Microsoft has hit out at the US government blaming its own data hacking teams for causing the outbreak of the Ransomware virus. They have also warned that this attack is ‘only the beginning’.
Microsoft is asserting that the problem is due to a security flaw in Windows, the plot, however, does thicken. The security breach was reported to have been discovered by the NSA. The flaw was then stored on an ironically insecure medium as the flaw was stolen from the US government.
While you could argue why such a flaw existed in Windows at all, the fact that it appears that US intelligence knew of this, and did nothing, is another major inditement of their security procedures. Microsoft is keen to patch up the holes in the (fire)wall having recently patched their discontinued XP.
Is this exploit was discovered by US intelligence, it seems fairly clear that they intended to use it to their own advantage. Their failure to share this information has had implications worldwide with over 200,000 affected. The single most high-profile of the attack was the NHS in the UK which was effectively shut down online.
They have not found the creator of the WannaCry. What is clear is that the attack has had some success. People are incredibly paying the $300 fee for the decryption program. The decryption program has nearly raised $40,000 in revenue. Not a bad return despite the malevolent nature. Such a profit might encourage others to do so and that is most definitely not good.
Microsoft Executive, Brad Smith has pulled no punches in his comments: “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.”
He closed with the stark warning that: “The governments of the world should treat this attack as a wake-up call.”
While the cynic in me sees this as an effect for Microsoft to deflect blame away from their own security failings, it is a stunning criticism of the American Security Service. This is, not coincidentally I’m sure, a clever PR move.
This is a clever PR move. The NSA is an organisation already steeped in controversy. As such, any criticism of them is likely to build on the already well-documented criticisms. It is a clever deflection.
As the story progresses, eTeknix will keep you up to date with the latest news and developments. We have had a whip around the office and found the $300 to pay the fee although it did involve some people being shook by their ankles. So at least we are back online!
Just kidding, we’re far too poor to afford it.