Security Experts and Microsoft President Question the NSA’s Overreach

On Friday, May 12 the Wanacryptor 2.0 (Wannacry) ransomware began spreading like wildfire across thousands of computers across the world. Over the past two days Wannacry has claimed over 223,000 victims using Windows operating systems through an alleged U.S. National Security Agency (NSA) exploit called an SMB worm.

Also read: Widespread Ransomware `Wannacry´ Linked to NSA Exploit

Ransomware Hackers Allegedly Used Two NSA Crafted Exploits to Load the Malware Rapidly

According to various reports from security groups and tech publications, the Wannacry malware has spread to over 223,000 infections globally. It is purported that the ransomware uses a protocol called an SMB worm which is claimed to be a modified version of the NSA’s “Eternal Blue” exploit leaked by the Shadow Brokers. This weekend Microsoft has released another set of patches to fix XP and Windows 8 operating systems as it had previously published a patch for other versions this past March.

Currently, there are a few methods online from security organizations and anti-virus services offering ways to remove Wannacry from a computer. Experts believe these removal procedures and the recently released patches for older Windows operating systems should curb the infections to a minimum. However, it is currently impossible to decrypt the files as there is no decryption tool available to the public for Wannacry so far.

Security Experts and Microsoft President Question the NSA's Overreach

Various security experts say this type of malware may be infecting systems so rapidly because of another exploit allegedly crafted by the NSA and leaked by the Shadow brokers. Security professionals such as CERT Spain say that not only is a modified version of Eternal Blue being used, but another NSA protocol called “Double Pulsar” has been spotted acting as a “malware loader.”     

The Three Bitcoin Addresses and the Shadow Brokers   

Security Experts and Microsoft President Question the NSA's OverreachSo far the only clues to the identity of the hackers are three bitcoin addresses which are slowly filling up with thousands of dollars. On day one, reported the group had acquired US$10,000 worth of bitcoin. Since then the wallets (1, 2, 3) have accumulated a lot more transactions, most all of them $300 increments (the Wannacry decryption fee) adding up to a total of $35,000 at the time of writing. Stefan Tanase, a security researcher at Kaspersky Lab, says he expects the flow of money to increase after the weekend as many businesses may be unaware they have been infected.

Additionally this past April the Shadow Brokers had warned bureaucrats that there was more to come after they had leaked a new batch of exploits they claim were tethered to the NSA. “Who knows what we have coming next time,” explained the anonymous group.

So far the group has published five separate leaks over the internet that contained zero-day exploits and vulnerabilities against enterprise networks, and Windows operating systems. The group claims the protocols were built by the NSA and the Office of Tailored Access Operations. There are theories at the moment that the Shadow Brokers may be tied to an NSA whistleblower like Edward Snowden, but these reports remain unproven.

All Eyes on the NSA

Most of the media has their attention focused on the NSA, and there haven’t been many shots fired at bitcoin’s reputation, which is a positive outcome. Some skeptics believed the price drop, which coincidentally took place roughly around the same time, may have been attributed to the malware attacks. However, most bitcoin proponents thought there was no connection as the price was due for a healthy correction anyway after reaching historic levels.

Security Experts and Microsoft President Question the NSA's Overreach

Now people suspect the NSA leaks may be weaponizing criminals with tools that can undoubtedly cause havoc across the world. Even Microsoft is pointing fingers at the U.S. security agency and governments in general hoarding exploits.    

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” explains Brad Smith Microsoft’s president and chief legal officer. “This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”

An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.

The scariest thing to most people throughout the world is that the tools being released are likely connected with government entities. These exploits show the possibility of the NSA having more back doors and oversight into our software than we could ever have imagined.

What do you think about the recent ransomware epidemic supposedly caused by the NSA leaks? Let us know what you think in the comments below.

Images via, Twitter, Pixabay, and Kaspersky Lab. 

At all comments containing links are automatically held up for moderation in the Disqus system. That means an editor has to take a look at the comment to approve it. This is due to the many, repetitive, spam and scam links people post under our articles. We do not censor any comment content based on politics or personal opinions. So, please be patient. Your comment will be published. 

  • MC Kuky

    I don’t buy this hackers using NSA creation bullshit. US government and its agencies have been doing false flag operations for decades… doing crimes themselves and then blaming it on someone else. This one was mos likely “released” by the NSA itself… now they want to scare people to think Bitcoin is somehow criminal activity and only criminals use it… fucking liars… they do this shit all the time.

    Don’t believe a fucking thing the government and its spying agencies say… they lie all the time, and they don’t have people’s best interests at hand, if they did, they would get rid off corrupt monopoly of the private central banks, the shitty Fiat money that is printed like there is no tomorrow, they use this to rig the stock markets, and whole economies.

    Do not fall for their shit.

    • Cushingish

      I held out on upgrading XP until Microsoft corrupted my browser and hard drive. Been a Chrome guy ever since and will never buy a Microsoft product again.

      • mark

        You win the award for this story’s irrelevant off topic anecdote.

        • Harry Cushing

          Thanks for the award but coming from you, who obviously knows nothing about XP , that is the true irrelevant/off topic anecdote (‘} …….

  • Using Bitcoin for payment is the easiest most acceptable way to pay the ransom, it is public. It would be more difficult if the form of payment was something else. The accumulation is public. The count of incident is public. This method of payment is making sure the point will never be swept under the rug. The intent and meaning of the action taken by this attack is clear. It shows how many insecure terminals are backdoor-ed and encrypted at the same time. It shows the world how vulnerable their purchased platforms are and how many people around your platforms are un-knowledgeable of General Computer Science, Advanced Cryptography and Network Security. How to combat this is attack is through experience and proper insulation from the Network for you most secure information, your customers deserve and expect your systems are secure from re-transmission of their personal details and are only used in the least not for every single quip of a data entry person. Microsoft platforms, if used and set up properly, I have six, are very secure. I have three Debian platforms as well can be configured and secured properly. Your OS access terminals should be used by your least experienced and least trusted personal and they should be nothing more than Terminal Access Shells. Interaction to your core units with the full OS available should be logged and Administered by your most Experienced and most Trusted and used in the least for the most important actions, changes to the records and backup. When I worked as a Systems Test Engineer, I found the first and easiest flaws in Security Hierarchy and mal-implementation of the most miner of recommendations that were founded before I was born. The term Computer Scientist was not given lightly to individuals of my Fathers’ Generation. He was a true Scientist and a Navy Cytologist and Analyst. Today, all to often I find a CS degree flimsily given. This is your true crime in this recent attack and those of the past. I am certain there is someone in the Shadow Brokers and alike in organizations in Law Enforcement that feel as I do, this is a great shame of our Government Oversight on Education in the leading Science of our era, Computer Science.

  • Jingle

    Thanks NSA. We sure are grateful for all you do to keep us safe.