Wannacry related interim timeline

Let me share a timeline I constructed regarding Wannacry during the last days. The interesting point I shared with some colleagues was that the patient zero (o patients) infection vector is not referenced or described as of now yet.

15th February 2017 Microsoft cancels its monthly patching for that month

9th March 2017 Wikileaks press release regarding Vault7, "the largest-ever publication of confidential documents on the agency" according to Wikileaks.
https://steemit.com/wikileaks/@ausbitbank/wikileaks-vault-7-march-9th-press-conference-transcript

14th March 2017 Microsoft publish security update MS17-010 for SMB Server
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

14th April 2017 (according to https://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers) Equation Group (see https://en.wikipedia.org/wiki/Equation_Group) releases some exploits, EternalBlue among them. EternalBlue took advantage of the vulnerability that Microsoft patch MS17-010 fiexed.
https://github.com/misterch0c/shadowbroker/

14th April 2017 Microsoft publish their triage analysis on the exploits
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/


15th April 2017 Security companies analyse exploits. One example of the anaylisis of EternalBlue is the following:
https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/

15th April 2017 Some news sites start to wonder how come that the patch existed before the release e.g. https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/

12th May 2017 WannaCry appears in the wild
https://en.wikipedia.org/wiki/WannaCry_cyber_attack

Some sources mention that the infection vector was a phishing email
https://www.heise.de/newsticker/meldung/WannaCry-Was-wir-bisher-ueber-die-Ransomware-Attacke-wissen-3713502.html
http://www.wired.co.uk/article/wanna-decryptor-ransomware
https://www.cylance.com/en_us/blog/cylance-vs-wannacry-wanacrypt0r-2-0.html

However, no analysis yet of that mentioned phishing email, its attachment and its modus operandi in general.

Update 1: Response and proposals from Microsoft


Rocky days





Book Review: Bitcoin and other virtual currencies for the 21st Century by J. Anthony Malone

A very handy book to approach Bitcoin.


Let me try to share with you the main learning points I collected from this book. As always, here it goes my personal disclaimer: the reading of this very personal and non-comprehensive summary by no means replaces the reading of the book it refers to; on the contrary, this post is an invite to read the entire work.

The book starts first with the concept of money, how money was an innovation itself, the functions of money as a medium of exchange, a unit of account, a store of value, a deferred payment and a value measure. It also provides some insights on the history of money and how credit is older than cash and, finally, a key concept: the monopolistic role of the government in terms of currency issuance.

There are some hints in the book to consider Bitcoin a starting point to end the monopoly of central banks. It claims that the Bitcoin value scheme is inspired on the old gold standard. It is interesting to read the links that the author sees between the Austrian School of Economics and Bitcoin.

The point that Bitcoin does not have a centralised clearing house is certainly a key point in the book. It also mentions that the blockchain public ledger is the heart of the Bitcoin technology. It also mentions that Bitcoin is inflation-free (there is a fixed number of Bitcoins that can eventually be minted). The supply of Bitcoins does not depend on the monetary policy of a central authority. It also remembers the Keynesian line of thought on deflation and how it encourages individuals and businesses to save money.

To use Bitcoins, you just need a Bitcoin wallet and a Bitcoin address. Technically, Bitcoin has currently a transaction limit of 7 per second.

There is a section of the book on legal aspects of Bitcoin. Apparently virtual currencies do not have legal tender status in any jurisdiction. Bitcoin has the properties of a payment system, a currency and a commodity. There is still a bit of regulatory ambiguity in terms of Bitcoin. There are some appendixes in the book related to a very useful glossary of terms, a legal guidance issued by FinCEN in the US, also from US GAO (Accountability Office), from the Inland Revenue Service, some input from revelant regulators and legal documentation on different Bitcoin-related cases.

Happy growing!