SAN FRANCISCO — Microsoft president Brad Smith used Friday's global ransomware attack as a chance to call once more for the nations of the world to create and adhere to a set of Geneva Convention-like rules in cyberspace.
The massive “WannaCry” malware attack crippled more than 20% of hospitals in the United Kingdom and affected more than 200,000 victims in 150 countries, Rob Wainwright, the head of the European Union’s “Europol” law enforcement agency, said Sunday.
The software, which spreads among Windows computers, infects and then locks up individual machines, demanding a ransom to be paid in the electronic currency Bitcoin. The attack mostly impacted computers in Europe and Asia and for the most part spared North America. The criminals behind the attack have not yet been identified.
Smith and others have long advocated that the world’s governments need to pledge not to engage in cyberattacks that target civilian infrastructure.
The includes not stockpiling flaws in computer code that can be used to craft digital weapons. Just such a stockpiled flaw was behind the rapaciousness and rapidity with which the WannaCry ransomware spread.
It’s believed a group connected to the National Security Agency, known as The Equation Group, found or purchased previously undiscovered flaws in Microsoft Windows code and used them to create cyber-snooping and infiltration tools.
Those tools were part of a large cache of older NSA data that was stolen sometime over the past few years.
In August 2016, a group calling itself The Shadow Brokers began posting materials from that stolen cache of programs online.
Multiple leaks were posted, including one on April 14 of this year that contained an exploit (flawed computer code that can be used to craft cyberweapons) called EternalBlue.
That exploit was in turn one of those used to create the WannaCry ransomware program which can rapidly spread itself from computer network to computer network.
Jonathan Sander, chief technology officer for STEALTHbits Technologies, called WannaCry “a Frankenstein's monster of vulnerabilities with patches and exploits that were stolen from the NSA and published for all to see.”
The theft and posting of the stolen data gave criminals a huge head start. Instead of having to develop their own arsenals of cyberweapons, they simply had to repurpose work done by the highly skilled cyber experts at the NSA, said Phillip Hallam-Baker, principal scientist at the cybersecurity firm Comodo.
Just as dangerous as lost nuclear weapons
The U.S. government clearly had its priorities wrong in not focusing on better protecting these cyberweapons, he said.
“Whether or not you think the U.S. government should be spending a fortune developing such cyberweapons, surely it is obvious that the weapons they develop should be properly secured. If someone had lost a nuclear weapon, heads would have rolled. The CIA and NSA have been breached on a massive scale, and now the effects are being felt,” Hallam-Baker said.
Many people in fact believe someone at NSA must have tipped Microsoft that the files had been stolen, which is how it knew it needed to push out that particular patch, said Ryan Kalember of Proofpoint, a Sunnyvale, Calif.-based security firm whose researchers were instrumental in fighting the the WannaCry attack.
A Microsoft spokesman reached Sunday said the company had no comment.
Smith wrote in a blog post Sunday that the attack is an excellent object lesson in why governments stockpiling such vulnerabilities is such a problem.
“This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” he said.
Nations need to see the attack as a wake-up call, said Smith.
“They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”