Microsoft says cyber attack should be wake-up call for governments

Microsoft is calling for a "Digital Geneva Convention" that would require governments to report computer vulnerabilities to vendors rather than store, sell or exploit them.
Microsoft is calling for a "Digital Geneva Convention" that would require governments to report computer vulnerabilities to vendors rather than store, sell or exploit them.PHOTO: REUTERS

WASHINGTON (AFP) - Microsoft warned governments on Sunday (May 14) against storing computer vulnerabilities like the leaked one at the heart of the cyber attack that has crippled computers in more than 150 countries.

"The governments of the world should treat this attack as a wake-up call," Microsoft's president and chief legal officer Brad Smith wrote in a blog post about what is being called the largest ransomware attack ever.

He warned of the danger of exploits developed by governments - this time the National Security Agency (NSA) in America - falling into the hands of hackers and causing widespread damage as is the case with the current attack which has crippled more than 200,000 computers around the world.

"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen," he wrote.

Get The Straits Times
newsletters in your inbox

Computers around the globe were hacked beginning on Friday using a security flaw in Microsoft's Windows XP operating system, an older version that was no longer given mainstream tech support by the US giant.

The virus spread quickly because the culprits used a digital code believed to have been developed by the NSA - and subsequently leaked as part of a document dump, according to the Moscow-based computer security firm Kaspersky Lab.

Smith argued that in cyberspace, governments should apply rules like those regarding weapons in the physical world.

He noted that Microsoft is calling for a "Digital Geneva Convention" that would require governments to report computer vulnerabilities to vendors rather than store, sell or exploit them.

"We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits," he wrote.