Just one more reason for China to develop its own mousetrap.
According to China’s official state TV broadcaster, cited by the New York Times, about 40,000 institutions were hit by the WannaCry ransomware attack on Windows-based computers since Friday – more institutions than in any other country.
This included research universities like Tsinghua University. Students around the country complained about being locked out of final thesis papers. Hainan Airlines and other major companies were infected. The electronic payment systems at PetroChina’s gas stations around the country went down for much of the weekend. Bank of China ATMs went down too.
China Telecom was among the companies that instructed employees over the weekend to patch the vulnerability of their computers, first using a patch it provided, and when that failed, a patch provided by Chinese security company Qihoo 360, which, as the Times put it, citing an employee of China Telecom, “supports pirated and out-of-date versions of Windows.”
So why did China’s companies and institutions get infected with this ransomware in such large numbers? One reason is the sheer size and complexity of the Chinese economy and the large numbers of computers. The other reason: Pirated versions of Microsoft Windows running on those computers.
These bootleg copies cannot be patched via Microsoft updates. Microsoft released a patch to fix this vulnerability on March 14. Updated computers were not affected by WannaCry. But that patch wasn’t available for bootleg copies of Windows.
Software trade organization BSA reported last year that 70% of the software running on computers in China was pirated. Though that was down from 79% in 2009, it still leaves much of China vulnerable to cyber-attacks since this bootleg software cannot easily be registered with the software developer, such as Microsoft.
Other countries too were disproportionately impacted by WannaCry, particularly Russia – though the numbers were much smaller because the Russian economy is only about one-eighth the size of the Chinese economy. According to BSA, about 64% of the software on computers in Russia was pirated. By comparison, in the US, 17% of the software was pirated.
It its biting blog post, Microsoft blamed two factors more than anything:
- The NSA – whose exploit this had been before it was stolen and made public – for “stockpiling of vulnerabilities.”
- And unpatched versions of Windows.
Since the patch had been available for two months, why weren’t operating systems being updated? There are several reasons, one of them being machines running Windows XP, which is no longer supported by Microsoft. But in China, the top reason was the reliance on bootleg copies of newer versions of Windows.
“Most of the schools are now all using pirate software, including operation system and professional software,” Zhu Huanjie, who is studying network engineering in Hangzhou, told the Times. “In China, the Windows that most people are using is still pirated. This is just the way it is.”
The Chinese government isn’t particularly focused on policing Microsoft’s intellectual property rights or boosting its revenue opportunities in China. So to heck with Microsoft. Instead, according to the Times, it’s focused on “building local alternatives to Microsoft,” with mixed results:
After leaks by the former intelligence contractor Edward J. Snowden about American hacking attacks aimed at monitoring China’s military buildup, leaders in Beijing accelerated a push to develop Chinese-branded software and hardware that would be harder to breach.
For the time being, however, much of China relies on Windows.
So will China learn some kind of lesson and buy a billion licensed copies of the latest and greatest version of Windows, directly from Microsoft, with future updates and all, and shovel billions of dollars in Microsoft’s direction?
Hardly. At least, the stock market doesn’t think so. Such a move would be a big boost for revenues in China. But Microsoft shares dropped starting Thursday morning through Monday morning, though they recovered some Monday afternoon. They remain down about 1.5% from the high on Wednesday just before the close. So investors don’t think China, after what it has been through since the Snowden revelations, is suddenly going to become a fan of paying Microsoft billions of dollars for licensed versions of Windows when it can get bootleg copies for free.
China will more likely do what it has done with so many other products and technologies, including high-speed rail systems. It’s going to learn from the best out there and then build its own versions. Such an operating system might be based on Linux or it might be something different altogether. This version would be open to inspection by the Chinese government when needed and controllable when necessary. The developers will certainly try to keep the NSA’s prying eyes out of it. And when ready for prime time, this operating system might appear on the world markets – much like China’s high-speed rail systems. So Microsoft, which booked a revenue decline in 2016, might get squeezed further by this debacle in China.
Even in China, robots are the Great Equalizer. Read… Manufacturing Might Come Back to the US, but Robots will Get the Jobs: Apple CEO
Enjoy reading WOLF STREET and want to support it? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.