A physical manifestation of a person’s soul that exists outside their body in the form of an animal … symbolizing a deep connection between humans and their inner selves.
All of the definitions of daemon could apply to this section. From a mythological perspective the main difference between a demon and a daemon is that the former is always bad news whereas a daemon could be either good or bad. The computing definition is also a good fit because as we will see some of the incidents described below were due to background processes that the user had no way of detecting or controlling. The Pullman definition of a daemon as external manifestations reflecting the soul within perhaps comes closest to theme of this post. Our world with multiple digital manifestations (apps and services) forever connected to and interacting with the minds of the creators and users but also able to function externally from those minds. Adding AI to the mix also adds a degree of autonomy that was also characteristic of Pullman’s daemons.
So now we have set the scene lets us consider some daemons.
In August 2023, the UK’s air traffic control service, National Air Traffic Services (NATS), experienced a technical glitch that caused flight cancellations and delays for over 700,000 passengers. A flight plan from French Bee for a flight from Los Angeles to Paris contained two waypoints with the same name, DVL, which confused NATS’ systems. DVL represented both Deauville in France and Devil’s Lake in North Dakota, USA. The system concluded that the aircraft would reach its UK exit point before its UK entry point, which it considered “not credible”. This caused the FPRSA-R primary system to disconnect, which then prompted the secondary system to take over. The secondary system also encountered the same problem and disconnected … The failure was made worse by delays in verifying the password of a Level 2 engineer who was working remotely. The engineer arrived at work more than three hours after the incident began. The failure caused hundreds of flights to be canceled, and people stranded abroad faced long waits to return home. Some passengers had to wait several days for alternative flights. (Google Gemini: Summary)
Petar Marjanovic, CC BY-SA 3.0, via Wikimedia Commons. (N.B not UK NATS)
In response to the shutdown of the primary and back-up systems the air traffic controllers had to switch back to the manual paper/card based system but they could only manage a fraction of the flights the digital system enabled and as read above chaos ensued. As well as disruption to passengers the economic losses were also considerable. The full report is available from the UK Civil Aviation Authority.
The point here is that what used to be a robust manual process albeit one with constraints on the flight numbers that could be handled at one time (60 per hour) had been replaced by a sophisticated computerised system that when it worked as intended enabled controllers to monitor and control many multiples of the flights that they could otherwise manage (800 per hour). It was a mission-critical automated system that had a back-up for resilience. The primary system choked on a data aberration and then the secondary back-up system choked on the same. The working digital system offered incredible efficiencies and increase in outputs. It’s resilience, however, depended on constant power for the computers, robust network links for the flow of flight data, the data to be in a format recognised by the UK NATS system, and for the software system to be able to cope with unexpected events without failing catastrophically. The full report also provides the insight that the US flight-plan format is different from that of European countries and it therefore had to undergo a conversion process. The conversion, however, added extra waypoints including one with a duplicate waypoint code to one that already existed. This was a critical error and the air traffic system rather than send an unsafe flight plan data into the automated system switched the computers to maintenance mode and forced the staff to adopt manual processes. But despite the consequences there was a fall-back manual system and in that is a message for us all.
But what happens when there is no fall-back manual system and the software is totally in charge?
The Boeing 737 Max crashes in 2018 and 2019 were caused by flawed flight control software that took control away from pilots without their knowledge. The software was based on data from a single sensor and involved a design flaw in the Maneuvering Characteristics Augmentation System (MCAS). The crashes killed 346 people. In response to the crashes … Some say that the 737 Max crashes are a tragic encounter with autonomous decision software, which is a type of AI. They argue that the interdependencies between human systems and algorithmic systems could have affected how people trained and reacted in emergencies. Boeing’s reputation was badly damaged by the crashes. The company faced accusations of deliberately concealing details of the flawed flight control software from regulators. (Google Gemini: Summary)
PK-REN, CC BY-SA 2.0, via Wikimedia Commons (The Boeing 737 Max which crashed 29 Oct 2018 after take-off from Jakarta)
We should note that Boeing had concealed information about changes to its flight stabilization system system from even the pilots of the aircraft. The pilots faced with what appeared to be abberant behaviour on the part of the aircraft ended up in what could prove, for some, to be a deadly wrestling match with software that would not relinquish control to them. The human, economic, and reputational cost was colossal.
