WASHINGTON • A global cyber attack on Friday renewed concerns about whether the US National Security Agency (NSA) and other countries' intelligence services too often hoard software vulnerabilities for offensive purposes, rather than quickly alerting technology companies to such flaws.
Hacking tools believed to belong to the NSA that were leaked online last month appear to be the root cause of a major cyber attack spreading through Europe and beyond, security researchers have said, stoking fears that the spy agency's powerful cyber weapons had been stolen and repurposed by hackers with nefarious goals.
Some cyber security experts and privacy advocates said the massive attack reflected a flawed approach by the United States to dedicate more cyber resources to offence rather than defence, a practice they argued makes the Internet less secure.
Across the US federal government, about 90 per cent of all spending on cyber programs is dedicated to offensive efforts, including penetrating the computer systems of adversaries, listening to communications and developing the means to disable or degrade infrastructure, senior intelligence officials told Reuters in March.
"These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world," Mr Patrick Toomey, a staff attorney with the American Civil Liberties Union, said in a statement.
The NSA did not respond to a request for comment.