By Dustin Volz
WASHINGTON May 12 A global cyber attack on
Friday renewed concerns about whether the U.S. National Security
Agency and other countries' intelligence services too often
hoard software vulnerabilities for offensive purposes, rather
than quickly alerting technology companies to such flaws.
Hacking tools believed to belong to the NSA that were leaked
online last month appear to be the root cause of a major cyber
attack unfurling throughout Europe and beyond, security
researchers said, stoking fears that the spy agency's powerful
cyber weapons had been stolen and repurposed by hackers with
nefarious goals.
Some cyber security experts and privacy advocates said the
massive attack reflected a flawed approach by the United States
to dedicate more cyber resources to offense rather than defense,
a practice they argued makes the internet less secure.
Across the U.S. federal government, about 90 percent of all
spending on cyber programs is dedicated to offensive efforts,
including penetrating the computer systems of adversaries,
listening to communications and developing the means to disable
or degrade infrastructure, senior intelligence officials told
Reuters in March. (reut.rs/2o7qHqN)
"These attacks underscore the fact that vulnerabilities will
be exploited not just by our security agencies, but by hackers
and criminals around the world," Patrick Toomey, a staff
attorney with the American Civil Liberties Union, said in a
statement.
The NSA did not respond to a request for comment.
Hospitals and doctors' surgeries in parts of England on
Friday were forced to turn away patients and cancel appointments
after they were infected with the "ransomware", which scrambled
data on computers and demanded payments of $300 to $600 to
restore access.
Security software maker Avast said it had observed more than
57,000 infections in 99 countries. Russia, Ukraine and Taiwan
were the top targets, it said.
Private security firms identified the virus as a new variant
of 'WannaCry' ransomware with the ability to automatically
spread across large networks by exploiting a bug in Microsoft
Corp's Windows operating system.
Security experts said the ransomware used in the attacks
leveraged a hacking tool found in a leak of documents in April
by a group known as Shadow Brokers.
At the time, Microsoft acknowledged the vulnerabilities and
said they had been patched in a series of earlier updates pushed
to customers, the most recent of which had been rolled out only
a month earlier in March. But the episode prompted concerns
about whether the tools could be leveraged by hackers to attack
unpatched systems.
In a statement, a Microsoft spokesman said on Friday its
engineers had provided additional detection and protection
services against the WannaCry malware and that it was working
with customers to provide additional assistance. The spokesman
reiterated that customers who have Windows Updates enabled and
use the company's free antivirus software are protected.
Shadow Brokers first emerged last year and began dumping
tranches of documents that it said belonged to the NSA, though
the files appeared at least a few years old.
Over time, western researchers have grown more confident
that Russia may be behind Shadow Brokers and possibly other
recent disclosures of sensitive information about cyber
capabilities that have been pilfered from U.S. intelligence
agencies.
Some researchers cast blame not on the NSA but on the
hospitals and other customers that appeared to leave themselves
open to attack.
"The main problem here is organizations taking more than
eight weeks to patch once Microsoft released the update," said
Chris Wysopal, chief technology officer at the cyber firm
Veracode. "Eight weeks is plenty of time for a criminal
organization to develop a sophisticated attack on software and
launch it on a wide scale."
Former intelligence contractor Edward Snowden, who in 2013
leaked documents to journalists revealing the existence of broad
U.S. surveillance programs, said on Twitter the NSA had built
attack tools targeting U.S. software that "now threatens the
lives of hospital patients."
"Despite warnings, (NSA) built dangerous attack tools that
could target Western software," Snowden said. "Today we see the
cost."
(Reporting by Dustin Volz; Editing by Lisa Shumaker)