Microsoft Slams NSA For Letting Its Hacking Tools Cause Global Malware Epidemic

Tyler Durden's picture

In early April, when we reported that the hacker group known as the Shadow Brokers had released the password to NSA's "Top Secret Arsenal" of tools that allowed anyone to "back door" into virtually any computer system (in what it claimed was a protest of Trump's betrayal), few people noticed. On Friday, however, the entire world did notice when an unknown group of hackers reportedly used the same set of NSA-created tools to launch a global malware cyberattack using the WannaCry ransomware virus, holding at least 200,000 computer systems around the globe hostage, and demanding a payment of $300 in bitcoin to unlock infected computers, or else threatening to wipe out the contents of the host machine.

The crippling, global attack prompted Europol to warn that Monday could be a dark day for an unknown number of Windows XP-based systems which could simply fail to start, leading to massive productivity losses around the globe, while others predicted that the spread of the worm could accelerate in the coming days once the hackers bypass the temporary measure that prevented further distribution of the worm over the weekend.

Meanwhile, on Sunday afternoon, Microsoft itself got involved in the global hacking scandal and criticized the NSA for its role in spreading the WannaCry epidemic; specifically the tech giant urged governments to use and store their cyber warfare tools responsibly.

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” Microsoft President and Chief Legal Officer Brad Smith wrote in a blog post this afternoon. “This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.”

Ahead of the Shadow Brokers' leak of the NSA hacking tools, Microsoft had released a patch against the vulnerability one month prior, on March 14, which indicates that the company was notified by the US intelligence agency that their tools using that particular backdoor had been compromised. However, older, unsupported operating systems such as Windows XP were not included in the update, in addition to millions of used who do not update their systems regularly. As a result, the WannaCry malware infected more than 200,000 unpatched computers, and was threatening to spread to countless more as the hacker further weaponized their virus.

Needless to say, Microsoft was not happy.

"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage" Smith wrote, adding that an "an equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action."

Microsoft's Chief Legal Officer also said the latest attack should serve as a “wake-up call” to world governments who should urgently establish a common set of strategies to deal with cyber threats.

“The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” Smith wrote. “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

Smith also acknowledged Microsoft’s responsibility for failing to prevent the attack by not notifying all customers to install the patch on time, but noted that cybersecurity is a “shared responsibility” between tech companies and customers.

“We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident,” MSFT's President added.

Meanwhile, a global manhunt is currently underway to determine the source of the cyberattack. According to the European Cybercrime Centre, Europol is “working closely” with countries affected by the blitz to identify the culprits. Microsoft too is contributing to the investigation. “Working through our Microsoft Threat Intelligence Center (MSTIC) and Digital Crimes Unit, we’ll also share what we learn with law enforcement agencies, governments, and other customers around the world,” Smith wrote.

As we reported earlier, the narrative is already set to determine that the culprits were most likely Russians.

The full blog post by the Microsoft President and Chief Legal Officer can be found here.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Bigly's picture

Cat fight!

I want to see them bitch slap each other.  :-)

PiratePiggy's picture

Now there's an implicit hashtag. 

Troll Magnet's picture

MSFT feigning outrage here is like a gay dude feigning outrage when some butch dude grabs his ass at a club. Gimme a break.

PiratePiggy's picture

Careful Mr or Ms Magnet... or your Tuesday up Date may force you to swallow a personal down  Load.

Mr. Kwikky's picture

Playing the famous dialectic again..create the problem, wait the reaction of the public and then offer the solution.

Microsoft = .gov

PiratePiggy's picture

Lessen your resitance, Mr Kwikky and show show your capacity for understanng - Ms/Mr Magnet is bipolar.

StackShinyStuff's picture

It's Morpheus.  He is considered by many authorities to be the most dangerous man alive.

