— Steph 💫 (@pinkwaldd) May 12, 2017
The 22-year-old technology blogger who discovered a ‘kill switch’ for the most damaging cyber attack in recent memory warns that the culprits will just ‘change code and start again’. Though the malware seems to be slowing down, GCHQ are also warning that a reiteration of the worm may create a ‘second wave’.
Earlier, Microsoft released a statement denouncing organisations that refuse to update their systems with patches from Microsoft’s Threat Protection Service. Although the exploit that enables WannaCrypt to spread was patched back in March, many companies (including the NHS in the UK) continue to use Windows XP, which stopped receiving security updates three years ago.
More importantly, Microsoft’s statement also condemns the American National Security Agency (NSA), who developed EternalBlue, the exploit WannaCrypt uses in order to gain access to Windows networks.
The NSA’s EternalBlue Windows exploit was released to the public last month by the mysterious group Shadowbrokers, alongside a trove of other cyber weapons used to gain access to personal data.
The NSA are not the only US Federal Agency to come under fire in recent months; the Wikileaks Vault 7 publications exposed many of the ‘cyber tomahawks’ which are used by the CIA to gain access to popular devices. Many of the zero-day exploits were unclassified and traded on the black market, suggesting that a cyber attack of the magnitude we have just seen was an inevitability rather than bad luck.
Microsoft make a strong case in their defence. They employ 3,500 security engineers and have a dedicated department to patch holes in security – but if a federal government agency are being handed 10 billion dollars a year to create and perpetuate software exploits for the purposes of espionage, without the knowledge of the product developers, then eventually cyber weapons will fall into the wrong hands – as was the case with WannaCrypt.
In the UK over the weekend, doctors were forced to reschedule vital surgery, hospital queues reached record lengths and overworked nurses had to clock even more overtime. These are the human consequences of the games that the NSA are playing.
Continuously patching security updates rather than taking action against the source of the damage – the NSA – is like throwing cups of water on a fire but ignoring the pyromaniac who is dousing the place with gasoline.
The NSA somehow evaded serious restructuring after Edward Snowden bravely gave up his freedom to expose their unconstitutional actions. Surely they must now be made accountable for the damage they are causing?
Leak of Nations | NSA | WannaCrypt Cyber Attacks