Snowden: NSA Should Have Prevented WannaCry Attacks

The malicious WannCry software was developed by the National Security Agency (NSA) and funded by American taxpayers before being leaked.


Edward Snowden has blamed the NSA for not preventing a cyber-attack which infiltrated the computer systems of organisations in 74 countries around the world. 

In a tweet, the NSA whistleblower said: “Despite warnings, @NSAGov built dangerous attack tools that could target Western software. Today we see the cost.” 
Dozens of hospital trusts across the UK have been hit by a huge cyber-attack, believed to be the biggest of its kind ever recorded, which plunged the NHS into chaos.

The malicious software, which locked up computers and held users' files for ransom, is believed to have been stolen from the NSA and leaked. Reports say the ransomware is taking advantage of EternalBlue, an exploit used by NSA spies to secretly break into Windows machines. 

According to the New York Times, a group calling itself the “Shadow Brokers” began to post software tools that came from the US government’s stockpile of hacking weapons last summer.
 
The malware, called Wanna Detector, is also believed to have been leaked in WikiLeaks’ Vault 7 release earlier this year. 
Mr Snowden said the US Congress should be asking the NSA if it is aware of any vulnerabilities of the software that could be exploited. 
"If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened," he tweeted. 

The whistleblower pointed the finger of blame at the NSA and said that if it had disclosed system vulnerabilities, "hospitals would have had years - not months - to prepare". Reportedly, this was the first time a cyber weapon developed by the NSA, which was funded by American taxpayers, had been stolen and unleashed against patients, hospitals, businesses and governments. The US never acknowledged the cyber weapons posted by “Shadow Brokers” belonged to the NSA but it was reportedly confirmed by former intelligence officials. 

Mr Snowden said the NSA had been warned of the dangers of building these cyber weapons but now the attack will raise questions over countries’ intelligence services’ ability to prevent the tools from being stolen and turned against them. 
Hackers seemingly took advantage of the fact hospitals had not updated their IT systems.

Dr Krishna Chinthapalli, a doctor who predicted a cyber attack on the NHS in an article published just two days ago, has said hackers had been targeting hospitals for a couple of years.
 
His article, 'The hackers holding hospitals to ransom', published in the British Medical Journal (BMJ), described NHS organisations as the “ideal victims” of cyber-attacks, and said dozens of smaller hacks had happened in the past. 
Earlier this week, the BMJ said up to 90 per cent of NHS computers still ran Windows XP and previous reports found public health organisations were using an outdated version of Microsoft Windows that was not equipped with security updates. 

Britain's National Cyber Security Centre said teams were working "round-the-clock" to restore hospital computer systems. The cost of the cyber-attack is not yet known. The attack has been reported in 74 countries, including Ukraine, India, Taiwan, Japan and Spain, with Russia believed to have been hit the hardest. 

Independent

You Might Also Read:

Snowden: NSA Hacking Tools Leak Is ‘a warning’:

WannaCry Outbreak Is Just A Tip Of An Iceberg:

Current Cybercrime Threats Originate In Espionage:

Shadow Brokers Release Secret List Of NSA-Compromised Servers:

 

« Ignoring Software Updates…
Microsoft Buys Cybersecurity Firm »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jiransoft

Jiransoft

Jiransoft, a security software company, provides endpoint data protection and personal information protection to business users.

NuData Security

NuData Security

NuData Security, A Mastercard Company, is an award winning behavioral biometrics company.

Salient CRGT

Salient CRGT

Salient CRGT is a leading provider of health, data analytics, cloud, agile software development, mobility, cyber security, and infrastructure solutions.

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

Suprema

Suprema

Suprema is a leading global provider of access control and biometrics solutions.

AllegisCyber Capital

AllegisCyber Capital

AllegisCyber is an investment company with a focus on seed and early stage investing in cybersecurity and its applications in emerging technology markets.

FirstPoint Mobile Guard

FirstPoint Mobile Guard

FirstPoint Mobile Guard has developed the market’s most advanced solution for securing cellular devices, including mobile phones and IoT products, by blocking malicious data leakage.

Axiomtek

Axiomtek

Axiomtek is a leading design and manufacturing company in the industrial computer and embedded field.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

Innova

Innova

Innova is Turkey's leading IT solutions company, providing platform independent solutions to organizations in telecommunication, finance, production, public and service sectors.

Blue Hexagon

Blue Hexagon

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats.

Fortego

Fortego

Fortego was formed to fill a niche need for highly specialized technical analysts and developers focused on current cyber warfare techniques and technologies.

Varen Technologies

Varen Technologies

Varen Technologies is an innovative consulting partner with highly respected cyber security, analytics, Agile Software Development and IT/maintenance expertise.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

SecAlliance

SecAlliance

SecAlliance is a cyber threat intelligence product and services company.

ALSCO

ALSCO

ALSCO is dedicated to bringing first class IT services, technical support, and solutions to goverment, companies and organizations worldwide.