It is important to put this into context, however, that given the millions of air miles flown a year, that flying in a aircraft is still statistically the safest mode of powered transport. The reasons that such incidents makes headline news is because of their relative rarity and because when they do happen they are investigated and reported on with great detail so that the problems are corrected and issues do not recur. The 737 Max example is used here because it draws a useful comparison with the previous UK National Air Traffic Control debacle, i.e. NATS was able to default to a manual control system when both its primary and secondary digital systems failed. The unfortunate pilots in the 737 Max could not over-ride what the automated system was doing and even more scandously did not even know that the system existed. Which brings us to our next example , this time with wheels firmly on the ground although with poisons in the air.
The Volkswagen emissions scandal involved software that allowed the automaker to cheat on emissions tests for millions of vehicles in the Volkswagen and Audi range. The scandal led to investigations by the US Department of Justice and other authorities from 2015 onwards. Two people, former engineer James Liang and compliance officer Oliver Schmidt, were prosecuted and sent to prison. The former CEO, Martin Winterkorn, was under investigation for fraud and market manipulation. The software, known as a “defeat device”, detected when a car was being tested by monitoring the speed, engine, air pressure, and steering wheel position. When the car was being tested, the software would activate emissions controls to reduce emissions and improve results. When the car was being driven normally, the software would turn off the emissions controls, potentially to improve performance or save on fuel. The vehicles emitted up to 40 times more nitrogen oxide (NOx) in real-world driving than they did during regulatory testing. The scandal became known as “Dieselgate” or “Emissionsgate”. (Google Gemini: Summary)
Here we had clever technology being used to change the emissions behaviour of a car when it detected it was being tested with circa 11 millions cars having the software installed. After such false assessments some of these cars became eligible for ‘green car’ subsidies and tax exemptions and could go on to pollute the environment outside of the test conditions. The common factor between the Volkswagen example and that of the Boeing 737 Max was the human decision to employ what was effectively covert software for the purposes of commercial gain. Complex machines with significant elements of software control. Software which we have to trust does not have contained within its invisible code behaviours which will do us harm through deceit, technical arrogance, bugs, or malicious intent.
But sometimes there are those who do wish us harm through malicious intent. For that purpose the software security industry has become an essential actor in the digital mix. But sometimes the digital fix becomes the problem.
Consider this sequence of events arising from a ‘security’ update to Microsoft Windows:
QueenBarenziah, CC BY 4.0, via Wikimedia Commons
A software update from the security company CrowdStrike caused a massive IT outage on July 19, 2024 that crashed millions of Windows systems. The update to CrowdStrike’s Falcon endpoint detection and response (EDR) platform caused Windows machines to crash and reboot endlessly. This resulted in “blue screens of death” on displays around the world. The outage affected nearly every industry, including: law enforcement; airports ; financial institutions ; healthcare systems ; retail. Microsoft reported that 8.5 million Windows machines were affected. The outage disrupted critical services and business operations. Insurers estimated the outage would cost U.S. Fortune 500 companies $5.4 billion. The update interacted negatively with computers running Microsoft Windows. (Google Gemini: Summary)
But what was CrowdStrike and its like intended to protect us from? For that let’s return to 2017.
The 2017 WannaCry ransomware attack was one of the most significant global cyberattacks in recent history. WannaCry is a type of ransomware, a malicious software designed to lock or encrypt a victimβs files until a ransom is paid to the attacker.It exploited a vulnerability in the Windows operating system, specifically a flaw in the Server Message Block (SMB) protocol. WannaCry encrypted the files on infected systems and displayed a ransom note demanding payment in Bitcoin to decrypt the files.
