F5.5G Leap-forward Development of Broadband in Africa The Africa Broadband Forum 2024 (BBAF 2024) was successfully held in Cape Town, South Africa recently, under…
Edward Snowden reminds us all that he was right after WannaCry fallout
It’s hard being right all the time, especially if you’re Edward Snowden.
The infamous whistleblower who curently calls Russia home spoke on Monday via video link at a Washington DC security conference.
And he just couldn’t help reminding everyone that the NSA sucks.
“They knew about this flaw in U.S. software, U.S. infrastructure, hospitals around the world, these auto plants and so on and so forth, but they did not report it to Microsoft until after the NSA learned that that flaw had been stolen by some outside group,” the former CIA contractor noted, according to a Newsweek transcript.
WannaCry infected over 300 000 Windows machines in 150 countries across the world this week
He also bemoaned the sluggishness of the NSA’s response to the attack, suggesting that the effect of WannaCry could’ve been minimised if it had given Microsoft more time to issue updates.
“Had the NSA not waited until our enemies already had this exploit to tell Microsoft, [so that] Microsoft could begin the patch cycle, we would have had years to prepare hospital networks for this attack rather than a month or two, which is what we actually ended up with,” he added.
These views mirror his tweet posted last week Friday, as the WannaCry attack was in full swing.
“If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened,” he wrote.
If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened https://t.co/lhApAqB5j3
— Edward Snowden (@Snowden) May 12, 2017
WannaCry, a ransomware package that held over 250 000 computers in 150 countries hostage this past weekend, spread like wildfire using an exploit reportedly leaked from the NSA.
Dubbed EternalBlue, the exploit allowed WannaCry to effectively infect neighbouring computers on a network using Windows’ SMB v1.0 (file sharing) protocol.
Incidentally, the Microsoft did issue a patch to quash the exploit in March. The company also made the remarkable step to issue a Windows XP update, an OS that has been unsupported since 2014.
But many users who were infected by WannaCry did not install it.
The extensive WannaCry fallout
The likes of the UK’s NHS, mobile telecommunications company Telefonica, and car manufacturer Renault were all impacted, with the latter completely shutting down production in its UK plant. The NHS is also still reeling from the ransomware’s fallout.
The NSA has also been called out by a number of security professionals, including Snowden and Microsoft itself, for stockpiling exploits.
“[T]his attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” blasted Microsoft’s chief legal officer and president Brad Smith in a blog.
Oh, and yes, Snowden also couldn’t resist reminding the world that being right this often really isn’t easy.
“It’s hard being right in the worst possible ways.”
Feature image: Greensefa/Rebecca Harms via Flickr (CC 2.0, resized)