In early April, when we reported that the hacker group known as the Shadow Brokers had released the password to NSA's "Top Secret Arsenal" of tools that allowed anyone to "back door" into virtually any computer system (in what it claimed was a protest of Trump's betrayal), few people noticed. On Friday, however, the entire world did notice when an unknown group of hackers reportedly used the same set of NSA-created tools to launch a global malware cyberattack using the WannaCry ransomware virus, holding at least 200,000 computer systems around the globe hostage, and demanding a payment of $300 in bitcoin to unlock infected computers, or else threatening to wipe out the contents of the infected machine.
The crippling, global attack prompted Europol to warn that Monday could be a dark day for an unknown number of Windows XP-based systems which may simply fail to start, leading to massive productivity losses around the globe, while others predicted that the spread of the worm could accelerate in the coming days once the hackers bypass the temporary measure that prevented further distribution of the worm over the weekend.
Meanwhile, on Sunday afternoon, Microsoft itself got involved in the global hacking scandal and criticized the NSA for its role in spreading the WannaCry epidemic; specifically the tech giant urged governments to use and store their cyber warfare tools responsibly.
“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” Microsoft President and Chief Legal Officer Brad Smith wrote in a blog post this afternoon. “This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.”
Ahead of the Shadow Brokers' leak of the NSA hacking tools, Microsoft had released a patch against the vulnerability one month prior, on March 14, which indicates that the company was notified by the US intelligence agency that their tools using that particular backdoor had been compromised. However, older, unsupported operating systems such as Windows XP were not included in the update, in addition to millions of used who do not update their systems regularly. As a result, the WannaCry malware infected more than 200,000 unpatched computers, and was threatening to spread to countless more as the hacker further weaponized their virus.
Needless to say, Microsoft was not happy.
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage" Smith wrote, adding that an "an equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action."
Microsoft's Chief Legal Officer also said the latest attack should serve as a “wake-up call” to world governments who should urgently establish a common set of strategies to deal with cyber threats.
“The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” Smith wrote. “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Smith also acknowledged Microsoft’s responsibility for failing to prevent the attack by not notifying all customers to install the patch on time, but noted that cybersecurity is a “shared responsibility” between tech companies and customers.
“We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident,” MSFT's President added.
Meanwhile, a global manhunt is currently underway to determine the source of the cyberattack. According to the European Cybercrime Centre, Europol is “working closely” with countries affected by the blitz to identify the culprits. Microsoft too is contributing to the investigation. “Working through our Microsoft Threat Intelligence Center (MSTIC) and Digital Crimes Unit, we’ll also share what we learn with law enforcement agencies, governments, and other customers around the world,” Smith wrote.
As we reported earlier, the narrative is already set to determine that the culprits were most likely Russians.
The full blog post by the Microsoft President and Chief Legal Officer can be found here.