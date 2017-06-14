Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Home » Industries »

After WannaCrypt, Putin backs Microsoft warnings on government-made exploits

Liam Tung | June 14, 2017
Russian President Vladimir Putin has backed Microsoft’s warning over intelligence agencies creating cyber weapons in the wake of Friday's WannaCrypt ransomware attacks.

govt

Russian President Vladimir Putin has backed Microsoft's warning over intelligence agencies creating cyber weapons in the wake of Friday's WannaCrypt ransomware attacks. 

Putin on Monday cautioned against intelligence agencies creating exploits for software that may later be used for online crime, as demonstrated by Friday's WannaCrypt ransomware outbreak, which used a Windows exploit developed by the National Security Agency (NSA).

Putin said Russian institutions escaped significant damage from WannaCrypt, but like Microsoft president and chief legal council, Brad Smith, called for immediate political discussions about government-created exploits. He also denied Russia was behind the WannaCrypt attack.

"But as a whole it is worrying, there's nothing good about it, it is a source of concern. As regards the source of these threats, I believe that the leadership of Microsoft have announced this plainly, that the initial source of the virus is the intelligence services of the United States," Putin said, according to Reuters.

"Once they're let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators," he added.

"So this question should be discussed immediately on a serious political level and a defence needs to be worked out from such phenomena."

Smith on Sunday called for "urgent collective action" in the wake of the WannaCrypt attacks, which have affected around 200,000 computers from 150 countries and took a heavy toll on the UK's National Health Service, Spanish telco Telefonica, and the Russian Interior Ministry.

He also called for a "digital Geneva convention", under which governments would agree to require agencies report vulnerabilities to vendors, rather than stockpile them.

Smith blamed the WannaCrypt outbreak on the NSA's practice of stockpiling exploits rather than reporting vulnerabilities to vendors. Though Microsoft released a patch this flaw in the March bulletin MS17-010, the WannaCrypt outbreak showed that many organizations take longer than two months to apply even critical updates.

"The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States," wrote Smith.

He added that the "attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem."

Among a trove of NSA tools the hacking crew Shadow Brokers released in April was EternalBlue, which exploited a flaw in Microsoft's Windows Server Message Block (SMB). The exploit gave WannaCrypt worm-like capabilities, helping it spread among Windows 7 and below machines (Windows 10 was not affected). However, the pace of infections was so swift that Microsoft took the unusual move of releasing patches even for unsupported Windows versions, including Windows XP and Windows 8.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.

FEATURED RESOURCES

How great CIOs push their careers to new heights

How to ensure diversity and inclusion in your organisation

Delivering cultural change and the future of Eurostar

How CIOs can help close the gender-equity gap

3 keys to keep your data lake from becoming a data swamp

54 percent of organisations often discover breaches through network visibility solutions

NIE leverages ServiceNow to support its virtual campus goal

Alibaba uses AI to redefine China’s online shopping experience

For real Windows 10 privacy, you need the China Government Edition

How a motherboard is made: Inside the Gigabyte factory in Taiwan

Four IT professionals in Malaysia form 'Asia's first disruptive cloud platform'

Industry partners deliver anti-ransomware solution for Malaysia's SMEs

Telco deep dives into IoT, aims to disrupt automotive sector: Digital Malaysia

30,000 Malaysian special needs students to benefit from UPSI STEM partnership

The link between Malaysia's changing workforce and security vulnerability: interview