Instead of having to develop their own arsenals of cyberweapons, they simply had to repurpose work done by the highly skilled cyber experts at the NSA, said Phillip Hallam-Baker, principal scientist at the cybersecurity firm Comodo.
Last Friday, stolen NSA malware was used to attack hospitals, universities, and businesses around the world, ultimately hitting hundreds of thousands of computers in more than 150 countries, including the US, reaching what Europol-Europe's leading police agency-described as an "unprecedented level".
The WannaCry worm has affected more than 200,000 Windows computers around the world since Friday, disrupting vehicle factories, global shipper FedEx Corp and Britain's National Health Service, among others.
The spread of the worm dubbed WannaCry - "ransomware" that locked up more than 200,000 computers in more than 150 countries - began after hours on Friday Australian time, scrambling data and demanding payments of $300 to $600 to restore access.
Microsoft says NSA to blame for Wannacry
The software tools to create the attack were revealed in April among a trove of NSA spy tools that were either leaked or stolen. Security patches would be available for clients with older machines, but only if they paid for custom support agreements.
The ransomware attack was particularly malicious, because if just one person in an organization clicked on an infected attachment or bad link, all the computers in a network would be infected, said Vikram Thakur, technical director of Symantec Security Response.
Citing the far-reaching potential impact on customers, Microsoft took the unusual step of offering a custom support security update for users with versions of Windows that are no longer supported. "It would arguably be knowingly negligent to let those systems stay in place".
He said the NHS was particularly vulnerable as it is such a large organisation and the virus only needed "one point of entry". "That's liability to individuals, consumers and patients". Once the issue became widespread and the news and views cycle went on an overdrive, it was surprising to see Microsoft getting the heat for not supporting Windows XP.
Microsoft had released a patch for the vulnerability earlier this year, but many systems that had not installed the updates were hit. LinkedIn settled for $1.25 million in 2014. "The incident could have been avoided if critical patches were applied in time by companies across all industries", said Kartik Shahani, Integrated Security Leader, IBM ISA. Researchers say new variants of the software have a similar kill switch, but they refer to different domains.
United Kingdom poll: Boris Johnson faces flak for talking up whisky in gurdwara
A spokesman for Johnson denied that it was a gaffe, claiming instead that he was sympathising with the woman's personal situation. Wearing an orange turban , Johnson said whisky exports would get a boost if Britain and India could strike a trade deal.
White House cyber security coordinator Rob Joyce, who previously worked in the NSA's elite hacking squad, told a Reuters reporter in April that the Trump administration was considering how to "optimize" the Vulnerability Equities Process, but he did not elaborate.
Vicente Diaz, a security analyst at Kaspersky, said big companies would have spent the weekend implementing such measures, but smaller firms without a dedicated security team could still suffer from the malware. Courts have consistently upheld those agreements, he said.
The NSA did not respond to requests for comment.
Jonathan Zittrain, a professor specializing in internet law at Harvard Law School, said courts have frequently dismissed lawsuits against the agency on the grounds they might result in the disclosure of top secret information.
Google may showcase its next-generation standalone VR headset at I/O Keynote
We don't even know if the standalone headset will have any connection with Android or Google's Daydream app ecosystem at all. It is possible that the standalone VR headset that Google is working on may fall under the "WorldSense" trademark.
The official would not identify which systems but said no federal government entities were hit.
- North Korea's missile programme progressing faster: Defence Minister
- Fast Growing Stock in Focus: Verizon Communications Inc. (NYSE:VZ)
- France's Hollande nears exit as party falls apart
- Latest allegations paint disturbing picture of the former culture at Baylor
- North Korea: New Missile Can Carry 'Heavy Nuclear Warhead'
- Valeant Pharmaceuticals Intl Inc (VRX) Director Acquires C$278000.00 in Stock
- More immigrants arrested, fewer deported under Trump
- Congressman calls for Trump's impeachment on House floor
- Trump says 'fast decision' possible on replacing Federal Bureau of Investigation director
- Erdogan, Trump reaffirm joint fight against terror