Security experts including National Security Agency whistleblower Edward Snowden have blamed the intelligence agency for failing to inform potential targets about their vulnerability to cyber-attack.
If NSA had disclosed rather than stockpiled these vulns when it found them, more hospitals would be safer against this attack. https://t.co/bMro2DSEx7
— Kevin Bankston (@KevinBankston) May 12, 2017
On Friday, computer systems across the world were attacked by hackers in an attack dubbed WannaCry," which uses an NSA exploit codenamed EternalBlue that was one of several tools leaked by the Shadow Brokers last month.
The tool exploits a vulnerability in Microsoft's Server Message Block which allows attackers to crash systems with a denial of service attack. After scrambling computer files, the malware demands $300 in Bitcoin to restore documents.
According to Kaspersky Lab, the cyber-attack has hit as many as 74 countries, including Russia, Ukraine and India.
RT @CurrentJen: Massive, fast-moving cyberattack hits as many as 74 countries https://t.co/DjFuaVBIuv via @USATODAY feat @kaspersky's @k_sec
— Kaspersky Lab (@kaspersky) May 13, 2017
The infections have disabled at least 16 hospitals in the UK, Spain's main telecommunication services provider Telefonica, some Italian universities as well as some FedEx computers.
+++EIL+++ Globaler Trojaner Angriff: auch die deutsche Bahn ist betroffen. Alle Systeme wurden heruntergefahren. pic.twitter.com/x456EmFnSh
— █👁█ (@46616C7365) May 12, 2017
"Global Trojan attack: the German railway is also affected, all systems are down."
Edward Snowden, the whistleblower who first revealed the existence of the NSA's global espionage program in 2013, also commented on the hack.
This is a special case. Had @NSAGov disclosed the vuln when they discovered it, hospitals would have had years — not months — to prepare. https://t.co/HJj1TsfQYn
— Edward Snowden (@Snowden) May 12, 2017
If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened https://t.co/lhApAqB5j3
— Edward Snowden (@Snowden) May 12, 2017
Last month, the Shadow Brokers hacking group released documents containing vulnerabilities identified by the NSA and hacking tools developed by the intelligence agency to break into Windows computers.
Shadow Brokers made the exploits public after the NSA left their arsenal of hacking tools on a server ‘in the wild,’ allowing them to be picked up by any hacker who stumbled upon them.
This is really bad, in about an hour or so any attacker can download simple toolkit to hack into Microsoft based computers around the globe.
— Hacker Fantastic (@hackerfantastic) April 14, 2017
Then, Snowden raised the issue of whether the NSA would be liable for any consequent hack using the tools.
#NSA knew their hacking methods were stolen last year, but refused to tell software makers how to lock the thieves out. Are they liable?
— Edward Snowden (@Snowden) April 14, 2017
Breaking: @Microsoft confirms that the US gov did not disclosure any vulnerability information evident in leaked @shadowbrokerss docs pic.twitter.com/HaXbAEjbce
— Chris Bing (@Bing_Chris) April 14, 2017
The Shadow Brokers' file dump included 23 new hacking tools named OddJob, EasyBee, EternalRomance, FuzzBunch, EducatedScholar, and others. The tools are capable of breaking into computers running versions of the Windows operating system which are earlier than the most recent Windows 10.
Shortly after the hack, IT security expert Tiago Henriques of Binary Edge told Sputnik that an NSA hacking tool called Doublepulsar had already infected millions of machines worldwide and was using them as botnets to attack others.
"Unfortunately for some companies, (for example) banks that transfer entire GDP's of countries across their networks in a day, it's very hard to just update because these are very critical systems and if they go down or something goes wrong with the update, it causes a huge business impact," Henriques explained.
Henriques said the most important thing users can do to prevent such an attack is to update their system with the latest version of their software.
"If you are a home user, upgrade to the latest software and of course properly configure your firewalls. If you are exposing a service to the internet, allow only specific addresses to connect to that service, instead of the entire internet," Henriques advised.
