Microsoft slams NSA for WannaCry ransomware equating it with having 'Tomahawk missiles stolen'

'The governments of the world should treat this attack as a wake-up call,' Brad Smith, Microsoft president said.

NSA DoublePulsar malware may have infected upto 100,000 Windows computers — The ransomware was created on code from NSA malware strains that were recently leaked by the mysterious Shadow Brokers hacker group iStock

As the massive ransomware attack spread like wildfire across hundreds of countries over the weekend, experts estimated that the ransomware, dubbed WannaCrypt or WannaCry, infected over 100,000 computers in nearly 150 countries. Security researchers said the ransomware was created on code from NSA malware strains that were recently leaked by the mysterious Shadow Brokers hacker group.

The sheer scope of the devastating attacks saw the infosec community work frantically to battle the aftermath. Although the spread of the attacks was stopped, experts have warned people to brace for renewed and imminent waves of attacks.

Microsoft quickly issued patches to protect and defend its users against WannaCry. On Sunday (14 May), Microsoft president Brad Smith slammed the NSA and the US government, warning of the dangers of stockpiling cyberweapons.

"The governments of the world should treat this attack as a wake-up call," Smith said. "This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.

"This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen."

Microsoft lauded by Infosec community

"The US government clearly had its priorities wrong. These weapons should be properly secured. Imagine if someone had lost a nuclear weapon, heads would have rolled," Phillip Hallam-Baker, principal scientist, global cybersecurity firm Comodo, told IBTimes UK.

Microsoft commenting on the NSA building cyber arms for its software is the right thing todo. Vulnerability should of been fixed when found.
— Hacker Fantastic (@hackerfantastic) May 14, 2017

NSA using cyber to avert nuclear attacks is commendable and courageous, but clearly it came at a dangerous price to everyone.
— Hacker Fantastic (@hackerfantastic) May 14, 2017

Security experts have hailed Microsoft's decision to publicly call out the US government and the NSA's decision to stockpile cyberweapons. Experts, including whistleblower Edward Snowden, took to Twitter to laud Microsoft for its quick response and its censuring of the NSA.

Let me put this politely.

Microsoft is royally fucked off with the NSA.https://t.co/5IwqK4VXjw #WannaCry pic.twitter.com/NJNk8UhLEf
— Graham Cluley (@gcluley) May 14, 2017

Until this weekend's attack, Microsoft declined to officially confirm this, as US Gov refused to confirm or deny this was their exploit. https://t.co/i52jeJyD0l
— Edward Snowden (@Snowden) May 14, 2017

"We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits," Smith said, adding that such instances drove Microsoft to call for a "Digital Geneva Convention" in February, which would force governments to "report vulnerabilities to vendors, rather than stockpile, sell, or exploit them".

Cybersecurity

Join the Discussion