibility.
Unfortunately, contending with threats like ransomware is just part of life in a technological society. When a society pursues the “goods” offered by a transition to all things high-tech it must also prepare for the “bads” that come with it – and even though tech companies generally do a skillful job of hiding these “bads” sometimes they come roaring into view. Obviously, the term “technological society” is a curious and loaded term. After all, every society is “technological” to a greater or lesser extent. Yet, what WannaCry points to is the grim prescience of precisely the way in which Jacques Ellul used that term. For Ellul a technological society, or a “technical civilization,” was one wherein the push for integration and efficiency left nothing untouched. The technological society was one wherein everything was constructed “by,” “for,” and “is” part of the drive towards ever more technology. That is the type of society in which ransomware attacks can thrive, and while given vulnerabilities can be patched with a software update, the real problem isn’t the computer’s operating system, but the society’s operating system. It is a terrible thing to admit, but the truth is that ransomware attacks aren’t a bug that can easily be patched – they are a feature of life in a technological society. And they are exploiting a very real vulnerability in that society. There may be technical fixes to individual malware attacks, but ultimately this is not a technical problem – it’s a social one.
WannaCry may actually make many people shed tears, but hopefully it will also make them form a contingency plan for next time. Because, tragically, there is going to be a next time.
Related Content
What Technology Do We Really Need?
Interrogating Technological Society
About Z.M.L
3 comments on “It’s ok if you want to cry…”
Leave a Reply
Also on the Shipwreck
Ne'er do wells
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
LibrarianShipwreck 
What baffles me is how quickly the media and its “experts” are able to magically discern The One Reason for the latest catastrophe (and it’s only ever just one). The sources they find are invariably specific and external: because All Hackers apAre Anarchists; Because North Korea Is Evil; Because Security Updates Went Uninstalled.
They invariably reduce the causes for all our catastrophes to something small and digestible and ultimately meaningless–something that we, as a people, never have to assume any responsibility for. I wonder sometimes if that is not the Chief Duty of the media: to reassure the people that nothing is ever our fault, and that no matter what ill fortunes beset us, they are not our responsibility.
I am reminded of the days and weeks and years following the 9/11 Attacks when the media was perpetually asking the semi-rhetorical question “Why do they hate us? Why did this happen?” And answering it only with reductive sound bytes like, “They hate our freedom,” all the while ignoring the fact that Al Qaeda released multiple(!) videos to explaining–rather explicitly–their specific grievances with the United States.
Your essay is cogent and well-articulated, but I worry it won’t find its way to those who most need to read it. i can’t help but notice, however, that your metaphor feels somewhat unfinished: the technological race you describe is one without a finish line.
Or maybe you simply thought taking the metaphor to that logical end was too obvious?
Thank you for reading and for your insightful comment.
I think that you make an excellent point regarding the rush to pin the blame on one specific thing, and I agree with you that such finger-pointing often works to insulate individuals from having to accept any kind of responsibility. I fear that at present much of the primary focus of the mass media is focused on ensuring that people continue to consume that selfsame mass media – so there is incentive to provide a parade of terrible stories that never dare to make the viewer feel too uncomfortable.
You also raise two pertinent and troublesome questions. I admit that I don’t have a perfect answer/solution to either.
The matter of “it won’t find its way to those who need to read it” is one of the paramount challenges facing any kind of critique. And, alas, I don’t have a good answer for that. I think that much of the tradition of critique (and also of critiques of technology) consists of trying to put various arguments out there while realizing that those who “need to read it” will likely not find it. I suppose that one of the goals of this site has been to try to put those ideas out there, but I’m not sure how exactly to reach all “those who need to read it.” This is a significant challenge, and one that seems only more problematic as people come to retreat to ever more isolated thought bubbles where they are safely protected from ideas that might be overly troubling.
As for your second point, I purposely left the metaphor of the race as somewhat open. On the one hand I did this to suggest that the race goes on and on – WannaCry won this lap, but another lap has already started and it remains to be seen which side will win. As for the larger question of this race and what its final finish line looks like, that’s a tougher question. I think that some, like Ellul, had a pretty clear sense that given society’s present course that the finish line looks like a situation wherein the technological imperative has taken total control. In short: the end result towards which we are racing is pretty bad. It’s reminiscent of H.G. Well’s popular idea that we are in a race between education and catastrophe (to which Lewis Mumford playfully added that an honest reckoning reveals that catastrophe has a significant lead. I won’t lie, I think that catastrophe has picked up an impressive lead and I’m worried that is the ultimate conclusion towards which the race is heading – but I still believe that there is time to change course or hit the emergency brake. Granted, I recognize that is somewhat naïve. For this absurd race to continue the most important thing it needs is for there to be certainty that there is no other way – I remain confident that there are other ways.
I feel like when I consider any of the big problems we’re currently facing as a society (and a species) are insurmountable verging on impossible–let alone the inevitable problems that we can see peaking at us from just beyond the horizon.
And the self-perpetuating ouroboros of mass media only makes things worse: how can we hope to solve our problems if we’re constantly being misinformed or misled (sometimes by accident, sometimes by that curious mixture of malice and greed)?
It is a mess. Everything is a mess.
As for getting the message out… well, I think your already on the right track stylistically–your essays are direct, clear and to-the-point. Visibility, especially on the Internet, is monumentally difficult. I realize that you mostly view Twitter as an avenue for jokes and cat pictures (and I definitely don’t think that’s an incorrect assessment of the platform) but you should definitely consider posting a link to each essay when they’re published. Obviously you would know more about the numbers involved than Me, but I would imagine–at least on a daily or weekly basis–more people are reading your Tweets than checking your blog.
Another thing to consider might be to cut as much as possible from your essays and modify them into short scripts for YouTube. Video essays are increasingly common these days and can reach a broader audience. As sad as it is to acknowledge, it seems more people are willing to devote 10 minutes to watching a video than 5 minutes to reading text.