Digital Security

In the spring of 2021, Dutch Institute for Vulnerability Disclosure (DIVD) researcher Wietse Boonstra quietly uncovered seven critical flaws in Kaseya’s widely used IT management software. DIVD warned the company within days, flagging more than 2,200 vulnerable systems across the globe. Weeks later, three flaws remained unpatched—and the REvil ransomware gang pounced. Overnight, some 1,500 organisations were paralysed, from supermarkets in Sweden to schools in New Zealand. This was not an isolated close call. In a 2023 study with the University of Twente, DIVD found that less than half of Dutch municipalities acted promptly when notified of exploitable flaws in their email systems. In some cases, local authorities ignored the warnings entirely. ...

David Clark remembers the moment the Internet’s Pandora’s box creaked open and said, “Hello, world.” It was 2 November 1988, and the Morris Worm was slithering its way through cyberspace like a python on speed. Designed with the innocence of a curious grad student and the destruction of a cyber sledgehammer, it crashed some 6,000 machines—roughly one-tenth of the Internet at the time. Not bad for an opening act. Back then, the network engineers in the room weren’t pondering threats to democracy or ransomware gangs knocking on NHS servers. No, they were earnestly wrestling with TCP packet loss and the excitement of latency reduction. Making things go faster, scale bigger, and connect better. The digital equivalent of building a racetrack and forgetting brakes might be useful. ...