web analytics

NotPetya

Victims of the NotPetya ransomware attack can’t get at their own computer data even if they pay the ransom.

NotPetya is an attack on a grand scale causing a huge amount of disruption. Many victims are large companies in Europe. It has also hit American businesses. You may see this referred to elsewhere as Petya.

At the time of writing the impact on New Zealand doesn’t appear to be major. But then, unlike other countries, there is no compulsory attack notification here. That gives local companies lee-way to paper over their security cracks.

CertNZ offers advice for New Zealand. It includes the usual, but always wise, call to make sure everything is patched up-to-date.

Give us your Bitcoins

Computers hit with the malware show a message demanding a ransom payment of around NZ$500 in Bitcoin. There’s a mail address for victims to use when confirming their payment. The mail service provider has since shut-down the account.

Whatever the rights and wrongs of that action, it makes life even harder for the victims. They can no longer contact the attacker to get the decryption key needed to unlock their data.

NotPetya first emerged in Ukraine. Early reports there say it hit the nation’s government, banks and utilities. It appears that country has suffered more than elsewhere.

Russians fingered

This may, or may not be coincidence. Ukraine blamed earlier attacks on the nation’s infrastructure on Russian organisations. There’s some evidence of Russian state involvement. There is a slow-burn war between the two countries.

Some analysts say the recent attack uses a revamped version of an earlier ransomware. Others suggest it is a new form of ransomware not seen before.

NotPetya is the second huge ransomware attack in as many months. It won’t be the last. These look set to be a regular feature of modern life. Think of it as a new normal.

Last month’s WannaCry ransomware affected 230,000 computers. Among other things it damaged the UK’s National Health Service computers. Spain’s main telco and German state railways were also on the receiving end.

A Symantec press release says the new attack uses the same EternalBlue exploit as WannaCry. America’s National Security Agency developed EternalBlue and used it for five years.

WannaCry used mail systems to infect computers. It appears that’s not the way NotPetya is spreading. It is what security people describe as a worm. That is, a program that makes copies of itself to spread to other computers.

NotPetya, not kill switch

Defenders saw off WannaCry when researchers found a software kill switch. This meant they could turn it off. There is no kill switch in NotPetya.

As you’d expect Symantec says its software protects its customers against the attack. The company says it is not yet clear if this attack targets specific victims. Worms are hard to target, the criminals set them up and let them wreak havoc.

Ransomware is big business for the criminal gangs behind the attacks. It also fuels the computer security industry which grown 30-fold in the past ten years. Today it has an annual turnover of more than $100 billion.

Mandatory data breach reporting has been on the agenda in New Zealand for some time. While they may have some ground to make up on the rugby field, it is one area where our trans-Tasman cousins have stolen a march on New Zealand.

Source: Mandatory data breach reporting in Australia | ITP Techblog

New Zealand is falling behind best practice when it comes to data breach reporting. Where other countries have laws, we have guidelines. There are no formal penalties for failing to report a breach although failure to report may be held against an organisation if there are legal consequences.

Privacy is important and is being eroded all the time. Let’s put a stop to that. It’s time to step up efforts to put a mandatory system in place with fines for non-compliance.

IBM Gini RomettyEarlier this year IBM told remote employees they must return to the office or leave the company.

It’s a turnaround. IBM pioneered allowing employees to work from home. At times as many as more than a third of the firm’s staff worked at places away from company offices.

The company often lectures others on the merits of remote work. Company marketing describes telework as the future. Moreover, IBM sells products enabling its customers to offer remote work to their employees.

IBM’s remote work policy was popular with staff. Many talented people either opted to join the company or decided to stay put because they could work from home. It’s powerful for working women with families and just as good for dads who like to see their children more often.

Productivity or IBM’s staff costs?

The official reason for the change is that working together in one place helps productivity, teamwork and morale.

There’s something in this. Collaboration is easier when co-workers sit across the aisle. Video conference calls are productive, but so are well organised face-to-face sessions. Chance meetings at the coffee station can spark fresh thinking.

Yet, you can’t help wonder if IBM’s move is about cutting staff numbers. Many remote workers may decide it is too hard to move home in order to keep their job. Some of the office demands mean people have to move long distances to keep their jobs.

There’s research, some sponsored by IBM, showing teleworkers are more productive than office-bound workers. Which argument are we supposed to believe? Can we trust anything the company says on the subject?

Ominous

Yahoo made a similar back-to-the-office move. It was unpopular. Many talented staff members quit. We all know how well that story ended.

There’s a practical problem for IBM workers in places like New Zealand. Some specialist roles are shared with Australia. There are ANZ managers are in New Zealand, others across the Tasman. They shuttle between locations and make a lot of conference calls. What happens to them under the new rules? The fear is they will be under pressure to move closer to the regional HQ in Sydney. That will not go down well with New Zealand customers.

Remote working became popular with large companies about a decade ago as suburban broadband improved. Video conferencing went from being difficult to practical.

