Microsoft criticises NSA’s role in the global cyber-attack

  • 16 May 2017
Microsoft criticises NSA’s role in the global cyber-attack

Microsoft has come out in defence of its role in Friday’s on-going global cyber-attack, criticising the role of the US National Security Agency in creating tools that were subsequently leaked and then used in Friday’s attacks..

In a blog post, published by Brad Smith, president and chief legal officer at the company, on Sunday he said that the attack was enabled through National Security Agency (NSA) stockpiling exploits, rather than openly sharing discovered exploits so they could be fixed.

The cyber-attack has disrupted NHS services in parts of England and Scotland since Friday afternoon.

Smith said the malicious WannaCrypt software “were drawn from the exploits stolen from the National Security Agency”.

He added: “This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.”

“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”

The technology behemoth said that on 14 March it had released a security update to patch vulnerability, however many computers globally remained unpatched.

Questions are now being asked about the vulnerabilities caused by reliance of many parts of the NHS on ageing infrastructure and software.

Support for Windows XP was withdraw in April 2014 but according to Digital Health Intelligence 2015 data on NHS infrastructure as many as 20% of NHS organisations could still be making use of it, and around 90% are thought to run something on it somewhere in their organisation, often in clinical systems or imaging equipment.

Dame Fiona Caldicott, speaking on Monday at the Caldicott Guardians National Annual Conference in London, referred to a letter and review sent last July on the nation’s cyber security.

It said “computer hardware and software that can no longer be supported should be replaced as a matter of urgency”.

Alongside Dame Fiona’s review, the Care Quality Commission’s July 2016 Care Quality Commission review into cyber security ‘Safe Data, Safe Care’ also highlighted the risk posed by outdated IT systems.

In response, then life sciences minister George Freeman said:  “We are working with suppliers, including Microsoft, to help health and care organisations update their systems and make sure they are safe to use and store data.”

Smith said that Friday’s attack demonstrated how cyber security was becoming a shared responsibility between customer and supplier.

“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past.”

Smith compared an equivalent scenario as the US military having some of its Tomahawk missiles stolen.

“The governments of the world should treat this attack as a wake-up call.”

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

NHSE CIO calls for trusts to stop developing their own data centres

NHSE CIO calls for trusts to stop developing their own data centres

NHS England CIO John Quinn has urged trusts to stop investing in developing their own local data centres and instead move to cloud solutions.
Kootenai Health cyber attack impacts 464,000 patients

Kootenai Health cyber attack impacts 464,000 patients

US healthcare provider Kootenai Health has revealed that data belonging to 464,000 patients has been compromised following a cyber attack.
Synnovis rebuilds IT systems following London cyber attack

Synnovis rebuilds IT systems following London cyber attack

More than 60 core IT systems used within laboratories are being rebuilt following the cyber attack on pathology system provider Synnovis.

5 Comments

  • In IT getting the right people in place is far more important than the hardware and software. I use both software and DATA in clouds now, it’s awesome, it takes all the worry out of it and it’s … efficient.

    • You do know clouds can be hacked too?

      • set truthFlag=1;;

  • “Laid the blame at the NSAs backdoor”, surely…

    • Like

Comments are closed.