Security Researcher And Microsoft Worked To Stop Spread Of Cyberattack

NPR's Mary Louise Kelly talks about the implications of Friday's massive cyberattack with Michael Sulmeyer, director of the Cyber Security Project at Harvard's Kennedy School of Government.

MARY LOUISE KELLY, HOST:

For some perspective on what happened and what the lessons of this attack may be, we've called Michael Sulmeyer. He was the Pentagon's director for Plans and Operations for Cyber Policy. Now he runs the cybersecurity project at Harvard's Kennedy School. Hello, Michael Sulmeyer.

MICHAEL SULMEYER: Hello. Thanks for having me back.

KELLY: Glad to have you on. So this attack is being described as unprecedented in scale. Let me start by asking - is it? How big was this?

SULMEYER: Well, it looks like over 75,000 different infections across the world spreading over at least 70 countries. And that information itself has probably been revised upward. The largest number of infections is clearly in Russia. But as we saw yesterday, the most direct impact hit much closer to home in the United Kingdom against their national health service.

KELLY: Can you tell where we are in the arc of this attack? Is the worst now behind us?

SULMEYER: It does seem the worst is now behind us. I think that's right for two reasons. First, a security researcher was able to effectively trigger a kill switch to stop further propagation. The second reason is because Microsoft has done something that Microsoft generally does not do, which is it has issued an emergency patch for Windows XP, an unsupported operating system now, to try to help people recover.

KELLY: That kill switch you mentioned, this was the 22-year-old in the U.K. who figured out a way to shut this down? What do you know about that?

SULMEYER: He's a security researcher. But in essence, the attackers left open an opportunity to have this kind of a kill switch. And so he undertook the small and quick task to register what's called the domain for that kill switch. And once his registration became active, the ability for this ransomware to spread screeched to a halt.

KELLY: Is it surprising that it's a 22-year-old who managed to shut this down when one assumes that cyber experts around the world were trying to do the same thing?

SULMEYER: Not surprising at all. If there's any surprise it's that he's not younger.

KELLY: (Laughter) That it's not a 12-year-old...

SULMEYER: Exactly.

KELLY: ...Who managed to outsmart this. You mentioned that the worst cases appear to have been in Russia, also in the U.K. The U.S. seems to have gotten off relatively lightly. I'm looking around for some wood in the studio to knock on that that remains the case. But I wonder why. Did the U.S. just get lucky this time, or does that speak to a difference in readiness?

SULMEYER: There's, I think, several different reasons at play. And you're right to try to find a piece of wood because it won't take much if someone wanted to restart this kind of activity in the near future. There's still, according to one study, over 1.3 million machines that are still vulnerable out there. So - but one reason, at least, that I think Russia was infected so dramatically is that when you pirate copies of software, especially older copies of Windows, you generally don't qualify to have them updated, patched and fixed.

And one thing Microsoft did when it rolled out its latest version of Windows was it made the upgrade free for almost anybody who wanted to do it legitimately. So when you have legitimate, genuine copies, you get better security. And when you don't have those copies, you don't.

KELLY: Any clues yet as to who is responsible?

SULMEYER: No clues yet. No.

KELLY: The mystery remains unsolved.

SULMEYER: I'm afraid so.

KELLY: And that could take some time to figure out if we ever learn exactly who's behind this.

SULMEYER: It could. But this is one of those realities about dealing with cyberspace operations. It's going to have to be an international effort. So for United States law enforcement and United Kingdom, we're really going to have to take advantage of relationships across a whole host of countries to get to the bottom of it.

KELLY: Michael Sulmeyer, knocking on a big old piece of wood up there at the Kennedy School at Harvard. He is the director of the cybersecurity project there. And he's been talking to us about these latest big cyberattacks. Michael Sulmeyer, thank you.

SULMEYER: Pleasure was mine. Thanks for having me.

Copyright © 2017 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.