Shlomo Scheckelstein's picture

Wawawiwa...wait until we 'freeze' the SWIFT system. All them sheckels...hihihi

Keyser's picture

Priceless, MSFT has been pushing Windoze on us for 30 years and capturing the market with questionable marketing techniques, all with the knowledge that their product is buggier than springtime in Vermont, yet it's the NSA that is to blame when they get caught with their pants down... I can think of no better reason to dump Windoze as continuing to use this POS OS is inviting constant attacks... 

Shlomo Scheckelstein's picture

Ohvay Operation Talpiot is working

SWRichmond's picture

Methinks Microsoft doth protest too much

Cui bono? when tens of millions of out of date, mission-critical and unsupported "embedded" Windows XP machines have a critical vulnerability exposed?

Time to buy the upgrade!

auricle's picture

Bullshit, If Microsoft was serious about fixing the vulnerability they would have downloaded it when wikileaks published it and pushed the patch more vigerously than any other patch in history. They did not, which shows that was not their intention all along. 

markettime's picture

All ransoms should be paid from the NSA budget, and wait for it.....wait for it......oh we need to spend more $$$$ on cyber security! Time for a new spending bill!!!

Shlomo Scheckelstein's picture

We can print it for ya..I call mister Bauer.

PS: Don't forget the interest bwahhaha

Thomas Paine's picture

Feigning outrage for sure, while jumping for joy in high fives.  What better way to force upgrades out of the Win XP OS.

GUS100CORRINA's picture

This is like the "pot calling the kettle black".

FAANG and Telecomm companies are responsible for creating the BACK DOORS for the NSA to exploit. Guess what jsut happened? SATAN said: "I GOTTCHA stupic people.." Now I am going to unleash HELL and there isn't a thing you can do about it. 

Remember, the DERVIATIVE books are tied directly with technology.

erkme73's picture

Does anyone think, even for a second, that MS isn't complicit in this 'hole' not being plugged immediately?  The relationship between the NSA and big companies is too cozy.  Sure, MS issued a warning to customers a month ago - right about the time the NSA let the secret out.   MS KNEW about the vulnerabilities, but chose to remain silent and allow the NSA to exploit them at the expense of liberty and privacy of its customers.  SHAME.

peopledontwanttruth's picture

Great comment something bigger is in the works
Nothing this big just happens.

BuddyEffed's picture

A good question on these backdoors is how much coordination there was about them.   

Were payments made for these or any other backdoors?

Were the backdoors designed intentionally and incorporated under a mutual agreement?

Under what legal statutes and assumptions were things done?

The legal statutes in different countries may need to be considered.

Will there be any subpeonas on this?

peopledontwanttruth's picture

You would be good in a courtroom and to question them but we don't ever see justice anymore in these situations. I believe by your questions you already know the answers but nothing this big just happens anymore. They're all in on it and something bigger is brewing

Raffie's picture

YA, screwing people over on PC's in MicroSofts job.

 

runswithscissors's picture

Cyberterrorsits use bitcoin for ransom...therefore bitcoin=bad.

AtATrESICI's picture

Cyberterrorists=.gov

.gov/Cyberterrorists=false flag or false flag by total Incompetence

.gov = bad

P.S. .gov fuck right off...

AtATrESICI's picture

plausible deniability. for .gov and Microsoft... This was probably done by a 400 lb hacker in the basement of the NSA.

"an equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen." apparently weapons go missing all the time... see below.

Okay sadly weapons are stolen more than what i was thinking until i perused the articles at the link below. .gov has everything under control.? /hell no these dumb motherfuckers can coordinate pouring piss out of a boot or this is the impression they leave me with.

https://duckduckgo.com/?q=weapons+stolen+from+us+military&atb=v39-3b_&ia...

j0nx's picture

It was ze Russians.

AtATrESICI's picture

The russians turned off the "Malware Epidemic" for the weekend for maximum fake news value. The entire story stinks to high heaven especially the part about buying the domain name. Pure fucking B.S.

indio007's picture

Agreed.

