Microsoft to NSA: WannaCry is your fault

Share

Microsoft is unlikely to face legal trouble over the ransomware attack, according to legal experts.

The state-run People's Daily compared the cyber attack to the terrorist hacking depicted in the USA film "Die Hard 4", warning that China's role in global trade and internet connectivity opened it to increased risks from overseas.

Microsoft's top lawyer has blamed the government's stockpiling of hacking tools as part of the reason for the WannaCry attack, the worldwide ransomware that has hit hundreds of thousands of systems in recent days.

The bank said the attack, which exploited "a flaw" in the Windows operating system, illustrates just how many businesses have delayed upgrading their operating systems to Windows 10.

More news: Trump denies telling Comey to back off, bashes former Federal Bureau of Investigation director

WannaCry uses an exploit known as EternalBlue-developed by the US National Security Agency (NSA) and leaked online past year by a group calling itself the Shadow Brokers.

According to reports, the malicious software spread to at least 300,000 devices globally, including the UK's National Health Service (NHS).

The central government had earlier said the ongoing ransomware cyberattack didn't have a serious impact in the country. Brad Smith, the company's lawyer wrote on Microsoft's official blog: "An equivalent scenario with conventional weapons would be the USA military having some of its Tomahawk missiles stolen". Once the issue became widespread and the news and views cycle went on an overdrive, it was surprising to see Microsoft getting the heat for not supporting Windows XP. Our own National Security Agency discovered that vulnerability and weaponized it, kind of like turning a vitamin-deficient food into a deadly poison. The malware primarily targeted users of Windows XP, which was launched by Microsoft in 2001. It was patched by Microsoft at the time, but older versions of Windows or those without Windows Update were left open to attacks. He argued there should be "a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them".

"This is hypocritical of the USA, to say the least, because no other country has mounted such wide-ranging, costly and long-term surveillance operations in the history of the internet as the NSA's PRISM and other spy programs". "We need the tech sector, customers and governments to work together to protect against cybersecurity attacks".

Share