Security Market Segment LS
Monday, 15 May 2017 08:24

Microsoft president slams NSA, CIA over stockpiling exploits Featured


Microsoft president and chief legal officer Brad Smith has slammed the NSA and CIA for creating exploits for the Windows operating system and stockpiling them, claiming that this has led to an unintended link between nation states and organised criminal action.

Smith (below, right) was reacting to the Windows ransomware attacks over the weekend that caused companies around the world to go into meltdown, unable to use their systems to get any work done.

The attackers used a vulnerability in Microsoft's Windows operating system and an exploit developed by the NSA and leaked by a group called Shadow Brokers in April to create ransomware that also had a worm element and spread on its own to vulnerable machines.

In a blog post on Sunday, Smith went through the entire scenario, in an attempt to keep his criticism of the NSA and CIA till almost the end of what was a long post.

But when he got to that point, he let fly.

brad smith"Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," he wrote.

"This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world."

Smith's reference to the CIA was about the Vault 7 document dumps that WikiLeaks has been making since 7 March. All have been about exploits for mainly Windows systems.

"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Smith went on.

"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.

"And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today – nation-state action and organised criminal action."

And he added, "This is one reason we called in February for a new 'Digital Geneva Convention' to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them."

Photo: courtesy Microsoft.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments