Edward Snowden, the former NSA contractor who in 2013 leaked details of America’s surveillance programs, has blamed the intelligence agency for not preventing the global cyber attack on Friday.
Some cyber security experts and privacy advocates said the massive attack reflected a flawed approach by the United States to dedicate more cyber resources to offence rather than defence, a practice they argued makes the internet less secure.
“Despite warnings, (NSA) built dangerous attack tools that could target Western software,” Mr Snowden said. “Today we see the cost.”
If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened https://t.co/lhApAqB5j3
— Edward Snowden (@Snowden) May 12, 2017
e said Congress should be asking the NSA if it is aware of any other software vulnerabilities that could be exploited in such a way.
“If [the NSA] had privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, this may not have happened,” he added.
Hospitals have been partly blamed for not updating their software in March when a patch was released to fix the flaw. But Mr Snowden pointed out that had the NSA disclosed the vulnerability when it found it, hospitals would have had years to prepare, rather than months.
e was not the only to suggest the NSA should shoulder some of the blame for Friday’s cyber attack.
Graham Cluley, a computer security expert, said: “The US intelligence agency found a security hole in Microsoft software and rather than doing the decent thing and contacting Microsoft they kept it to themselves and exploited it for the purposes of spying. Then they themselves got hacked. And it was at that point Microsoft thought, ‘Jesus we need to patch against this thing’.”
The NSA has not commented on the hack.
The hacking tool, called Eternal Blue, was released onto the internet by a group known as Shadow Brokers and appears to be have been picked up by a separate crime gang.
It has essentially been used as a ‘crowbar’ to open the doors to computers running Microsoft Windows, making them vulnerable to attack. The gang, having gained access to computers, then deployed a ransomware, called WannaCry, which hijacks a computing system and encrypts all the files contained on it. The only way to unlock the files is to pay a ransom.
Source
http://www.telegraph.co.uk/news/2017/05/13/edward-snowden-points-blame-nsa-not-preventing-nhs-cyber-attack/