Microsoft: Attack should be wake-up call for govts

Microsoft pinned blame on the US government for not disclosing software vulnerabilities after officials across the globe scrambled to catch the culprits behind a massive ransomware worm. VIDEO: REUTERS
The Microsoft office in Massachusetts, US, on May 15, 2017.
The Microsoft office in Massachusetts, US, on May 15, 2017. PHOTO: REUTERS

WASHINGTON • Microsoft warned governments against storing computer vulnerabilities such as the leaked one at the heart of the cyber attack that has crippled computers in more than 150 countries.

"The governments of the world should treat this attack as a wake- up call," Microsoft's president and chief legal officer, Mr Brad Smith, wrote in a blog post about what is being called the largest ransomware attack.

He warned of the danger of exploits developed by governments - this time, the National Security Agency (NSA) in the United States - falling into the hands of hackers and causing widespread damage, as is the case with the current attack which has crippled more than 200,000 computers worldwide.

"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen," Mr Smith wrote.

Computers around the globe were hacked beginning last Friday using a security flaw in Microsoft's Windows XP operating system, an older version that was no longer given mainstream technical support by the US computing giant.

The virus spread quickly because the culprits used a digital code believed to have been developed by the NSA and subsequently leaked as part of a document dump, according to the Moscow-based computer security firm Kaspersky Lab.

Mr Smith argued that in cyberspace, governments should apply rules such as those regarding weapons in the physical world.

He noted that Microsoft is calling for a "Digital Geneva Convention" that would require governments to report computer vulnerabilities to vendors rather than store, sell or exploit them. "We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits," he wrote.


A version of this article appeared in the print edition of The Straits Times on May 16, 2017, with the headline 'Microsoft: Attack should be wake-up call for govts'. Subscribe