Microsoft says cyberattack should be wake up call for governments
WASHINGTON, DC, USA – Microsoft warned governments on Sunday, May 14 (May 15, Manila time) against storing computer vulnerabilities like the leaked one at the heart of the cyberattack that has crippled computers in more than 150 countries.
"The governments of the world should treat this attack as a wake up call," Microsoft's president and chief legal officer, Brad Smith, wrote in a blog post about what is being called the largest ransomware attack ever.
He warned of the danger of exploits developed by governments – this time the NSA in America – falling into the hands of hackers and causing widespread damage as is the case with the current attack which has crippled more than 200,000 computers around the world. (READ: More cyberattacks feared as work week begins)
"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen," Smith wrote.
Computers around the globe were hacked beginning on Friday using a security flaw in Microsoft's Windows XP operating system, an older version that was no longer given mainstream tech support by the US giant.
The virus spread quickly because the culprits used a digital code believed to have been developed by the US National Security Agency – and subsequently leaked as part of a document dump, according to the Moscow-based computer security firm Kaspersky Lab.
Smith argued that in cyberspace, governments should apply rules like those regarding weapons in the physical world.
He noted that Microsoft is calling for a "Digital Geneva Convention" that would require governments to report computer vulnerabilities to vendors rather than store, sell or exploit them.
"We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits," Smith wrote. – Rappler.com