Want to hear a boring story?
I can’t submit an expense report for a recent out-of-town work trip. I’ve got all the receipts, except one from long-term parking at the Atlanta airport. A sensor lets me in and out of the parking lot there, and my account gets charged automatically. Later, I can download a receipt from a website, which I submit to accounting at my university, which creates an expense report, which eventually processes a reimbursement.
But the website has been inaccessible all week. I’m assuming it’s a consequence of the recent ransomware attack on the City of Atlanta’s computer systems. In what The New York Times has called “one of the most sustained and consequential cyberattacks ever mounted against a major American city,” a group of hackers has been holding the systems hostage for a ransom of about $51,000 (payable in Bitcoin) since late last week. To stop the spread of the attack, the city has shut down some of its online services, including some that provide consumer services. The airport’s Wi-Fi system has been disabled—and, apparently, the parking system I use there, too.
I emailed the manager of the airport-parking service, but chances are she won’t be able to respond; Atlanta has directed many workers to turn off or unplug their computers, another precaution that they hope will help control the damage. Until the city decides to pay the ransom or extract the virus, many city officials are processing paperwork by hand.
In a statement, Atlanta’s mayor, Keisha Lance Bottoms, assured citizens that utility and safety systems, like police and water, are unaffected. She also noted, “This is a massive inconvenience to the city.”
Tell me about it. This is the new, humdrum reality of information-security breaches. When they don’t leak reams of personal information for theft and resale on the black market, they make ordinary life annoying in small but important ways.
I’ll be fine, but not everyone can wait days or weeks for their reimbursement. In fact, other Atlanta citizens might fare worse. The city courts, unable to process tickets or warrants automatically, have been forced to do so by hand. Surely someone will make an honest mistake, and a ticket could be advanced to warranting after registering unpaid, or a warrant could wind up assigned to the wrong person.
The City of Atlanta assures its residents that anyone who can’t pay a utility bill won’t be penalized if they cannot access an online system to do so. But those exceptions would also have to be entered into a computer. Someone’s account could be incorrectly marked in arrears, and their water service shut down. Perhaps turning it back on again will require visiting the City of Atlanta Department of Watershed Management in person with payment by cashier’s check or money order. I can’t tell you what they’d have to do, because as I write this, the Atlanta Watershed’s billing website is down. Taking time off from work to correct inadvertent consequences of the computer outage could easily cost someone a shift, or even a job.
These are the kinds of cascading failures that take place when internet-connected systems get taken down, whether by surprise on the part of hackers or intentionally by municipalities or corporations impacted by them. Nobody means for these things to happen. Not the City of Atlanta. Not even the hackers who initiated the ransomware attack. But they are the consequence of building and operating computer infrastructure interconnected via the internet.
When a breach at the credit agency Equifax exposed almost 150 million Americans’ most personal information last year, I remarked on how banal the matter seemed. Equifax didn’t even appear to be trying to treat the situation with the gravity that it deserved, and the public seemed resigned to the matter. “Breaches have settled into a kind of modern malaise, akin to traffic or errands,” I wrote. “They are so frequent and so massive that the whole process has become a routine.”
That routine is only accelerating. Last week, when news broke that tens of millions of Facebook users’ personal data had been extracted by a personality-quiz app and sold to the political consultancy Cambridge Analytica, public reaction was strong mostly because that data appears to have been used in U.S. election targeting. The fact that the data was vacuumed out of the social network has also raised hackles, even if people don’t fully realize that Facebook was designed to allow that very extraction.
All of these incidents arise from a slow, steady drip of small changes to the way people store, access, and manage information and services. Contemporary civilization has rebuilt itself atop a lattice of fragile computer systems, all interconnected. The chaos that ensues when these systems fail or get breached is so constant, it feels expected. Almost natural.
I can’t submit an expense report for a recent out-of-town work trip. I’ve got all the receipts, except one from long-term parking at the Atlanta airport. A sensor lets me in and out of the parking lot there, and my account gets charged automatically. Later, I can download a receipt from a website, which I submit to accounting at my university, which creates an expense report, which eventually processes a reimbursement.