The domain name claim makes absolutely no sense.

source: me 20+ years in IT

AtATrESICI's picture

The lowlife IT sales persons way is to start throwing out technical talk to make the customer feel dumb. The customer in this case is the fake news reader.

Slomotrainwreck's picture

An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."

NO! The equivalent IS HAVING A TOMAHAWK MISSLE REPLICATOR stolen.

Slomotrainwreck's picture

older, unsupported operating systems such as Windows XP were not included in the update, in addition to millions of users who do not update their systems regularly. As a result, the WannaCry malware infected more than 200,000 un patched XP computers.

Big win for Monkey Soft. Millions x $100  win for MS as the late adapters will be BUYING the new MS WIN version.

Dont-cha think that the malware will be rewritten and everything electronic (IOT) will be hacked. Street lights, bank vaults, home security,(every computer OS ever written and deployed) will be vulnerable including internet service providers!

Here comes the Judge, ..  Here comes the Judge, ..  Here comes the Judge, ..

Soorry for the Laugh In show reminder.

dark fiber's picture

What is the domain name anyway?

peopledontwanttruth's picture

They're all in on it, this was a test run for something bigger coming. We're in the late stages of the end game.

Giant Meteor's picture

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” 

Cry me a fucking river ..

Christ what a farce .. Now they cry foul, 

TradingTroll's picture

Instead of releasing the patch immediately after the Wikileaks release they waited until 200,000 computers were infected. People may have died.

I am converting to Linux. As the world economy slows further this will get worse.

Bigly's picture

But Gates *wants* the unwashed masses to disappear. Do not forget the georgia guidestones....

peopledontwanttruth's picture

According to them 13 out of 14 gotta go

HillaryOdor's picture

Linux today is better than Windows in just about every way.  People just don't want to learn new things.  

We're even getting a lot of games these days.  I hope Windows will one day be banished to the dustbin of history.  I can't stand it.

LetThemEatRand's picture

I'm sure this is not cool in the Linux community, but ChaletOS is VERY much like Windows and almost as user friendly.  A few hours of research (literally, just a few) and you can have a new operating system that behaves like Windows.  For free.

dlweld's picture

Yeah, funny that if a car company discovers a flaw in a vehicle, even an older model, it gets recalled and fixed. Find a flaw in a Microsoft product, even an older and widely used product (like Windows NT) Microsoft says sorry, you're on your own -we have no responsibility for our product, no matter what damages flaws in it (flaws we know about) may cause. Very sue-able I would think.

Maybe time to hold Microsoft to a higher standard - life endangering flaws in cars are taken seriously - when hospital systems go down due to Microsoft washing its hands of its flawed product - well, tough - we all have to die sometime. Nice attitude Microsoft.

Never One Roach's picture

the victims should sue Microsoft for handing it to the reckless agencies.

peddling-fiction's picture

And for being a POS operating system.

Zuckerberg is the Gates of shitty coders.

Feel free to flip it around.

TradingTroll's picture

Microsoft would have preferred to leave the vulnerabilities there as it curries favour with governments.

They are pissed they got caught and their gravy train is exposed.

LibertarianMenace's picture

That's the simplest solution isn't it? Don't deal with any .guvs anywhere on the planet. Done.

 

In any case, none of it is relevant as this attack, like the "test pattern" trades article ZH posted years ago, is also a test. What does it take to shut down the internet, and for how long can the action be plausibly maintained? More importantly, evaluate the civilian response, and optimize the input vector using this new data for the next inevitable test.

. . . _ _ _ . . .'s picture

"An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."

Or all of its drones hacked and turned against the forces (mis)using them.

Giant Meteor's picture

That's probably tommorow night's headline ..

Patience ..

. . . _ _ _ . . .'s picture

Imagine the headlines even if it was just the LAPD drones.

PrometeyBezkrilov's picture

In other wards what Microsoft is saying is this: "You bastards at NSA just exposed a back door that we left for you....."

Giant Meteor's picture

Deep State responds to Microsoft ...

"You fucked up, you trusted us !"