​After WannaCrypt, Putin backs Microsoft warnings on government-made exploits

Russian President Vladimir Putin has backed Microsoft’s warning over intelligence agencies creating cyber weapons in the wake of Friday's WannaCrypt ransomware attacks.

Putin on Monday cautioned against intelligence agencies creating exploits for software that may later be used for online crime, as demonstrated by Friday’s WannaCrypt ransomware outbreak, which used a Windows exploit developed by the National Security Agency (NSA).

Putin said Russian institutions escaped significant damage from WannaCrypt, but like Microsoft president and chief legal council, Brad Smith, called for immediate political discussions about government-created exploits. He also denied Russia was behind the WannaCrypt attack.

“But as a whole it is worrying, there's nothing good about it, it is a source of concern. As regards the source of these threats, I believe that the leadership of Microsoft have announced this plainly, that the initial source of the virus is the intelligence services of the United States," Putin said, according to Reuters.

"Once they're let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators," he added.

"So this question should be discussed immediately on a serious political level and a defence needs to be worked out from such phenomena.”

Smith on Sunday called for “urgent collective action” in the wake of the WannaCrypt attacks, which have affected around 200,000 computers from 150 countries and took a heavy toll on the UK’s National Health Service, Spanish telco Telefonica, and the Russian Interior Ministry.

He also called for a “digital Geneva convention”, under which governments would agree to require agencies report vulnerabilities to vendors, rather than stockpile them.

Smith blamed the WannaCrypt outbreak on the NSA’s practice of stockpiling exploits rather than reporting vulnerabilities to vendors. Though Microsoft released a patch this flaw in the March bulletin MS17-010, the WannaCrypt outbreak showed that many organizations take longer than two months to apply even critical updates.

“The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States,” wrote Smith.

He added that the “attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem.”

Among a trove of NSA tools the hacking crew Shadow Brokers released in April was EternalBlue, which exploited a flaw in Microsoft’s Windows Server Message Block (SMB). The exploit gave WannaCrypt worm-like capabilities, helping it spread among Windows 7 and below machines (Windows 10 was not affected). However, the pace of infections was so swift that Microsoft took the unusual move of releasing patches even for unsupported Windows versions, including Windows XP and Windows 8.

Smith emphasized that intelligence services have repeatedly shown their inability to prevent these exploits from leaking.

“This is an emerging pattern in 2017,” Smith said. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” wrote Smith.

“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.”

The WannaCrypt outbreak was stalled by security researcher MalwareTech who registered the botnet's command and control domain, which prevented the further spread of the malware.

Tags MicrosoftpatchWindowsrussiansaexploitWannaCrypt

Show Comments