Snowden: NSA Should Have Prevented WannaCry Attacks

The malicious WannCry software was developed by the National Security Agency (NSA) and funded by American taxpayers before being leaked.


Edward Snowden has blamed the NSA for not preventing a cyber-attack which infiltrated the computer systems of organisations in 74 countries around the world. 

In a tweet, the NSA whistleblower said: “Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost.” 
Dozens of hospital trusts across the UK have been hit by a huge cyber-attack, believed to be the biggest of its kind ever recorded, which plunged the NHS into chaos.

The malicious software, which locked up computers and held users' files for ransom, is believed to have been stolen from the NSA and leaked. Reports say the ransomware is taking advantage of EternalBlue, an exploit used by NSA spies to secretly break into Windows machines. 

According to the New York Times, a group calling itself the “Shadow Brokers” began to post software tools that came from the US government’s stockpile of hacking weapons last summer.
 
The malware, called Wanna Detector, is also believed to have been leaked in WikiLeaks’ Vault 7 release earlier this year. 
Mr Snowden said the US Congress should be asking the NSA if it is aware of any vulnerabilities of the software that could be exploited. 
"If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened," he tweeted. 

The whistleblower pointed the finger of blame at the NSA and said that if it had disclosed system vulnerabilities, "hospitals would have had years - not months - to prepare". Reportedly, this was the first time a cyber weapon developed by the NSA, which was funded by American taxpayers, had been stolen and unleashed against patients, hospitals, businesses and governments. The US never acknowledged the cyber weapons posted by “Shadow Brokers” belonged to the NSA but it was reportedly confirmed by former intelligence officials. 

Mr Snowden said the NSA had been warned of the dangers of building these cyber weapons but now the attack will raise questions over countries’ intelligence services’ ability to prevent the tools from being stolen and turned against them. 
Hackers seemingly took advantage of the fact hospitals had not updated their IT systems.

Dr Krishna Chinthapalli, a doctor who predicted a cyber attack on the NHS in an article published just two days ago, has said hackers had been targeting hospitals for a couple of years.
 
His article, 'The hackers holding hospitals to ransom', published in the British Medical Journal (BMJ), described NHS organisations as the “ideal victims” of cyber-attacks, and said dozens of smaller hacks had happened in the past. 
Earlier this week, the BMJ said up to 90 per cent of NHS computers still ran Windows XP and previous reports found public health organisations were using an outdated version of Microsoft Windows that was not equipped with security updates. 

Britain's National Cyber Security Centre said teams were working "round-the-clock" to restore hospital computer systems. The cost of the cyber-attack is not yet known. The attack has been reported in 74 countries, including Ukraine, India, Taiwan, Japan and Spain, with Russia believed to have been hit the hardest. 

Independent

You Might Also Read:

Snowden: NSA Hacking Tools Leak Is ‘a warning’:

WannaCry Outbreak Is Just A Tip Of An Iceberg:

Current Cybercrime Threats Originate In Espionage:

Shadow Brokers Release Secret List Of NSA-Compromised Servers:

 

« Ignoring Software Updates…
Microsoft Buys Cybersecurity Firm »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Ikerlan

Ikerlan

Ikerlan is an R&D technology centre specialising in areas including embedded systems, industrial automation and industrial cybersecurity.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.

EVOLEO Technologies

EVOLEO Technologies

EVOLEO provides engineering services covering a wide range of needs in the electronics design, embedded and systems engineering.

Cylera

Cylera

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

Wontok

Wontok

Wontok deliver innovative value-added data security services that fill the gaps left in traditional security solutions.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

Tenable

Tenable

Organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.

Qeros

Qeros

Qeros is a next-generation distributed system enables secure data and transaction processing at the velocity of thought.

Infisign

Infisign

Infisign addresses the challenges of traditional IAM systems and offers a comprehensive solution for modern identity management.

QPoint Technologies

QPoint Technologies

QPoint provides solutions and consulting in areas including software engineering, testing, cybersecurity, ICT, web, mobile, project management, and complex integration processes.

QFunction

QFunction

QFunction works within your existing security stack to detect anomalies and threats within your data.

Gleam Cloud Security Solutions (GCSS)

Gleam Cloud Security Solutions (GCSS)

GCSS Security is an information security firm providing cyber security protection with a highly skilled and experienced team focused on technology that creates best-in-class customer experiences.