WannaCrypt: Microsoft Teaches US Government Hidden Faults
The chaos created by the ransomware WannaCrypt / WannaCry originated in a fault exploited secretly by the NSA but unveiled a few months ago. Microsoft incriminates the US government and its intelligence agencies on this tendency to keep open disastrous vulnerabilities once uncovered.
Since last Friday, thousands of companies, including hospitals, have been affected by a cyber attack that uses a WannaCry / WannaCrypt malware blocking computers and accessing content files and demanding a ransom for a return to normalcy.
The unprecedented scale of this computer attack originated in a vulnerability of Windows exploited secretly by the NSA but whose existence had been revealed a few months earlier when hackers had made public some of the hacking and recovery tools Intelligence agencies.This exceptional illustration of exploiting a fault maintained open to be able to exploit it at discretion has led Microsoft to disaster update its different versions of Windows , some of which are officially no longer supported.
In a blog post , Brad Smith , Microsoft's legal officer, challenges the US government about the tendency of intelligence agencies to accumulate undocumented flaws that the Redmond group equates to weapons that can turn against the one who stores them if The security measures are not strong enough.
For a Geneva Convention Applied to Cyberspace
" Governments around the world should regard this attack as an electroshock, and urgently need to review their policies and apply the same rules to cyberspace as those applied to the storage of weapons in the physical world. Governments need to take into account the damage sustained by civilians by recovering and using these vulnerabilities, "said Brad Smith.This led to an appeal for a " Geneva Digital Convention " which would establish rules similar to those of the Geneva Convention on armaments and introduce obligations for governments to identify gaps and report them to publishers rather than Than to store, exploit and resell them.
Microsoft may also seek to partly, or dilute, the responsibility for this unprecedented cyber attack , beyond the fact that some users of Windows environments have not applied the latest updates.
This also puts into perspective a whole set of problems on the exploitation and the communication around faults feeding a gray market where are found providers of vulnerabilities, government agencies and more or less big banditry.
Wannacrypt, hidden vulnerability, NSA flaw, Microsoft, wannacrypt, ransomware, microsoft
