Petya – The Unexpected Consequences

Last week I was waiting for a friend to get off a plane at Edinburgh airport. Just finishing up my morning newspaper in one of the terminal's cafes around 09:00AM, the lights went out.

So as you might imagine like any other international airport with a complete power outage, you might expect no overhead lights, no monitors, no escalators or lifts. Check-in desks and X-ray machines in the departure zone crashed, and announcements vanished for a while. Arrival gates' pneumatic controls froze, so arriving planes could not come to a gate and unload. The baggage handling system seized up, so even if people could get off a flight, their luggage was stuck somewhere unknown. All in all around 280 flights were affected that morning

Edinburgh Airport was bought by Global Infrastructure Partners (GIP) in 2012 for £807.1 million. Since then a lot has changed for the positive, including a new tram connection to central Edinburgh, a nearby train station Edinburgh Gateway.

GIP has invested in expanding the terminal's footprint, and modernising facilities. Speeding up and simplifying the "travelling customer experience" some knock-on consequences that morning turned a frustrating journey into something truly teeth-grinding

  • Automatic boarding card reading gates to let passengers into departure security zone died. Those in a hurry to get to their gate were locked out
  • Inside Departure security zone people's hand luggage were partly processed, and could not be completed. Travellers were not keen to walk away from their possessions unsurprisingly. As passenger processing times through security had been significantly improved, there are no toilets in the security zone area design. Tricky just after breakfast time.
  • And let's talk toilets. All over the airport toilets have been extensively modernised. And electrified. You have been in toilet areas in airports;- deep inside the building, little mazes with zero natural light. Auto-sensing stalls with self flushing toilets didn't, someone had removed handles in the re-design. The liquid soap dispensers were also automatic, it turns out these are fed by a battery operated system, so you could start to wash your hands. Shame the sensors for the water in the basins, and the air-dryers are attached to mains-power. I had to feel for those coming out of the toilet areas, hands covered in soap, searchlight function turned on their smeared smartphones, desperately looking for a towel, some napkins, anything to get the soap both off their hands and their precious kit.

On other news the NotPetya not-ransomware data destroyer last week has spread wider across the world than it's main attack zone, Ukraine organizations just a day before Constitution Day (28th June)

  • ME-Doc, a financial software package's trusted product updater was compromised (again). After multiple warnings from infosecurity companies about the Me-Doc updater, this time the Ukrainian government has seized company servers, frozen automatic software update functions, and is threatening to take company officers to court.
  • Posteo, the email ISP froze the single email address accepting contact information from affected companies, attempting to prove their Bitcoin bona-fides. This made it impossible for any chance of a key recovery to be generated and sent to impacted companies.
  • International corporate users of Me-Doc, with quite flat internal world-wide network architectures were heavily infected. Rosneft, the mega oil company, and Maersk, the international shipper (and many many others in Eastern Europe) are still de-lousing their systems.
  • Today (5th July) the outstanding bitcoin balance from this attack was transferred away to another account. In the order of USD 10,000 value, any payback from the attack is tiny compared to the effort in building the software bomb.
  • Lastly, diagnosis continues, as does questioning on the motivation of the attack. If this does turn out to be a nation-state sponsored attack, it has shotgunned sideways in quite an embarrassing way. If proven, stopping your major foreign business partners from operating (and paying you taxes on revenue) when you were attempting to just paint-bomb your immediate neighbour's back yard is really going to hurt in that next contract renewal.

Categories

2017 Cyber Threat Defense Report

Join the Conversation

David Dingwall has been embedded within IAM marketplace and other infrastructures required by enterprises to support their business for three decades, previously as a Consulting Architect and in Business development. Responsible for Product Management and Marketing at Fox Technologies, he is focused on how real people use software tools to make their working day easier, and jokes that he is the “Fox Technologies Storyteller” when writing marketing material. His experience includes working with or for Hi-Tech, Healthcare, Energy transmission and distribution, Oil & Gas, FMCG, Mining organizations and Government police and national security departments.