Blue Whale and Wannacry expose the internet’s dark side

Tuesday May 16 2017

By JOHN WALUBENGO
More by this Author

Last week, two things happened that exposed the dark side of the internet in a way we have never experienced it before.

The first was ‘Blue Whale,’ an online game that has allegedly claimed the life of one Kenyan and many others across the globe.

The second was a ransomware attack dubbed ‘WannaCry’ that is still spreading globally across Windows-related servers and other computers that had not previously been patched up or protected.

Let’s start off with the Blue Whale online game. It’s an addictive game that offers teenagers a 50-day series of challenges with the ultimate and final one being to commit suicide.

Whereas teenage suicides are happening while the game is online, debate continues as to whether the game is actually the cause of the suicides. Either way, the orientation of the game is quite chilling.

The Kenyan government, through the ever-ready CEO of the Kenya Film Classification Board, Ezekiel Mutua, quickly moved to "ban" the game, and therein lies the problem.

It is one thing to declare an online application or game banned, but it is quite another to actually effect the ban.

Unless Kenya builds a huge digital perimeter firewall mapped along our geographic territory – the Chinese way – it is virtually impossible to ban anything online.

OVER-BURDENED TEENAGER

In fact, banning anything online is counterproductive since it creates an impulse to download whatever it is the government is claiming to ban. This is otherwise known as free publicity.

A better approach may have been to alert parents and teenagers of the existence of the game and provide advise on how to avoid or overcome the risky and suicidal motives within the game.

Many of the teen suicide cases reported seem to indicate pre-existing challenges that teenagers face, ranging from absentee or busy parents, peer pressure and lack of role models to identity or confidence crises.

The jury is still out on the game, but my take is that it may have offered an escape route to a vulnerable or over-burdened teenager. Such games exist and more will be produced.

The answer is not to ban them but to invest more time and effort in bringing up emotionally strong teens with the ability to face the world’s ups and down without resorting to shortcuts like suicide.

Now back to the ransomware attack. It’s unique in that it managed to combine the normal disruptive nature of computer viruses with the business objective of making money out of the resulting misery.

SUBSEQUENT ATTACKS

Essentially, the virus targets Windows-based machines that have not been updated and encrypts the data on the hard disk. This means that your data is no longer available to you unless you pay the ransom fee in exchange for the decryption keys.

Furthermore, the virus demands that you pay the ransom through the new cryptocurrency known as Bitcoin and provides you with a forwarding address.

Cryptocurrencies provide sufficient anonymity for a criminal to collect their money without a trace. Many may quickly miss the point and imagine that Bitcoin or the cryptocurrency is the problem here, but it is not.

Cryptocurrency is actually a long lesson that will merit its own post later on, but for now be advised that the ransomware attack is to be blamed squarely on organisations that have not invested sufficiently in protecting their rapidly expanding information infrastructure.

From the ever-growing list of victims, one can count hospitals, universities and public and private utilities in energy, telecoms and transport, among others.

This could be a wake-up call for these organisations to finally budget for and have a designated information security officer.

Last week will be remembered as the week that finally exposed and mainstreamed the dark side of the internet. Let’s hope the world has learnt lessons and will be better prepared to deal with subsequent attacks since they will surely come to pass.

Mr Walubengo is a lecturer at Multimedia University of Kenya, Faculty of Computing and IT. Email: [email protected], Twitter: @jwalu