"More than machinery, we need humanity."
If a message were to suddenly appear on your computer screen informing you that all of your material had been encrypted and that you would have to pay a ransom in bitcoins to decrypt it, chances are you’d have several questions. How did this happen? Why did this happen? Will paying the ransom work? How the heck do I even get bitcoins? You might feel as though you want to cry, which in fairness, is ostensibly the goal of the ransomware attack WannaCry that has managed to infect computer networks in multiple countries.
There is much puzzlement in the midst of highly publicized attacks like WannaCry, especially when they occur at moments of ramped up geopolitical tension. A large number of the questions that get asked have to do with some variation of placing the blame: on specific hackers, on a specific nation, on a specific vulnerability, on a specific tech company, and so forth. And though the answers that are given may be largely accurate and serve to expose the chain of events that has allowed the attack to be so successful, the frantic desire for answers may often occlude some of the larger matters that are hanging in the background. Yes, WannaCry’s success can be blamed on hackers, a malware vulnerability, and on computers that were not kept up to date – but WannaCry’s success should also be attributed to the highly technologized state of the societies where the attack has been most successful.
While ransomware attacks are not particularly new, what has set WannaCry apart is that it seems to have been successful in ensnaring some very high profile victims such as England’s National Health Service (NHS). Though being subject to a ransomware attack is hardly ever a laughing matter, the case of the NHS is particularly galling as WannaCry resulted in all manners of chaos: forcing ambulances to be re-routed, surgeries to be canceled, and interrupting the lives of patients as doctors struggled to gain access to information that had been rendered inaccessible as a result of the ransomware attack. WannaCry exploits a vulnerability in older Windows operating systems that was revealed in leaked NSA documents, and in this saga there is a certain degree of the computer security expert knowingly saying: “see, I told you to run updates.” A self-satisfied sentiment that actually seems somewhat valid seeing as Microsoft had released an update to protect against this vulnerability – one which, clearly, some groups failed to install in time.
At risk of being crass, and recognizing fully that the attack on the NHS represents a genuine threat to people’s lives, WannaCry can be read as a story about the risks facing societies that merrily embrace all things high tech. This is not to say that things like WannaCry are inevitable, but it is to say that things like WannaCry should not be treated (alas) as particularly surprising. Operating systems have vulnerabilities, sometimes more and sometimes less, tech companies may be continually working to patch those problems but for every hole they stop up they find another one demanding their attention. Or, to put it slightly differently: there is a race going on between the groups trying to fix the vulnerabilities in operating systems and those trying to exploit those vulnerabilities – sometimes one group is in the lead and sometimes the other group is in the lead – but this race is going to continue as long as vulnerabilities exist. And vulnerabilities are going to continue to exist. While this may be a race between programmers and hackers there is a lot riding on who wins or loses, insofar as the broad public has become ever more reliant on those operating systems. We have gotten roped into this race whether we realize it or not.
What is key to recognize is just how vulnerable we are as a society even if we may feel insulated as individuals. After all, a person may be quite careful to always keep their own computer updated with the latest security patches – but how can that person be certain that all of the services they rely on are equally dogged? It may be difficult to know for certain how many of the things you (yes, you) rely on in your daily life are themselves reliant on the smooth functioning of their networks – but it does not take much of a leap of the imagination to realize how thoroughly your life could be thrown into a tizzy should some of those networks suddenly find themselves locked out by ransomware. What if your health insurer, your bank, your employer, your credit card company, your local utility company – was to be the victim of such an attack? What would that mean for you?
Ultimately, it isn’t that ransomware works because it successfully targets vulnerabilities in operating systems, it works because it successfully targets vulnerabilities in contemporary society – without access to the information on computer networks that society careens into a wall. Therefore, that WannaCry wreaked havoc on the NHS has less to do with WannaCry than it does with the fact that the NHS has become so highly reliant on computer systems that – surprise – are not themselves totally reliable. It is difficult to imagine WannaCry being successful in ravaging the NHS if the NHS had not itself become so reliant on the types of systems that something like WannaCry can ravage. Without wanting to romanticize the bygone days of paper files, it should still be noted that it’s harder for hackers in another country to hold those for ransom.
WannaCry, and similar ransomware attacks, can be seen as updates to the old adage that those who live by the sword shall die by the sword. Except now it can be rewritten as: those who live by the network shall die by the network. As the case of the NHS makes woefully clear – you may be living “by the network” without fully realizing it, and as the case of the NHS also makes clear “die” might be a real possibility.
Unfortunately, contending with threats like ransomware is just part of life in a technological society. When a society pursues the “goods” offered by a transition to all things high-tech it must also prepare for the “bads” that come with it – and even though tech companies generally do a skillful job of hiding these “bads” sometimes they come roaring into view. Obviously, the term “technological society” is a curious and loaded term. After all, every society is “technological” to a greater or lesser extent. Yet, what WannaCry points to is the grim prescience of precisely the way in which Jacques Ellul used that term. For Ellul a technological society, or a “technical civilization,” was one wherein the push for integration and efficiency left nothing untouched. The technological society was one wherein everything was constructed “by,” “for,” and “is” part of the drive towards ever more technology. That is the type of society in which ransomware attacks can thrive, and while given vulnerabilities can be patched with a software update, the real problem isn’t the computer’s operating system, but the society’s operating system. It is a terrible thing to admit, but the truth is that ransomware attacks aren’t a bug that can easily be patched – they are a feature of life in a technological society. And they are exploiting a very real vulnerability in that society. There may be technical fixes to individual malware attacks, but ultimately this is not a technical problem – it’s a social one.
WannaCry may actually make many people shed tears, but hopefully it will also make them form a contingency plan for next time. Because, tragically, there is going to be a next time.