New York City's Metropolitan Opera has been the victim of a cyber attack that has shut down its website, box office and call center. As of this writing, performances continue while restoration work continues.
The Met Opera
The Met Opera is an incredible organization. Here it is on its Twitter page:
As they describe themselves on Twitter, they are "The world's greatest singers on the world's greatest stage."
I live a short walk away from this wonderful place and have enjoyed many amazing performances there over the years.
I've got tickets to see the Saturday matinee of their new production, The Hours. Something came up on Thursday that led me to go online to see if I could change to another date. This is what I saw:
Wow. Now it's Friday, and they've been down since Tuesday. It's a big deal:
No small loss, as the company handles about $200,000 worth of tickets each day.
Aida and The Hours, two major operas that are always popular with audiences, went on stage with an unusually empty theater, not even last-minute sales at deeply discounted prices helped save the day.
They are really scrambling. The Met Opera made an important announcement on Twitter:
And then said:
Just $50 tickets -- cheap for the Met -- and they're doing it for Dec 14, while this tweet was made on Dec 9. Their systems went down on Dec 6. So they're not planning on a resolution soon. And they have to use the symphony's box office instead of their own.
Computer Security and Cyber Attacks
The Met has "called in" the FBI, but that's a move that has yet to help any cyber attack victims. Here's why.
The Met has said nothing about the nature of the cyber attack. However, the fact that it's been days makes me think that it's likely to be a ransomware attack or something like it, because normally you'd just have to restore all your computers from backup or employ your disaster recovery protocol, which would normally take hours, not many days.
Ransomware is a relatively new kind of attack in which the hackers encrypt all your computers and won't give you the key to unencrypt them unless you pay a ransom, usually in terms of untraceable Bitcoin. Ransomware is amazingly widespread, hitting dozens of hospitals, corporations and government agencies many times a day. It's gone way beyond a crime wave -- it's a crime hurricane, and shows no signs of stopping.
It's likely that the Met followed all the regulations and expert advice for running their computers and keeping them secure. The trouble is, the regulations are ineffective and the experts don't know what they're doing -- they can't even keep their own systems secure, as has been famously illustrated many times over. Here is an understandable explanation of the issues. There are effective methods of cybersecurity, It's just that all the experts ignore them. In the middle of this post is a description of how smart people can recover from a successful attack in under an hour, if they've set things up correctly -- not unlike the way smart people have electric power backup generators for their homes.
Conclusion
I really hope the Met Opera recovers soon. Meanwhile, the cyber attack hurricane continues to intensify, largely staying out of the news, with the regulators and experts deepening their cluelessness as they press for larger budgets.
My question is simple: When will customers scream loud enough to make the complacent, computer-ignorant grandees in charge of the attacked organizations stop their support of computer executives who say impressive-sounding things while they continue to march to the suicidal orders of experts and regulators whose commands have been overwhelmingly proven to amount to holding up giant "welcome criminals, this is a defense-free zone" signs while spending ever-growing money to harm the organizations that pay them? WHEN??
Comments