Senior managers across the technology and other industries loved the idea of remote work as they thought it would save costs. In theory, offices needed less real estate and fewer support services when workers were elsewhere.

Things didn’t work out that way. Few savings materialised.The other part of this equation is that management went through a stage of being output-focused. That is, they were more concerned with what employees produced than in keeping close tabs on them all day long. If someone produced a report in their pyjamas or by sitting next to the pool that wasn’t a problem so long as the work was good. It seems the pendulum has swung back to command and control.

Xero Ipad

Xero has moved one step closer to becoming New Zealand’s first global technology giant.

Last week TCV, a Silicon Valley investment firm, bought 1.4 million Xero shares from Matrix Capital Management. The deal was worth NZ$28.5 million. That’s a little over one percent of the company.

Few people in New Zealand will have heard of TCV. Most New Zealanders will have heard of the company’s other investments. TCV owns equity in, among others, Airbnb, Facebook and Netflix.

Xero a name in Silicon Valley

Technology Crossover Ventures is based in Palo Alto, California, the epicentre of Silicon Valley.

Matrix reduced its holding in Xero from almost 10 percent of the company to around 8.5 percent.

The share transfer may not be a big deal in Silicon Vally terms or even in TCV terms. The business has close to US$10 billion invested in technology companies. The investment is from a TCV fund that focuses on mature firms that already have an impressive track record.

Yet it is significant for Xero, although not in financial terms. It’s an important vote of confidence marking Xero’s arrival in the technology premier league. That’s something no New Zealand company has managed before now.

Disruptor

The cloud accounting software company has disrupted global markets. Xero made the world sit up and look at New Zealand technology.

While Xero’s share price has fallen back from the mid-2014 high point, it has performed well so far in 2017. The price is up almost 15 percent since Christmas. In mid-December it traded at NZ$17.50, today, at the time of writing, it is NZ20.50. That’s the highest point for the company’s shares since November 2015.

Like many fast growing technology companies the business has yet to turn a profit. Although that day is now getting closer. At a recent company update founder Rod Drury said the business will soon be cashflow positive.

It continues to show strong growth in revenue. What’s more subscriber numbers continue to climb. This is a vital metric for a software-as-a-service business. At the end of March it hit the milestone of one million subscribers.

Don Christie - Brandon Keepers

Don Christie writes in the New Zealand Herald Global IT companies are taking profit here and putting nothing back:

An organisation I co-chair, NZRise, has been looking at the problem. We represent New Zealand owned digital companies who generate jobs and good incomes for tens of thousands of Kiwis. Our research shows Facebook, Google, Amazon and many other global digital companies are engaged in similar tax avoidance schemes to Apple.

Most revenues that accrue to those companies from New Zealand simply don’t get reported. They are the result of an online transaction and the money flies out of the country in the blink of an eye. No tax. No multiplier effect. No 41 per cent investment into our society.

From a business owner’s perspective it also represents a huge disincentive to invest in R&D, which is already at shockingly low levels by international standards. We find ourselves at a disadvantage to our multinational competitors.

Why create software and technical services in New Zealand when we will always be facing uneven tax playing field?

New Zealand has had a problem with multinational companies and transfer pricing for decades.

Yet the problem Christie writes about is on a different scale.

While the old multinational would shuffle money to minimise liabilities in New Zealand, they still paid some tax. They employed people, trained people and contributed to the economy in other ways. They funded university chairs, sports clubs and other worthy causes. If the new breed does any of that, it’s invisible.

Little contribution

The new multinationals pay next to no tax. They employ next to no New Zealanders. They contribute little to the economy.

Sure, you can argue that Apple products make New Zealanders more productive and that’s a positive economic contribution. The net positive economic contribution may even be greater than Apple fails to contribute in more direct ways.

That is an argument against banning or boycotting Apple products. No-one is suggesting that.

It is not an argument against taxing Apple.

After all, our roads carry Apple products to market. Our schools give people the skills people need to use Apple products. Our health system keeps Apple’s customers alive and healthy. In some cases our tax dollars buy Apple products.

Google this!

You could argue something similar about Google. Some believe Google software makes workers more productive than they would be with other software. Maybe.

Some think that Google’s activities in the advertising sector has an economic benefit. Try saying that to a New Zealand journalist or someone who works in the media.

Again, these are not arguments against taxing Google.

Google is quite happy to sell its products and services to New Zealand government departments that it doesn’t help fund.

It’s harder to argue Facebook offers any economic benefits to New Zealand. If anything it undermines productivity. It is the digital equivalent of an all-sugar diet.

Christie has a good point

There’s little change Apple, Facebook and Google will stop selling in New Zealand if we force them to pull their economic weight.

Until recently the problem was limited. Most of the non-contributors were technology companies. That’s changing with services like Uber muscling in on our markets. If things continue our economy will be hollowed out. Let’s not allow that to happen.

It’s been said that what the companies do is legal. That’s true. It doesn’t make it right. We have the power to change that. We have left this problem in the too hard basket for too long.