WASHINGTON — Microsoft warned governments Sunday against storing computer vulnerabilities like the leaked one at the heart of the cyberattack that has crippled computers in more than 150 countries, partly laying blame with the US government for the weekend assault.
“The governments of the world should treat this attack as a wake up call,” Microsoft’s president and chief legal officer, Brad Smith, wrote in a blog post about what is being called the largest ransomware attack ever.
Smith criticized US intelligence agencies, including the CIA and National Security Agency, for “stockpiling” software code that can be used by hackers. Cybersecurity experts say the unknown hackers who launched this weekend’s “ransomware” attacks used a vulnerability that was exposed in NSA documents leaked online.
“An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen, he wrote, adding that governments should “report vulnerabilities” that they discover to software companies, “rather than stockpile, sell, or exploit them.”
Computers around the globe were hacked beginning on Friday using a security flaw in Microsoft’s Windows XP operating system, an older version that was no longer given mainstream tech support by the US giant. The attack crippled more than 200,000 computers around the world.
The virus spread quickly because the culprits used a digital code believed to have been developed by the US National Security Agency — and subsequently leaked as part of a document dump, according to the Moscow-based computer security firm Kaspersky Lab.
Smith argued that in cyberspace, governments should apply rules like those regarding weapons in the physical world.
He noted that Microsoft is calling for a “Digital Geneva Convention” that would require governments to report computer vulnerabilities to vendors rather than store, sell or exploit them.
“We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits,” Smith wrote.
Israel was among the countries hit but on a very minor scale as quick, joint action by Israeli cyber experts helped keep the attack at bay.
“We are still assessing the damage,” Sharon Nimirovski, the founder and CEO of Tel Aviv based cyber firm White Hat said in a phone interview with the Times of Israel. “We are working on this event around the clock and Israeli firms have been hit but we still believe it is minor. We are still investigating. The systems have been infected, but we don’t see damage. The attack reached the computers but was blocked.”