
China, Addicted to Bootleg Software, Reels from Ransomware Attack - JumpCrisscross
https://www.nytimes.com/2017/05/15/business/china-ransomware-wannacry-hacking.html?em_pos=large&emc=edit_dk_20170515&nl=dealbook&nlid=65508833&ref=headline&te=1
======
Apfel
I don't think it's really fair to suggest that average Chinese people have a
choice in the matter.

I lived in China (Guangzhou) for several years, and it was literally
impossible to buy a computer with a legal copy of windows installed on it (or,
failing that, a standalone windows disc) in the main computer district of the
city.

I eventually had to hop the border to Hong Kong when I wanted to buy a laptop.

~~~
lacampbell
Why doesn't the PRC make it's own operating system? It could be based
completely off of western technology like Linux, but they could claim it's
completely Chinese made and tout it as a huge technological advancement - like
they do with their trains.

~~~
pcr0
There already is an official Ubuntu distro for China.

[https://en.wikipedia.org/wiki/Ubuntu_Kylin](https://en.wikipedia.org/wiki/Ubuntu_Kylin)

~~~
HowardMei
Many prefer Deepin rather than Kylin.
[https://www.deepin.org/](https://www.deepin.org/)

------
mayneack
Surely running old Windows that you have to pirate and block from updating is
less user friendly than a simple Ubuntu setup. I get that many people don't
even think it's an option, but if I were looking for a market for more desktop
linux users, people suffering through windows piracy would be one of the top.

~~~
themodelplumber
Cross compatibility, binary drag and drop, games, Chinese language tools,
browsers required by banks. Same old Asian Windows needs

~~~
jakewins
Pure curiosity: What is "binary" drag and drop?

~~~
themodelplumber
Sorry, I just mean that binary compatibility from one Windows system to
another is not a big problem. Here's a USB full of software, drag the files
over to your system, done.

------
desdiv
I bet the malware author is really regretting not translating the ransom note
and payment instructions into multiple languages now.

EDIT: Sorry, my mistake. It's already in 28 languages, like the posters below
pointed out. I only ever saw the English screenshot and made the incorrect
assumption.

~~~
Animats
Few people are paying up. The Bitcoin transactions are logged.[1] Current
total is US$60K.

[1]
[https://whitesunset.github.io/wannacrypt_balance/](https://whitesunset.github.io/wannacrypt_balance/)

~~~
sillysaurus3
Wow, I calculated $40k a day ago
([https://news.ycombinator.com/item?id=14339002](https://news.ycombinator.com/item?id=14339002)).
It's growing pretty quickly.

~~~
chc
That's only a difference of like 65 people. It's just that the ransom is quite
high.

------
nullValue
Has anyone read any article on how this vulnerability is spreading via SMB V1?
With the Robert Morris worm/I Love you/Conficker we knew exactly how the worm
spread.

From a programmers perspective, what is this thing doing? Is there an nmap
filter to find vulnerable clients yet? If not, how do I create one. I'd like
to be pro-active with my current customers concerns.

Thanks,

~~~
valarauca1
It uses a buffer overflow in the SMBv1 message block to.

Effectively to filter it you need to block all SMBv1 packets. Which you should
do already because the modern SMB is v3

Let alone you shouldn't be listening for AD management commands from the wide
internet.

------
gtirloni
It's amazing (and sad) the amount of mental gymnastics people are going over
in the comments to justify piracy.

~~~
21
Even the companies agree with it if the alternative is not using their product
at all.

A young student uses pirated Photoshop at home instead of Paint.NET, and many
years later, if he becomes a graphic designer he will demand his employer to
buy him a Photoshop licence.

It's just another way of doing price segmentation, with a special segment of
"price 0".

------
douche
Makes me wonder about all the customers of ours, on every continent, that were
running unactivated/cracked versions of Windows server for critical
infrastructure (SQL servers, domain controllers, Exchange boxes, Lync
servers)...

------
motoboi
I am pretty sure that pirated Windows can update without problems. Source:
someone I know pretty well since I was born.

~~~
Laforet
No, there is a good reason why they cannot be updated without issues and it
has little to do with product activation or anything on Microsoft's part.

A lot of these cracked copies of Windows were installed by cloning a master
image, which was heavily customised using unofficial tools such as Dism++ and
did so aggresively that the many of the underlying dependencies were left
permanently damaged. The system will appear fine however many official patches
could break it.

A number of homegrown security suites actually blocked the installation of the
relevant patch in March due to a correct if not misguided decision that this
patch would make many cloned installations unbootable unless the user was
capable of performing a manual repair process.

Patching is never that simple in the real world. I've had to roll back a few
patches myself after them made various production software fail to run (in one
case, Microsoft Office). A number of streamers also had their line of work
affected after a Windows 10 update borked certain aspects of sound capture -
if they had any faith in the updating process they probably won't have any
left after it gets in their line of work.

~~~
motoboi
In Brazil Windows is sold in DVDs with the official installer.

The newly installed Windows asks for activation and you just ignore it
forever.

You can't choose a desktop background and are greeted with a "You may have
been victim of software piracy" every now and them, but Windows Update works
pretty fine.

You are probably right about the DVD containing modified images (with malware,
probably) but they work OK.

