The huge cyber-attack affecting organisations around the world, including some UK hospitals, can be traced back to the US National Security Agency (NSA) – raising questions over the US government’s decision to keep such flaws a secret.
Elements of the malicious software used in Friday’s attacks were part of a treasure trove of cyber-attack tools leaked by hacking group the Shadow Brokers in April.
One of the tools contained in the Shadow Brokers leak, codenamed EternalBlue, proved to be “the most significant factor” in the spread of Friday’s global attack, according to cyber-security firm Kaspersky Lab.
The tool was said to have been created by the NSA – though, as is typical, the agency has neither confirmed nor denied this.
EternalBlue was made public on 14 April, and while Microsoft had fixed the problem a month prior to its leak, it appeared many high-profile targets had not updated their systems to stay secure.
Friday’s attack has reignited the debate over whether or not governments should disclose vulnerabilities they have discovered or bought on the black market.
“It would be deeply troubling if the NSA knew about this vulnerability but failed to disclose it to Microsoft until after it was stolen,” said Patrick Toomey, a lawyer working for the American Civil Liberties Union.
“These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world.
“Patching security holes immediately, not stockpiling them, is the best way to make everyone’s digital life safer.”
Edward Snowden, who famously leaked many internal NSA files in June 2013, criticised the NSA on Friday in a series of tweets.
“In light of today’s attack, Congress needs to be asking [the NSA] if it knows of any other vulnerabilities in software used in our hospitals,” he wrote.
“If [the NSA] had privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, this may not have happened.”
However, others focused the blame at institutions for being too slow in updating their systems, given that this attack happened almost two months after a (free) fix was made available by Microsoft.
“Say what you want to say about the NSA or disclosure process,” said Zeynep Tufeki, a professor at the University of North Carolina.
“But this is one in which what’s broken is the system by which we fix.”
For the UK’s National Health Service, the problem is perhaps more acute.
Security firms have continually raised alarms about the NHS’s reliance on Windows XP, an operating system that is no longer supported by Microsoft.
“A UK security researcher has told the BBC how he “accidentally” halted the spread of the malicious ransomware that has affected hundreds of organisations, including the UK’s NHS.
The 22-year-old man, known by the pseudonym MalwareTech, had taken a week off work, but decided to investigate the ransomware after hearing about the global cyber-attack.
He managed to bring the spread to a halt when he found what appeared to be a “kill switch” in the rogue software’s code.
“It was actually partly accidental,” he told the BBC, after spending the night investigating. “I have not slept a wink.”
Although his discovery did not repair the damage done by the ransomware, it did stop it spreading to new computers, and he has been hailed an “accidental hero”.
“I would say that’s correct,” he told the BBC.
MI5 is enhancing working procedures after accepting calls from the coroner at the inquests into the 7/7 London bombings, which killed 52 people.
Lady Justice Hallett had called for improved record-keeping and procedures for showing photographs to informants.
They were among nine recommendations she made for MI5, the emergency services and Transport for London.
MI5 said it had invested in a new IT system to allow higher-quality photographs to be sent to agents.
The agency had come under fire during the inquest for having cropped a clear colour photograph of plot ringleader Mohammad Siddique Khan so badly it could not be shown to an informant.
MI5 said it had used “wet film” in 2004 and a scanner but was now using better technology to avoid a repeat of the situation.
“This has improved the overall quality of the photographs we show to our agents.”
However, it admitted the system was “not yet perfect”.
The suicide bombers targeted Tube trains at Aldgate, Edgware Road and Russell Square and a double decker bus in Tavistock Square.
In concluding that the 52 victims had been unlawfully killed, Lady Hallett said delays in the emergency services’ response had not caused their deaths.
However, she criticised lapses by emergency services and MI5 and said she was making her recommendations with the aim of saving lives.
They included providing inter-agency training for front-line staff, new procedures to inform emergency services when power to Tube lines was off and better training for ambulance staff in dealing with large numbers of casualties.
Lady Hallett also said MI5 should examine its procedures to try to further improve the recording of decisions on the assessment of targets.
In its statement, MI5 said it had improved record-keeping and in 2008 set up a database of all requests made to show photographs to “agents reporting on international counter-terrorist targets”.
Improvements to the database were being trialled to ensure there was a full record of which agents had seen which photographs, it said.
May 20 — A $2.5 billion contract to provide planning, modeling, simulation and training solutions to the Army and Department of Defense (DoD) has been awarded to Science Applications International Corporation (SAIC).
This contract signifies the growing need for simulation training to prepare troops for combat. Despite budget constraints, Modeling and Simulation (M&S) is expanding as technological improvements develop. M&S is the more viable and cost-effective option for tomorrow’s armed forces.