The huge cyber-attack affecting organisations around the world, including some UK hospitals, can be traced back to the US National Security Agency (NSA) – raising questions over the US government’s decision to keep such flaws a secret.
Elements of the malicious software used in Friday’s attacks were part of a treasure trove of cyber-attack tools leaked by hacking group the Shadow Brokers in April.
One of the tools contained in the Shadow Brokers leak, codenamed EternalBlue, proved to be “the most significant factor” in the spread of Friday’s global attack, according to cyber-security firm Kaspersky Lab.
The tool was said to have been created by the NSA – though, as is typical, the agency has neither confirmed nor denied this.
EternalBlue was made public on 14 April, and while Microsoft had fixed the problem a month prior to its leak, it appeared many high-profile targets had not updated their systems to stay secure.
Friday’s attack has reignited the debate over whether or not governments should disclose vulnerabilities they have discovered or bought on the black market.
“It would be deeply troubling if the NSA knew about this vulnerability but failed to disclose it to Microsoft until after it was stolen,” said Patrick Toomey, a lawyer working for the American Civil Liberties Union.
“These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world.
“Patching security holes immediately, not stockpiling them, is the best way to make everyone’s digital life safer.”
Edward Snowden, who famously leaked many internal NSA files in June 2013, criticised the NSA on Friday in a series of tweets.
“In light of today’s attack, Congress needs to be asking [the NSA] if it knows of any other vulnerabilities in software used in our hospitals,” he wrote.
“If [the NSA] had privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, this may not have happened.”
However, others focused the blame at institutions for being too slow in updating their systems, given that this attack happened almost two months after a (free) fix was made available by Microsoft.
“Say what you want to say about the NSA or disclosure process,” said Zeynep Tufeki, a professor at the University of North Carolina.
“But this is one in which what’s broken is the system by which we fix.”
For the UK’s National Health Service, the problem is perhaps more acute.
Security firms have continually raised alarms about the NHS’s reliance on Windows XP, an operating system that is no longer supported by Microsoft.
“A UK security researcher has told the BBC how he “accidentally” halted the spread of the malicious ransomware that has affected hundreds of organisations, including the UK’s NHS.
The 22-year-old man, known by the pseudonym MalwareTech, had taken a week off work, but decided to investigate the ransomware after hearing about the global cyber-attack.
He managed to bring the spread to a halt when he found what appeared to be a “kill switch” in the rogue software’s code.
“It was actually partly accidental,” he told the BBC, after spending the night investigating. “I have not slept a wink.”
Although his discovery did not repair the damage done by the ransomware, it did stop it spreading to new computers, and he has been hailed an “accidental hero”.
“I would say that’s correct,” he told the BBC.
This week Microsoft unveiled it’s new plans to package a holographic headset to accompany it’s new operating system soon to be released, Windows 10.
The “Hololens” as it’s known, will be shipped with the new operating along with it’s voice activated software “Cortana” which is already available on it’s phones. The holograph headset, will allow users to wirelessly view holograms and both have a due date when they will be available it’s expected later in
(Image : Mashable.com)
It’s also expected that Windows 10 will be a free upgrade for Windows 7 and 8/8.1 users during it’s first year. Those who don’t upgrade or are not Windows 7 Vista users and upward operating system users will have to buy the product in full. Currently it’s not known how much this will be as there is confusion on pricing but it’s expected that Microsoft will charge a one off licence fee and not move to having to subscribe to it.
Microsofts new CEO, Satya Nadella said of his hopes for Windows in the future “We want to move from people needing Windows, to choosing Windows, to loving Windows, that is our goal.”
Last night Channel 4’s Dispatches showed “Richard Wilson On Hold” (see #onhold at Twitter for comments) for myself it was one of the best and most accurate and even entertaining summary of the dreaded introduction of automated services that while modern companies believe enrich our lives and make our customer service better – Richard Wilson proved the complete reverse, showing beautifully how the modern consumer is fed up with these awful technological abominations!
In the programme Richard Wilson covered everything from automated telephone systems that allow the customer to not only listen to a voice recording but keep us listening interminably and at a call cost running into pounds – how they are not user-friendly and often confuse the elderly and vulnerable or the probably 99.9% of us who are either not so savvy with technology or quite simply don’t know or forget the option choices we are forced to press on our telephone keypads while listening to these awful machines!
He showed beautifully what most of us knew – that when we try to get cinema tickets we now can’t ask for them in person we have to try to talk to a voice recognition programme on an answer service that never works. When parking a car how trying to obtain a ticket via an automatic payment call service not only doesn’t work but is only there to save local Councils money through not having payment staff or wardens to help issuing tickets and checking meters.
And the dreaded service machine that keeps telling you ‘unexpected item in the bagging area‘ keeps telling you to ‘place item in the bagging area – please wait for assistance’! All again to save on cashier staff costs, and cause the customer aggregation and the risk of early strokes.
As Richard Wilson himself commenting on the programme ” ..automation has become a ubiquitous part of modern life – be it at the supermarket, when booking the cinema or trying to park your car. Retailers and service providers say that these systems offer us more choice, improve service and free-up staff to focus on helping us customers in other ways. But I want to know if this is really the case.”
“Like the rest of the UK, I welcome technology that makes my life easier – I would hate to have to give up shopping online and I love being able to make bank transfers over the phone. But not all automated systems are time-savers. In fact, many of them seem to make my life considerably more difficult, costing me time and money.”
The full programme link can be seen on the right of this page on my Vodpod videos, below is an except from the programme