Our values as a society in tech

I know it’s been a long time since I wrote anything even remotely technology related here. This is almost tangential.

About 10 days ago, quite a lot of the world was hit by a piece of malware which has come to be known as WannaCry. It was a piece of ransomware which took over your machine if you were so unlucky, encrypted your files and demanded money to hand them back. I call that amoral, but it appears to be a viable business option for some people as occasionally the ransoms get paid.

The impact of WannaCry was tempered by a piece of work done by a young malware researcher whose name I don’t know but you can find him on Twitter as MalwareTech here. He discovered by accident that if you registered a particular domain name and pointed it at something, the malware stopped replicating from one computer to another. WannaCry reached a lot of computers but it was stopped reaching a lot more by this. In the grand scheme of things this guy is a hero, should be able to name his price for security consultancy and after that, if he wants the glory and the stardom, well that’s his choice. If he does not, however, that’s another kettle of fish.

Today I learned that in general terms, he wasn’t up for celebrity status, but this did not stop the UK press going after him. He got doxxed – lovely word that – by a major UK newspaper and journalists from a couple of others went after his girlfriend and other friends. You can read the twitter thread here. He is apparently moving house because of this.

To be honest, I think trying to pay people to spill the beans on their friends is a fairly amoral thing to do. What sort of a human being do you have to be to do it? Sure, we all think UK media is a cesspit of despair, particularly certain of its newspapers, but still… wouldn’t it be nice if instead of going after people who never meant to be famous, who did something quite special as part of their day job, and who would like to go back to doing that day job in peace, they went after people who seek the limelight, and control? How much time have UK newspapers devoted to actually holding Jeremy Hunt to account before now? Where were they when he and his team decided to nix the NHS’s support contract for their XP machines? Is’t it just too easy to go after members of the public who aren’t actually limelight hunting? I don’t know this guy but I don’t think he’s being hypocritical by wanting to stay out of the limelight. He’s not preaching one thing and doing another. I’m not sure there’s a single journalist with the nous to be able to figure out if he is, like, doing all his work on an unpatched Windows Vista machine…

The problem is this: we need guys like MalwareTech. We need them a lot. Security defence is a thankless job, it is largely not sexy and it seems to only gain importance when something goes wrong. Before that, it’s release early and often and if it opens up a risk…well we’ll fix it in the next release. Great stuff and we’re all making money until we are not.

Seriously, how good is it if your fridge can be held hostage? We are massively and increasingly dependent on computerised systems, and connected devices (although I defy anyone to explain to me why a toaster might ever need to be connected to anything other than a power socket). The least we can do is ensure they  do not create risk vectors for our lives. To protect us from skullduggery of a digital nature, the world needs young tech people turning their mind to security and malware investigation in order to mitigate our risks here.

It would help if we didn’t also allow our media to exploit them and doxx them just for the sake of a few page turns and clicks. It is not bringing anything to the world and it is not in anyone’s interest to be invading the privacy of someone in whose life the sole interest is prurience.