SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
Microsoft president Brad Smith's blog post appeared to be official confirmation that the NSA developed the virus. (Photo: Lee Davy/flickr/cc)
Microsoft President: Governments Must Treat Cyber Attack as 'Wake-Up Call'
'This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem'
May 15, 2017
The president of Microsoft slammed the National Security Agency (NSA) for its role in the ongoing global malware attack, saying it was "yet another example of why the stockpiling of vulnerabilities by governments is such a problem."
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Brad Smith, president and chief legal officer at Microsoft, wrote in a blog post on Sunday. "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."
"The governments of the world should treat this attack as a wake-up call," Smith wrote.
Last Friday, stolen NSA malware was used to attack hospitals, universities, and businesses around the world, ultimately hitting hundreds of thousands of computers in more than 150 countries, including the U.S., reaching what Europol--Europe's leading police agency--described as an "unprecedented level." It forced the closure of multiple hospitals and ambulance companies, among other services and institutions. As of the weekend, it had spread to China, and security experts say it could just be getting started.
Smith's blog post appeared to be official confirmation that the NSA developed the virus.
"[T]his attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017," Smith wrote.
The tool, known as "WannaCry," was stolen by a group known as the Shadow Brokers, using a weaponized Microsoft vulnerability developed by the NSA against the warnings of cyber security experts. WannaCry operates by locking the user out of their system, encrypting the data, and demanding a ransom via Bitcoin to release it, starting as high as $300.
Microsoft in March released a patch for users to remove the vulnerability, but long-standing delays in updating major systems--such as the National Health Service (NHS) in the U.K.--exacerbated by a lack of support from the software company, allowed the attack to spread quickly around the world.
"The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect," Smith wrote Sunday. "As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they're literally fighting the problems of the present with tools from the past."
Still, he said, the greatest burden should fall on the government. He reiterated Microsoft's call for a "Digital Geneva Convention" to create new requirements for governments to report vulnerabilities to vendors rather than stockpile, sell, or weaponize them.
"They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world," he wrote. "We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, The U.S. is on a fast track to authoritarianism like nothing I've ever seen. Meanwhile, corporate news outlets are utterly capitulating to Trump, twisting their coverage to avoid drawing his ire while lining up to stuff cash in his pockets. That's why I believe that Common Dreams is doing the best and most consequential reporting that we've ever done. Our small but mighty team is a progressive reporting powerhouse, covering the news every day that the corporate media never will. Our mission has always been simple: To inform. To inspire. And to ignite change for the common good. Now here's the key piece that I want all our readers to understand: None of this would be possible without your financial support. That's not just some fundraising cliche. It's the absolute and literal truth. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. Will you donate now to help power the nonprofit, independent reporting of Common Dreams? Thank you for being a vital member of our community. Together, we can keep independent journalism alive when it’s needed most. - Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
The president of Microsoft slammed the National Security Agency (NSA) for its role in the ongoing global malware attack, saying it was "yet another example of why the stockpiling of vulnerabilities by governments is such a problem."
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Brad Smith, president and chief legal officer at Microsoft, wrote in a blog post on Sunday. "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."
"The governments of the world should treat this attack as a wake-up call," Smith wrote.
Last Friday, stolen NSA malware was used to attack hospitals, universities, and businesses around the world, ultimately hitting hundreds of thousands of computers in more than 150 countries, including the U.S., reaching what Europol--Europe's leading police agency--described as an "unprecedented level." It forced the closure of multiple hospitals and ambulance companies, among other services and institutions. As of the weekend, it had spread to China, and security experts say it could just be getting started.
Smith's blog post appeared to be official confirmation that the NSA developed the virus.
"[T]his attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017," Smith wrote.
The tool, known as "WannaCry," was stolen by a group known as the Shadow Brokers, using a weaponized Microsoft vulnerability developed by the NSA against the warnings of cyber security experts. WannaCry operates by locking the user out of their system, encrypting the data, and demanding a ransom via Bitcoin to release it, starting as high as $300.
Microsoft in March released a patch for users to remove the vulnerability, but long-standing delays in updating major systems--such as the National Health Service (NHS) in the U.K.--exacerbated by a lack of support from the software company, allowed the attack to spread quickly around the world.
"The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect," Smith wrote Sunday. "As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they're literally fighting the problems of the present with tools from the past."
Still, he said, the greatest burden should fall on the government. He reiterated Microsoft's call for a "Digital Geneva Convention" to create new requirements for governments to report vulnerabilities to vendors rather than stockpile, sell, or weaponize them.
"They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world," he wrote. "We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
The president of Microsoft slammed the National Security Agency (NSA) for its role in the ongoing global malware attack, saying it was "yet another example of why the stockpiling of vulnerabilities by governments is such a problem."
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Brad Smith, president and chief legal officer at Microsoft, wrote in a blog post on Sunday. "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."
"The governments of the world should treat this attack as a wake-up call," Smith wrote.
Last Friday, stolen NSA malware was used to attack hospitals, universities, and businesses around the world, ultimately hitting hundreds of thousands of computers in more than 150 countries, including the U.S., reaching what Europol--Europe's leading police agency--described as an "unprecedented level." It forced the closure of multiple hospitals and ambulance companies, among other services and institutions. As of the weekend, it had spread to China, and security experts say it could just be getting started.
Smith's blog post appeared to be official confirmation that the NSA developed the virus.
"[T]his attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017," Smith wrote.
The tool, known as "WannaCry," was stolen by a group known as the Shadow Brokers, using a weaponized Microsoft vulnerability developed by the NSA against the warnings of cyber security experts. WannaCry operates by locking the user out of their system, encrypting the data, and demanding a ransom via Bitcoin to release it, starting as high as $300.
Microsoft in March released a patch for users to remove the vulnerability, but long-standing delays in updating major systems--such as the National Health Service (NHS) in the U.K.--exacerbated by a lack of support from the software company, allowed the attack to spread quickly around the world.
"The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect," Smith wrote Sunday. "As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they're literally fighting the problems of the present with tools from the past."
Still, he said, the greatest burden should fall on the government. He reiterated Microsoft's call for a "Digital Geneva Convention" to create new requirements for governments to report vulnerabilities to vendors rather than stockpile, sell, or weaponize them.
"They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world," he wrote. "We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.