~~~
Laforet
Not the case in China when you could buy a "customised image" of windows that
installs in 10 minutes and without all the nagging notification about
activation and patching.

There is a huge shady industry of preloading applications that were often
borderline malware so the competition between different brands of custom image
is quite fierce. Once of the reasons of aggressive patch installer pruning is
because "my installation is 500MB smaller than yours" would take a great
selling point.

------
smhenderson
Hmm, the article is light on stats for western countries. I know the NHS in
England got hit hard but I haven't heard much about the he rest of Europe or
the US.

If I were more paranoid than I am I would wonder if this NSA "leak" was by
design.

But probably not, never attribute to malice what can be explained by ignorance
I guess!

~~~
linkregister
Maybe to drive users away from Windows to SELinux! ;)

~~~
smhenderson
That's a conspiracy I can get behind.

------
pdm55
Reports suggesting North Korea may be source of ransomware attack: "Kaspersky
and Symantec both said on Monday that technical details within an early
version of the WannaCry code are similar to code used in a 2015 backdoor
created by the government-linked North Korean hackers, who were implicated in
the 2014 attack on Sony Pictures and an $81m heist on a Bangladeshi bank in
2016."
[https://www.theguardian.com/technology/2017/may/15/wannacry-...](https://www.theguardian.com/technology/2017/may/15/wannacry-
ransomware-north-korea-lazarus-group)

~~~
breakingcups
North Korea and Russia are always fingered as the source of any
hacking/malware activity that hits the news, regardless of actual proof.

The entire Sony hack attribution to North Korea was already shady, at best.

Saying a nation-state actor hacked you makes it look a lot less worse than
"some disgruntled ex-employee" or a 20-something year old student.

I'm not saying this attribution is incorrect, but it's very hard to separate
the wheat from the chaff with these kind of news articles, even from sources
I'd normally consider reputable.

------
johansch
This is kinda funny, I must say. Not right, but funny.

~~~
scottLobster
Oh I'd say it's pretty righteous. They (including major institutions who could
afford legit software) chose to steal their software, got locked out of
critical functionality (security updates) as a result, and are now suffering
the consequences.

~~~
mark-r
The end result will be that they'll get much more efficient at distributing
patched bootlegs. This story is far from over.

------
throwaway373811
I wonder how India is faring; the causal environmental conditions should be
quite similar.

~~~
shimon_e
I saw a secretary in an hospital still using Windows 98

------
ganfortran
I believe NHS doesn't use pirated software, right?

~~~
umanwizard
They use software past its support lifetime, which from a security perspective
amounts to basically the same thing

~~~
JumpCrisscross
The Guardian reports that "some expensive hardware (such as MRI scanners)" may
be locked into Windows XP.

[https://www.theguardian.com/society/live/2017/may/12/england...](https://www.theguardian.com/society/live/2017/may/12/england-
hospitals-cyber-attack-nhs-live-updates)

~~~
lacampbell
Incredibly common for computers attached to expensive pieces of hardware to
use very old operating systems. Even in very high tech places with a lot of
money to throw around.

~~~
omegaham
Can confirm, work at Intel. All of our electron microscopes run off of Windows
XP.

------
kashkhan
the windows monopoly is still hurting us. We need a reverse engineered gpl
windows :) that doesn't leave gaping security holes.

a free OS is fundamental.

~~~
noonespecial
I think ReactOS was taking a stab at that.

[https://www.reactos.org](https://www.reactos.org)

~~~
gcb0
not until it can run games with latest video card drivers. but when it finally
can, I will already be able to do that in a vm solution

------
sunstone
Pay now or pay later.

------
partycoder
I hope people start considering alternatives to Windows after this.

There are many viable alternatives that do not suffer from any of these
issues.

~~~
chrisbennet
Windows gets hit on by viruses because it's popular. If Linux was more
popular, it would get targeted instead so the problem would probably remain.

~~~
partycoder
No. Android is Linux and has a higher market share than Windows, so you are
incorrect.

~~~
breakingcups
Ah, but mobile devices are usually hidden behind a providers NAT and nearly
all applications that are interactable and could be semi-directly contacted
(eg. messaging apps) are written in a managed language, so a spread like we've
seen with WCry is less likely to happen.

Having said that, have you seen the amount of malware hiding in advertisements
for Android? There's a lot.

------
pcr0
> If those behind the ransomware attack profited from the hacking, they may
> have figured out how to do something that has been beyond Microsoft: making
> money from Windows in China.

Pure gold

~~~
kccqzy
But I imagine Microsoft makes most of the money selling preinstalled versions
of Windows that come with new computers, instead of direct sale to users. So I
suppose Microsoft does in fact make quite a bit of money from Windows in
China.

~~~
analog31
Ironically, Microsoft benefits in another way, which is that the pirate
software prevents anybody else from developing a viable commercial
alternative. This reminds me of a story. In the mid 90s, a friend of mine was
shopping for a computer. Being an Apple fanboy at the time, I recommended a
Mac.

He said: "Mac won't run AutoCad."

I said: "You can't afford AutoCad."

He just laughed. Pirate software drove his choice of platform.

~~~
21
> 2007: Jeff Raikes, head of the company's (Microsoft) business group, said at
> a recent investor conference that while the company is against piracy, if
> you are going to pirate software, it hopes you pirate Microsoft software.

