- No, that guy didn’t really fly alone on a Delta flight Saturday 4:31 PM
- Fans are paying to meet their favorite YouTubers online through pilot program Saturday 2:54 PM
- Behold: 12 straight hours of ‘Stranger Things” Alexei drinking a Slurpee Saturday 2:05 PM
- Influencer couple under fire for using holy water to splash genitals in Bali Saturday 1:29 PM
- These are the 10 best villains DC comics has ever conceived Saturday 1:11 PM
- The Daily Wire accused of stealing art design from pop artist for its merchandise Saturday 12:09 PM
- Instagram model Rianne Meijer on keeping it real with her followers Saturday 10:52 AM
- How to stream Chelsea vs. Leicester City Saturday 8:30 AM
- Florida man arrested after allegedly texting girlfriend his mass shooting plans Saturday 8:27 AM
- How to stream Real Madrid vs. Celta Vigo Saturday 8:20 AM
- How to stream Seahawks vs. Vikings in NFL preseason action Saturday 8:00 AM
- How to stream Steelers vs. Chiefs in NFL preseason action Saturday 6:30 AM
- Chuck E. Cheese recycles pizza is the conspiracy theory that won’t die Saturday 6:30 AM
- How to stream Cowboys vs Rams in NFL preseason action Saturday 6:00 AM
- Cómo ver el UFC 241: Daniel Cormier vs. Stipe Miocic Saturday 6:00 AM
Microsoft confirmed in a blog published on Sunday that the devastating ransomware that infected around 200,000 computers across 150 countries late last week was “drawn from the exploits stolen from the National Security Agency, or NSA, in the United States.”
The aggressive malware, dubbed WannaCrypt, utilized a previously reported vulnerability found within the Windows operating system produced by Microsoft.
The ransomware had been leaked by a hacker group called Shadow Brokers in 2016 and although a patch was already available for the exploit, many systems had not been updated and were left crippled as the virus rolled out. In the U.K., the National Health Service’s systems across 48 localized trusts fell victim, for example, seriously impacting patient care.
Responding to the incident, the company’s president and chief legal officer, Brad Smith, criticized the U.S. government’s weaponizing of computer vulnerabilities, the leak of which enabled this attack, and the dangers of not informing tech companies about them.
“This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today—nation-state action and organized criminal action,” he wrote.
“Governments of the world should treat this attack as a wake-up call. … They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” Smith continued, adding: “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Smith then likened the severity of the scenario to the “U.S. military having some of its Tomahawk missiles stolen.” He called, once again, for a Digital Geneva Convention that would require governments to “report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.”
Aside from taking a position on the wider consequence and implication of what will become a notorious cyberattack, Smith also took the time to underline Microsoft’s commitment to resolving the situation—beginning with a dedicated force of 3,500 security engineers currently working to help customers around the world recover their systems.
This is the thing. This approach by the NSA - and by GCHQ - makes us *all* less secure. It’s not privacy v security at all. We lose both. https://t.co/Xiq8zRDbF3— Paul Bernal (@PaulbernalUK) May 15, 2017
David Gilmour is a reporter who specializes in national politics, internet culture, and technology. He previously covered civil liberties, crime, and politics for Vice.