The global ransomware attack and the crimes of the US spy agencies
16 May 2017
Over the past four days, some 350,000 computers have been infected by the so-called “WannaCry” malware, including 70,000 devices such as MRI scanners, blood storage refrigerators and operating equipment used by Britain’s National Health Service. As a result of the attack, the NHS was forced to turn away emergency room patients and divert ambulances, potentially resulting in serious illnesses and even fatalities.
The worm is a piece of “ransomware” that encrypts users’ data until the creators receive a payment. It uses “exploits” developed by the US National Security Agency as just a small part of the NSA’s catalog of hacking tools.
When NSA researchers discovered the vulnerability in the Windows operating system targeted by “WannaCry,” they refused to inform Microsoft. The company found out about the existence of the vulnerability only shortly before the general public, when it was leaked by the Shadow Brokers hacker group on April 14 of this year.
On Saturday, Microsoft President Brad Smith, in a tersely worded blog post, faulted the NSA for failing to share its knowledge of the exploit. “This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” he wrote, adding that “this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today—nation-state action and organized criminal action.”
He concluded, “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Microsoft is far from blameless when it comes to the NSA’s operations. It…