Insights Blog This Month in Bug/Virus/Breach History – May, 2018


This Month in Bug/Virus/Breach History – May, 2018

Our latest monthly installment on historical events in software testing

The first day of May is known to many as May Day, a holiday honoring spring or labor.  Combine it into one word and you get “Mayday!”, a distress call used by aviators, mariners, and first responders.  If you have been reading the column, you should expect less festivity and more of the latter meaning.

On May 3, 1978, the first unsolicited bulk email (later to be called “spam”) was sent.  Gary Thuerk told his assistant to just send it to every ARPANET address on the west coast (all 393 of them!) in a single mass email, instead of sending them separately.  While many hated it, it did yield some sales.

On May 5, 2000, and innocent-sounding email with the tempting Title line of ILOVEYOU first appeared in the Philippines.  The text file attached was really a Visual Basic script — an executable worm which overwrote various media files, made the machine unbootable, and emailed itself out through your entire address book (not just the first 50 like Melissa did the previous year).  Within 10 days, 10% of all online computers had been infected, causing about $7B US dollars in damage and needing a cleanup cost of around $15B.  Many spy groups, governments and large companies shut down their email servers as a preventative measure.

On May 7, 2016, the first death by self-driving car occurred, when a Tesla Model S in auto-pilot mode failed to correctly detect or identify a tractor trailer.  It would be just over a year and a half later when a self-driving car killed a pedestrian; during that same month, a Tesla Model X SUV struck a highway divider and burst into flames killing the driver.  The term “semi-autonomous” is still used, acknowledging that some degree of human supervision is still advised.

May 12, 2017 saw the first major worldwide cyber attack (WannaCry), a month after a Wikileaks leak of CIA and NSA hacking tools announced the EternalBlue exploit that became WannaCry’s ransomware core, taking advantage of machines that had not installed a Microsoft security patch.  WannaCry installed backdoors on infected devices and demanded Bitcoin ransom payments.  It infected 200,000+ machines worldwide and is suspected to have originated by or with collusion with North Korea.  In the end, a kill switch (registering a specific domain name) disabled it.

May 25, 2018 (yes, just a few days from now!) sees the adopted guidelines of GDPR finally become enforced.  Let’s all try to stay safe, OK?

On May 27, 2017, thousands of people prepared for a holiday weekend via British Airways.  Instead, over 75,000 passengers were grounded due to a global system outage that caused flight cancelations for all of Heathrow and Gatwick for over a day. Early root cause guesses suspected a software bug or load problem, but the actual cause was quite mundane: a disconnected power supply at a data center caused a surge when reconnected, crashing the airline’s IT systems.  The financial impact has been estimated to be as high as € 100 m.

See you in June, when you can expect to see Heathrow (Terminal 5) make another appearance in this column.  Also, Ebay has an outage, a spacecraft is destroyed, Bitcoin’s price dives, and a beloved actor dies from an uncorrected software bug.