Before she left, she was given another appointment for Friday, May 12. It turned out to be the day the NHS fell victim to the largest ransomware attack in history.
When Joyce and Leslie arrived for the afternoon appointment, “the receptionist was rushing backwards and forwards, I gathered something was wrong with PCs,” Leslie told me. “Reception filled up, all ages, arms, legs in plaster.” (I’m using only first names for Leslie and Joyce, out of concern that talking about their experience could make them targets for online abuse.)
The IT team told staffers to turn off the PCs, but the situation was confused. Soon more senior staff appeared. That’s when Leslie heard someone saying “cyberattack.”
“A smartly dressed woman arrived, and they went round to everyone explaining that the system was down, they couldn’t access X-Rays or patient records. If we had time, we could wait to see if they could clear it, or reschedule the appointment,” Leslie said. “We all thought it was just a local issue, then it became an issue for the local Trust of several hospitals.” By the time the couple got home, the issue was national, and then soon after, international.
The story of WannaCry (also called Wcry and WannaCrypt) begins somewhere before 2013, in the hallways of the National Security Agency, but we can only be sure of a few details from that era. The NSA found or purchased the knowledge of a flaw of MicroSoft’s SMB V.1 code, an old bit of network software that lets people share files and resources, like printers. While SMB V.1 has long been superseded by better and safer software, it is still widely used by organizations that can’t, or simply don’t, install the newer software.
The flaw, or bug, is what what people call a vulnerability, but on its own it’s not particularly interesting. Based on this vulnerability, though, the NSA wrote another program—called an exploit—which let them take advantage of the flaw anywhere it existed. The program the NSA wrote was called ETERNALBLUE, and what they used it to do was remarkable.
The NSA gave themselves secret and powerful access to a European banking transaction system called SWIFT, and, in particular, SWIFT’s Middle Eastern transactions, as a subsequent data-dump by a mysterious hacker group demonstrated. Most people know SWIFT as a payment system, part of how they use credit cards and move money. But its anatomy, the guts of the thing, is a series of old Windows computers quietly humming along in offices around the world, constantly talking to each other across the internet in the languages computers only speak to computers.
The NSA used ETERNALBLUE to take over these machines. Security analysts, such as Matthieu Suiche, the founder of Comae Technologies, believe the NSA could see, and as far as we know, even change, the financial data that flowed through much of the Middle East—for years. Many people have speculated on why the NSA did this, speculation that has never been confirmed or denied. A spokesperson for the agency did not immediately reply to The Atlantic’s request for an interview.