For some time, the internet's seamy underbelly has been the domain of hackers. The image of a teen banging away on a bedroom keyboard wreaking malicious havoc has become a stereotype. Yet, in addition to these lone wolves, we're becoming ever-more aware of worldwide, government-sponsored and operated programs that involve the manipulation of connected devices, not to mention the covert theft and surveillance of our personal data. And then there's ransomware — software unknowingly downloaded to a computer system it can hold hostage until a demand for real-world ransom is met. Ransomware isn't new — Big Think wrote in 2016 about Plainfield, New Jersey's unhappy experience — but now a major American city is seeing a significant number of its services shut down by hackers looking for a payday.
Stealing from everyone to pay the hackers
Image source: Gorodenkoff/Shutterstock
On May 7 2017, an estimated 10,000 computers operated by the city of Baltimore, Maryland were taken over by a ransomware program called RobbinHood. The cybercriminals behind the attack digitally delivered a demand for three bitcoins per sub-system (worth about $17,600 at the time), or 13 bitcoins (about $76,280) for the whole shebang before they would surrender control of all of the computers. They also noted that if the ransom wasn't paid within four days, the price would go up.
The Baltimore Sun acquired a copy of the "ransom note," which made clear the purpose of the attack and the need to act promptly: "We won't talk more, all we know is MONEY! Hurry up! Tik Tak, Tik Tak, Tik Tak!" (An expert told the Sun that misspellings and weird grammar are often deliberately used by hackers to throw off investigations, so the strange language doesn't necessarily mean the perpetrators are not native English speakers.) The note included the usual ransom warnings against involving the authorities (the FBI in this case) or begging for a decline extension, "so don't ask for more times or somethings like that." The city immediately noticed the FBI regardless.
Baltimore mayor Bernard Young told reporters, "Right now, I say no. But in order to move the city forward? I might think about it. But I have not made a decision yet."
The impact of the attack
Image source: Mgeyer/Shutterstock
While the attackers fortunately didn't target emergency services such as 911 and 311, they did invade a majority of Baltimore's servers. Among those were the city's email and voice mail; their parking-fine computers; their payment portal for water bills, vehicle citations, and property taxes; and the city's system for processing real estate transactions — some 1,500 pending home sales are simply stuck for the time being.
Fortunately, the local hospitals have been more vigilant than the city, and keep their computers better protected against hacking — Robbinhood is having no effect on them.
The future of ransomware
Baltimore at night
Image source: Mgeyer/Shutterstock
That a municipality such as Charm City had not sufficiently strengthened its defenses against cyberthreats, and thus found itself vulnerable, is no big surprise. In addition to the financial cost of staying ahead of the cyber-bad guys, politicians in local, state, and federal governments are often stunningly obtuse when it comes to technology, and are often well behind the curve. Don Norris of University of Maryland tells the Sun, "You've got increasingly sophisticated and very persistent bad guys out there looking for any vulnerability they can find, and local governments, including Baltimore, who either don't have the money or don't spend it to properly protect their assets."
2017's WannaCry ransomware attack — allegedly courtesy of the North Korean government — made clear just how vulnerable the world's systems are to malicious hacking. It hit tens of thousands of systems in over 100 countries that were running Microsoft Windows as their operating system. In the same year, some American hospitals were also attacked, as were corporations in Ukraine, Russia, Israel, France, and the UK.
In general, cyberattacks and ransomware have come to the fore as certainly among the most worrying threats to modern life. From power grids to water supplies to military infrastructure to banking systems, everything is networked, everything is software, and it's all potentially hackable. That nothing has brought our entire civilization crashing down is likely more due to a lack of intent than any particular technical challenge.
Baltimore's experience is a warning to system administrators at all levels and in both the public and private sectors to stay sharp, and proof that spending precious dollars to keep systems protected — painful as it may be to divert these funds from other important uses — is unfortunately money well worth spending.
A few weeks ago we talked to Dr. Fred Guy, Director of the Hoffberger Center for Professional Ethics and associate professor at the University of Baltimore, who told us about his goal to create a Philosophy Camp for adults and why such an initiative is important.
Adults tend to become lazy with their thinking, backing into moral and ethical wrongdoing without noticing fully what they’re doing. As he says:
“Adults are so busy and focused on so much other than ethical issues that we don’t often stop to think coherently about what our moral principles really are. Or what we think of our own moral character. We just assume we’re good people and let it go at that."
Guy urges us to revisit and refine our moral code with the help of some good philosophical thinking.
He offers a series of questions that we can use to examine the case we are faced with. He calls it the ABCD Guide to Ethical Decision-Making and it goes like this:
A: Awareness: Are we aware of the ethical issue we’re a part of?
B. Beliefs: What are my moral beliefs? What do I stand for? Most of us know if we give it some serious thought. What we decide and do in a given ethical situation depends on our moral beliefs, principles, values and virtues --- or lack thereof. We may ask:
C. Consequences: Use moral imagination to think about consequences for ourselves and others, not only now but into the future as well. It's the ripple effect. Our actions may indirectly affect others we don't know.
D. Decision: Given the facts of the case, our own personal ethics, and the consequences that our decision and action will have on others, what is the best thing to do in this case?
Just taking the time to pause and go over these questions when we are making an important decision, can take us out of the default moral mode we live in and, hopefully, out of the trap of just assuming we’re good people, without truly delivering on that assumption.