But the website has been inaccessible all week. I’m assuming it’s a consequence of the recent ransomware attack on the City of Atlanta’s computer systems. In what The New York Times has called “one of the most sustained and consequential cyberattacks ever mounted against a major American city,” a group of hackers has been holding the systems hostage for a ransom of about $51,000 (payable in Bitcoin) since late last week. To stop the spread of the attack, the city has shut down some of its online services, including some that provide consumer services. The airport’s Wi-Fi system has been disabled—and, apparently, the parking system I use there, too.
I emailed the manager of the airport-parking service, but chances are she won’t be able to respond; Atlanta has directed many workers to turn off or unplug their computers, another precaution that they hope will help control the damage. Until the city decides to pay the ransom or extract the virus, many city officials are processing paperwork by hand.
In a statement, Atlanta’s mayor, Keisha Lance Bottoms, assured citizens that utility and safety systems, like police and water, are unaffected. She also noted, “This is a massive inconvenience to the city.”
Tell me about it. This is the new, humdrum reality of information-security breaches. When they don’t leak reams of personal information for theft and resale on the black market, they make ordinary life annoying in small but important ways.
***
Here’s more boring corporate bureaucracy for you: My university uses software made by Oracle and PeopleSoft for accounting and expense management. The system assumes one expense report per trip, which means that now I have to wait until the parking-system website comes back online so I can extract a receipt (for $100 or less) and submit it. Until then, I can’t get reimbursed for the rest of my trip, which totals far more than $100, unless I want to absorb the parking expense in the interest of expediency.I’ll be fine, but not everyone can wait days or weeks for their reimbursement. In fact, other Atlanta citizens might fare worse. The city courts, unable to process tickets or warrants automatically, have been forced to do so by hand. Surely someone will make an honest mistake, and a ticket could be advanced to warranting after registering unpaid, or a warrant could wind up assigned to the wrong person.
The City of Atlanta assures its residents that anyone who can’t pay a utility bill won’t be penalized if they cannot access an online system to do so. But those exceptions would also have to be entered into a computer. Someone’s account could be incorrectly marked in arrears, and their water service shut down. Perhaps turning it back on again will require visiting the City of Atlanta Department of Watershed Management in person with payment by cashier’s check or money order. I can’t tell you what they’d have to do, because as I write this, the Atlanta Watershed’s billing website is down. Taking time off from work to correct inadvertent consequences of the computer outage could easily cost someone a shift, or even a job.
These are the kinds of cascading failures that take place when internet-connected systems get taken down, whether by surprise on the part of hackers or intentionally by municipalities or corporations impacted by them. Nobody means for these things to happen. Not the City of Atlanta. Not even the hackers who initiated the ransomware attack. But they are the consequence of building and operating computer infrastructure interconnected via the internet.
When a breach at the credit agency Equifax exposed almost 150 million Americans’ most personal information last year, I remarked on how banal the matter seemed. Equifax didn’t even appear to be trying to treat the situation with the gravity that it deserved, and the public seemed resigned to the matter. “Breaches have settled into a kind of modern malaise, akin to traffic or errands,” I wrote. “They are so frequent and so massive that the whole process has become a routine.”
That routine is only accelerating. Last week, when news broke that tens of millions of Facebook users’ personal data had been extracted by a personality-quiz app and sold to the political consultancy Cambridge Analytica, public reaction was strong mostly because that data appears to have been used in U.S. election targeting. The fact that the data was vacuumed out of the social network has also raised hackles, even if people don’t fully realize that Facebook was designed to allow that very extraction.
All of these incidents arise from a slow, steady drip of small changes to the way people store, access, and manage information and services. Contemporary civilization has rebuilt itself atop a lattice of fragile computer systems, all interconnected. The chaos that ensues when these systems fail or get breached is so constant, it feels expected. Almost natural.
by Ian Bogost, The Atlantic | Read more:
Image: Rick D. via