Microsoft condemns the NSA and others in their development & hoarding of hacking tools

Microsoft’s Chief Legal Officer Brad Smith on the WannaCrypt attacks that affected thousands including hospitals and rail networks in the UK & Europe last week:

…this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.

For anyone that missed it. WannaCrypt is the name of malicious software that takes advantage of an old (and patched) exploit in Microsoft’s SMB file sharing protocol. The NSA used this exploit to develop their own tool for monitoring and infiltrating target networks. This tool has since leaked into the public domain and since morphed into the ransomeware WannaCrypt that infected so many public reliant systems causing widespread turmoil.

The Register has an in-depth report covering WannaCrypt, its history, development and links to tools and information on its recovery efforts available here.

Source: The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack – Microsoft on the Issues