Author

Topic: [2017-05-19]NSA Reported Vulnerability Used In WannaCry Attack To Microsoft (Read 6314 times)

copper member
Activity: 1330
Merit: 899
🖤😏
NSA has already known the exploit for 5 years, but didn't told Microsoft about it. They only told Microsoft after the hacker stole the exploit from NSA. I guess, we can blame NSA for this one, why did they withheld the exploit to Microsoft? That is the problem with NSA, CAI, they don't want to share information. Unfortunately, Microsoft release a patch, but no one heeds, that's why the virus has infected a lot of computers worldwide.
Not CAI but CIA and they are monitoring some specific keywords on the web and might even read this.
They knew about the exploit and didn't tell any body because they were using it to spy on people.
I know this fact that windows is no longer safe for us to use since windows XP.
Anyways who needs them any more when we have facebook and google? they are the source and the mother load of all information.
Steve Jobs was the man to develop iOS and made Apple happened and we lost him.
If you need to be safe just write your own operating system from scratch like many people do.
sr. member
Activity: 1078
Merit: 256
NSA has already known the exploit for 5 years, but didn't told Microsoft about it. They only told Microsoft after the hacker stole the exploit from NSA. I guess, we can blame NSA for this one, why did they withheld the exploit to Microsoft? That is the problem with NSA, CAI, they don't want to share information. Unfortunately, Microsoft release a patch, but no one heeds, that's why the virus has infected a lot of computers worldwide.
legendary
Activity: 1946
Merit: 1012
vertex output parameter not completely initialized
hero member
Activity: 2632
Merit: 833
NSA Reported Vulnerability Used In WannaCry Attack To Microsoft


The U.S. National Security Agency alerted Microsoft of a critical vulnerability that was eventually used to carry out the massive WannaCry ransomware attack that hit more than 300,000 computers worldwide last week, the Washington Post reported.

The NSA went to Microsoft after it learned a hacking group known as the Shadow Brokers had stolen the hacking tool that took advantage of the exploit out of fear the tool might be used for a large-scale attack. Microsoft issued a patch for the vulnerability in March, but many machines were not updated at the time of the attack and were affected.

"NSA identified a risk and communicated it to Microsoft, who put out an immediate patch," Mike McNerney, a former Pentagon cybersecurity official and a fellow at the Truman National Security Project, told the Washington Post.

While the NSA did alert Microsoft in time for the company to make protection available to many machines — although not always taken advantage of — it failed to make clear to the public just how dangerous the vulnerability could be.

A month after Microsoft issued the security patch, the Shadow Brokers published the code for the NSA-crafted attack known as EternalBlue. A modified version of the exploit was used to carry out the ransomware attack that hit machines in more than 150 countries, including those at hospitals and major corporations.

The WannaCry attack was also not the first time the exploit had been used. The same vulnerability was used in a botnet hack in which compromised machines were used to mine for the cryptocurrency Monero. According to security firm Proofpoint, the exploit was used as early as April and may have been larger in scale than WannaCry.

Despite the NSA’s disclosure of the exploit to Microsoft, the computing giant still scolded the government agency for holding onto and making use of the vulnerability for so long in the first place — for more than five years, the Washington Post reported.

Microsoft President and chief legal officer Brad Smith said in a blog post the hoarding of exploits by government organizations puts users at risk when the vulnerabilities aren’t disclosed to the public — especially when that information is stolen or leaked and made available for hackers to use freely with no protections in place.

“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Smith said. “The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”

Smith reiterated Microsoft’s belief that there needs to be a “Digital Geneva Convention” to regulate government agency actions in cyberspace. The company has argued in favor of a requirement for governments to disclose exploits so companies can protect users rather than allow the vulnerabilities to exist without a fix in place and putting more people at risk.

https://bitcoinwarrior.net/2017/05/nsa-reported-vulnerability-used-wannacry-attack-microsoft/
Jump to: