Microsoft Slams NSA For Letting Its Hacking Tools Cause Global Malware Epidemic
by Tyler Durden
ZeroHedge.com
May 14, 2017
In early April, when we reported that the hacker group known as the Shadow Brokers had released the password to NSA’s “Top Secret Arsenal” of tools that allowed anyone to “back door” into virtually any computer system (in what it claimed was a protest of Trump’s betrayal), few people noticed. On Friday, however, the entire world did notice when an unknown group of hackers reportedly used the same set of NSA-created tools to launch a global malware cyberattack using the WannaCry ransomware virus, holding at least 200,000 computer systems around the globe hostage, and demanding a payment of $300 in bitcoin to unlock infected computers, or else threatening to wipe out the contents of the host machine.
The crippling, global attack prompted Europol to warn that Monday could be a dark day for an unknown number of Windows XP-based systems which could simply fail to start, leading to massive productivity losses around the globe, while others predicted that the spread of the worm could accelerate in the coming days once the hackers bypass the temporary measure that prevented further distribution of the worm over the weekend.
Meanwhile, on Sunday afternoon, Microsoft itself got involved in the global hacking scandal and criticized the NSA for its role in spreading the WannaCry epidemic; specifically the tech giant urged governments to use and store their cyber warfare tools responsibly.
“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” Microsoft President and Chief Legal Officer Brad Smith wrote in a blog post this afternoon. “This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.”
Ahead of the Shadow Brokers’ leak of the NSA hacking tools, Microsoft had released a patch against the vulnerability one month prior, on March 14, which indicates that the company was notified by the US intelligence agency that their tools using that particular backdoor had been compromised. However, older, unsupported operating systems such as Windows XP were not included in the update, in addition to millions of used who do not update their systems regularly. As a result, the WannaCry malware infected more than 200,000 unpatched computers, and was threatening to spread to countless more as the hacker further weaponized their virus.
Needless to say, Microsoft was not happy.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage” Smith wrote, adding that an “an equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.”
The Rest…HERE