Digital Highway Robbery (AI generated image)
WannaCry spread rapidly using a tool called EternalBlue, believed to have been developed by the U.S. National Security Agency (NSA) and leaked by the hacking group Shadow Brokers in April 2017. EternalBlue exploited an SMB vulnerability in older or unpatched versions of Microsoft Windows. The ransomware propagated across networks, infecting systems even without user interaction, making it a worm as well as ransomware. On May 12, 2017 WannaCry began spreading globally. Within hours, hundreds of thousands of systems in over 150 countries were affected. On May 14, 2017 a security researcher, Marcus Hutchins (also known as MalwareTech), accidentally activated a βkill switchβ embedded in WannaCry by registering a domain found in its code, significantly slowing the spread. Estimated to have infected over 230,000 computers worldwide in its initial wave. Targeted organizations in various sectors, included: the UKβs National Health Service (NHS) which was severely affected, disrupting patient care and delaying surgeries. Patients were unable to access critical care services due to disabled computer systems, showcasing the real-world consequences of a cyberattack. Government agencies in countries like Russia and China reported significant disruptions. Large corporations, including FedEx, Renault, and Telefonica, experienced operational outages. Estimated damages ranged from $4 billion to $8 billion, including: lost productivity; costs of remediation and system recovery; and ransom payments (though relatively few victims paid). (ChatGPT summary)
As can be seen above the UK NHS was particularly badly affected by this attack with one of the main allegations for this being that parts of it (circa 5%) were still using computers with versions of Microsoft Windows that were so outdated that Microsoft had stopped providing security updates for them, e.g. Windows XP. Despite this, in 2018, the UK Parliament Public Account Committee report Cyber-attack on the NHS (PDF) concluded that all 200 hospitals and related agencies in England still failed cybersecurity checks. Parts of this report make for depressing reading with, for example, conclusion 5 stating:
NHS Digital had warned trusts to apply a patch that would have prevented WannaCry, but most of the organisations subsequently affected did not do so. Trusts find it difficult to apply patches without disrupting other parts of IT systems or the operation of equipment vital to patient care. There are also difficulties with medical equipment and systems that can only be updated by external suppliers, where the NHS needs to be proactive in ensuring suppliers are protecting systems properly. But there are ways to mitigate and manage these difficulties if you have the requisite skills. All NHS organisations face a challenge in attracting and retaining the right staff, and even NHS Digital itself has only 18 to 20 suitably skilled cyber security staff. (UK Parliament Public Account Committee report Cyber-attack on the NHS, 28 March 2018)
WannaCry is widely believed to have been a North Korean cyber-attack that was perhaps a little too successful in that one of the four most affected countries included their ally Russia. The others were Ukraine, India and Taiwan. Taiwan Semiconductor Manufacturing Company (TSMC)βthe world’s largest makers of semiconductors and processors was attacked by a new variant of WannaCry in 2018. The variant infected more than 10,000 of its computers and seriously damaged production.
A decade after the WannaCry distruption in June 2024, came a more targeted and sophisticated ransomware cyberattack that significantly disrupted medical services. This time the target was the private sector Synnovis a pathology services provider to several South East London NHS Trusts. The consequences were severe for Guyβs and St Thomasβ NHS Foundation Trust and Kingβs College Hospital NHS Foundation Trust and led to delays and cancellations of blood tests, other diagnostic services and also all but emergency operations and appointments. The disruption lasted until October 2024. Being a ransomware attack, the Russian cybercriminal group Qilin, also known as Agenda had encrypted 400GB of critical data on Synnovis servers including patient names, dates of birth, NHS numbers, and blood test results making it impossible for Synnovis staff to access it. Qilin then demanded a ransom in order to decrypt it. The group published some of the data online as a demonstration of what they had in their possession. The ransom element was probably incidental as the primary motive was the disruption and the engendering of a sense of insecurity and sapping of public morale, i.e. ‘the weaponisation of inconvenience’ where a proxy group working on behalf of another agency β usually a hostile state β undertakes disruptive actions at just below the level that they expect would trigger a detrimental cyber, political, or military response. Nevertheless this cyberattack underscores the critical importance of robust cybersecurity protocols within both public and private healthcare systems to protect sensitive patient data and ensure the continuity of vital medical services.
Moving on from health let us now consider wealth.
The world’s financial, logistics, and trading systems are probably the most digitised and so are going to attract the attention of both those who wish to exploit them or disrupt them. For example, North Korea alone is believed to have stolen $2 billion from at least 38 countries in the past five years (The Global Cyber Threat, International Monetary Fund, 2021). For insights into key trends on this growing problem it worth viewing the Timeline of Cyber Incidents Involving Financial Institutions from 2007-2022. Our personal financial information can be stolen and exploited but attacks directly upon banking systems leading to inaccessible account information can reach directly into individual homes and businesses throughout the world. Cashless societies may be efficient but they walk on the thin ice of the bits and bytes stored and transferred in the ether. No bits and bytes for any reason and no bills are paid. No shopping can be paid for. No evidence of financial health and wealth. No suppliers and salaries can be paid. No goods. No materials. And eventually. No economy. Anyone who has been affected by those occasional β and usually poorly explained β problematic IT system upgrades that temporarily disrupt access to financial accounts or card payment systems will recognise that slight anxiety and hope that temporary really means temporary. Anyone who has been in a store checkout queue when the online payments systems goes down and watches the cashless having to leave the store β sans their abandoned shopping β should reflect on how the logistics system ensuring deliveries to that store is also dependent on those bits and bytes in the ether continuing to flow. After all, cash is only useful if there is actually something available to buy.
