By: Chris O’Brien
A Microsoft executive sharply criticized a U.S. spy agency Sunday for its role in weaponizing a weakness in Windows and allowing it to be stolen by hackers and used to launch history’s largest ransomware attack.
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” Brad Smith, president and chief legal officer at Microsoft, wrote in the wake of the “WannaCry” computer virus attack, which crippled computers worldwide.
He compared it to the U.S. military having some of its Tomahawk missiles stolen. “And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organized criminal action,” he added.
Smith’s criticism comes as the virus continues to spread around the globe, despite the efforts of companies, governments and security experts. Europe’s leading police agency said Sunday that the computer virus had reached an “unprecedented level,” claiming 200,000 victims and spreading to at least 150 countries.
With employees returning to work Monday, there were fears that more infections will be discovered. And there were also reports that new variations of the virus were appearing.
In an interview with Britain’s ITV, Europol Director Rob Wainwright said a cross-border investigation would be necessary to track down the culprits.
“It is unlikely to be just be one person, I think,” he told ITV.
The fast-moving virus, which first hit Friday, exploits a vulnerability in the Windows operating system that had been discovered by the U.S. National Security Agency. That information was stolen by hackers and published online.
In his response, Smith highlighted the work Microsoft has done to improve the security of its products, long a target of criticism in the security community. He said the company now has 3,500 security engineers, many of whom now act as “first responders” in such cases.