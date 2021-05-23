Cyberattacks multiplied by three during confinement. Getty

Every morning we wake up to, not one, but several cyber attacks on the news. One of the most recent and striking – but not the last – is the cyber attack on a company in the United States, Colonial Pipeline, which transports refined fuels, ready to be used by land and air vehicles, from Texas, in the south of the country. to the East Coast, where Washington, New York and Boston are located.

This company was forced to cut the fuel supply on Friday, May 14, due to an attack of the type ransomware, that is, one of those programs that are installed on the computer, encrypt the content of the hard disk and ask for a ransom in bitcoins (a cryptocurrency difficult to track) to send the decryption key that will allow you to return to the previous situation. The group of cybercriminals behind this attack calls itself Darkside and the Colonial Pipeline company paid the ransom of five million dollars to be able to work again. Paying ransoms is considered a crime in Spain.

How did we get to this helpless situation? Are not enough resources dedicated to cybersecurity by companies? Most Western countries are defining a specific strategy to strengthen the cybersecurity of the industrial and productive fabric. There are already too many cases of power outages, water outages, critical infrastructure malfunctions, etc., all due to groups of hackers, in many Chinese and Russian cases, as to be able to speak of a cyberwar with all its consequences.

But let’s try to focus on two specific questions: How do they get into our computers? And why can’t the damage done be undone and the decryption key has to be obtained?

That the software we use every day has errors is a fact. The hackers they manage to enter our computers thanks to the presence of errors in the software, some of which are due to human oversights: checks that have been omitted, instructions that are executed incorrectly, libraries [funcionalidades codificadas en un lenguaje de programación] obsolete that are still used, and so on. In many cases, the cybercriminal uses well-known information about documented failures to take advantage of them to violate access to computers; in others, his own hacker knows vulnerabilities that have not yet been documented to launch what are known as attacks zero-day.

Are there ways to detect these failures? Indeed, there are many professionals working on it and they report appropriately: the discovery of a vulnerability means the almost immediate creation and publication of a “patch” that fixes it. Each person or institution is responsible for keeping their IT infrastructure up to date. If it is not updated on a regular basis, those security patches and a hacker will be able to enter.

In fact, the distribution of patches has generated a new business for cybercriminals: a hacker You can, in a certain way, find out which version of the software is installed in certain packages or components and, simply, with that version number, you can know the catalog of vulnerabilities that you have at your disposal. Therefore, infecting a computer is made even easier thanks to security patches (or their absence). However, it must be remembered that cybersecurity is a multidisciplinary area where not only computing and telecommunications converge, but also human factors, espionage, social engineering and the simple theft of information for third parties.

And why can’t the damage done be undone and the decryption key must be obtained? Current encryption methods are virtually unbreakable and, furthermore, there is a curious situation here: the more efforts are devoted to protecting people’s information and privacy, the more difficult it will be for security forces to defend themselves, since the methods of protection are getting better. Precisely, the development of encryption mechanisms for information resistant to attacks is what allows hackers They can encrypt a hard drive without the possibility of recovering the information. There are situations in which professionals are able to recover it: for example, some people who paid the ransom published the decryption key that was sent to them by the hackers and this could be used by third parties to decrypt your computer. The safest method, however, is still to keep up-to-date backups of our information in a protected place – the cloud, in that sense, would not be a good place – in order to restore it in anticipation of an attack.

Santiago Escobar Roman He is a tenured professor at the Polytechnic University of Valencia in the area of ​​Computer Languages ​​and Systems.

Chronicles of the Intangible is a space for the dissemination of computer science, coordinated by the academic society SISTEDES (Society for Software Engineering and Software Development Technologies). The intangible is the non-material part of computer systems (that is, software), and its history and its evolution are related here. The authors are professors from Spanish universities, coordinated by Ricardo Peña Marí (professor at the Complutense University of Madrid) and Macario Polo Usaola (professor at the University of Castilla-La Mancha).

