- Is that Rosa Parks in random Twitter user’s baby photo? Tuesday 8:24 PM
- Syracuse students say white supremacist manifesto was AirDropped to them Tuesday 7:44 PM
- Florida woman gets prison time for throwing slushie at Matt Gaetz Tuesday 6:28 PM
- Marie Kondo’s online store slammed for selling clutter-worthy products Tuesday 5:34 PM
- People are rallying against toxic masculinity on International Men’s Day Tuesday 4:42 PM
- Reddit wants to stop its pro-Trump forum from outing the alleged whistleblower Tuesday 3:38 PM
- White woman calls cops on man who said he was visiting aunt with his kids Tuesday 3:12 PM
- ‘The Stranded’ is a flawed yet addictive blend of ‘Degrassi’ and ‘Lost’ Tuesday 2:45 PM
- The ‘gonna tell my kids’ meme is revisionist history at its most absurd Tuesday 2:24 PM
- Redditor asks former burglars to give home security tips Tuesday 2:18 PM
- Facebook-Breitbart partnership under fire in wake of new Stephen Miller emails Tuesday 2:00 PM
- John Krasinski under fire after praising the CIA Tuesday 1:46 PM
- Conservatives melt down after Chick-fil-A says it will stop donating to anti-LGBTQ orgs Tuesday 1:33 PM
- ‘Honey Boy’ is an experimental look at channeling trauma Tuesday 1:28 PM
- Disney+ now allows users to resume and restart content Tuesday 11:42 AM
Microsoft confirmed in a blog published on Sunday that the devastating ransomware that infected around 200,000 computers across 150 countries late last week was “drawn from the exploits stolen from the National Security Agency, or NSA, in the United States.”
The aggressive malware, dubbed WannaCrypt, utilized a previously reported vulnerability found within the Windows operating system produced by Microsoft.
The ransomware had been leaked by a hacker group called Shadow Brokers in 2016 and although a patch was already available for the exploit, many systems had not been updated and were left crippled as the virus rolled out. In the U.K., the National Health Service’s systems across 48 localized trusts fell victim, for example, seriously impacting patient care.
Responding to the incident, the company’s president and chief legal officer, Brad Smith, criticized the U.S. government’s weaponizing of computer vulnerabilities, the leak of which enabled this attack, and the dangers of not informing tech companies about them.
“This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today—nation-state action and organized criminal action,” he wrote.
“Governments of the world should treat this attack as a wake-up call. … They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” Smith continued, adding: “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Smith then likened the severity of the scenario to the “U.S. military having some of its Tomahawk missiles stolen.” He called, once again, for a Digital Geneva Convention that would require governments to “report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.”
Aside from taking a position on the wider consequence and implication of what will become a notorious cyberattack, Smith also took the time to underline Microsoft’s commitment to resolving the situation—beginning with a dedicated force of 3,500 security engineers currently working to help customers around the world recover their systems.
This is the thing. This approach by the NSA - and by GCHQ - makes us *all* less secure. It’s not privacy v security at all. We lose both. https://t.co/Xiq8zRDbF3— Paul Bernal (@PaulbernalUK) May 15, 2017
David Gilmour is a reporter who specializes in national politics, internet culture, and technology.