While there are certainly major risks from bad actors outside of a digital system sometimes they are functioning directly at its heart. What we will consider now is a growing but alternative model of a cashless society that excludes banks and conventional financial institutions.
The digital world has spawned its own virtual currency form, flying under the common umbrella term of cryptocurrencies, e.g. Bitcoin, which allow users to send and receive payments directly without intermediaries like banks. The name derives from the cryptography used to automatically encode the financial data (values and transactions) for security. A cryptocurrency operates independently of central banks or governments and relies on a decentralized technology called blockchain to record and verify transactions. The lack of central oversight has proven attractive both for ideological or nefarious reasons. Cryptocurrencies are the ultimate demonstration of something that exists only as unmonitorable and largely unregulated bits and bytes to which sentiment can embue such dramatic swings in value to the point of an ‘investor’ being a crypocurrency billionaire one day and a pauper the next. Or be a hailed a cryptocurrency hero courted by the great and the good only β as in the FTX Scandal β to become unmasked as a pantomime villain the next.
Cointelegraph, CC BY 3.0, via Wikimedia Commons (Sam Bankman-Fried at Bitcoin 2021 conference)
FTX was a cryptocurrency exchange founded in 2019 by Sam Bankman-Fried (SBF) and Gary Wang. It became one of the largest and most trusted crypto exchanges, valued at $32 billion at its peak. FTX was known for offering various services, including spot trading, derivatives, and unique products like tokenized stocks. The scandal centers around financial mismanagement, fraud, and the misuse of customer funds which were redirected to Alameda Research β a trading firm also founded by Sam Bankman-Fried β to cover its Almeda trading losses and risky bets, violating the separation between the two entities … [ as a consequence] FTX was unable to meet [sudden] withdrawal demands, exposing a massive liquidity shortfall of approximately $8 billion … FTX portrayed itself as a safe and reliable exchange, attracting millions of users. However, its internal financial practices were allegedly deceptive and unsustainable … Sam Bankman-Fried the CEO of FTX was a prominent figure in the crypto space and heavily involved in U.S. politics, donating millions to political campaigns. (ChatGPT summary)
On 28 March 2024 Sam Bankman-Fried was sentenced to 25 years in prison and ordered to repay $11 billion. FTX the cryptocurrency exchange he founded is no more. Some investors lost their life savings and all of their investments. Creditors and shareholders lost capital. The bankruptcy proceedings are currently scheduled to last until 2025.
The collapse of FTX could be dismissed as an ievitability arising from the relatively unregulated nature of the cryptocurrency sector but the digitisation of mainstream banking has also cultivated its own dramas.
In March 2023, Silicon Valley Bank (SVB) a prominent financial institution serving the technology and startup sectors collapsed. This was one of the largest bank failures in U.S. history. Deposits had flowed into SVB during the Covid-19 pandemic and the bank has invested those in long-term government bonds and mortgage-backed securities. But as the US Federal Reserve raised interest rates to combat inflation the value of these long-term investments declined significantly. As the start-ups and tech firms began to withdraw their deposits to sustain their operations SVB was forced to sell their long-term investments at a $1.8 billion loss which began to erode confidence in its own financial position. That in turn led to a run on the bank, e.g. $42 billion in a single day, meaning that SVB could not generate liquidity quickly enough to stay viable. SVB was by all accounts a successful financial institution but the main lessons here are two-fold. The first mistake it made was like many commercial gainers during the pandemic was to assume that the benefits, e..g increase in deposits, that arose were either permanent or could be unwound in a controllable way. Hence its investment of depositor’s money in long-term securities which are by definition long-term and have financial penalties if they are transformed to short-term. Rising interest rates and long-term investments are uncomfortable bedfellows particularly when clients come calling for their money back. The second mistake was to underestimate just how quickly digital communications can amplify and magnify fear and doubt and in turn amplify and magnify digital withdrawal of deposits. SVB just lacked the resilience to resist the financial onslaught of such a dramatic loss of confidence in its viability.
To share this post other people can scan the QR code below directly from your phone screen. Alternatively send the image to them via whatever is your preferred messaging system.
