A nasty ransomware attack has been winding through Windows computers and networks all weekend.
It’s a massive one. The WannaCry attack hit over 150 countries and over 200,000 systems, utilizing a Windows vulnerability to lock user systems until a ransom was paid in BitCoin. It’s another black eye in the information security world for Microsoft, which has already dealt with some embarrassing security situations in 2017.
The PR blame game has already begun, with (predictably) Microsoft firing the first volley. Microsoft President Brad Smith made the argument that the NSA was to blame, since it reportedly discovered the vulnerability and developed the code to crack it open for a remote malware-based takeover.
This argument is so breathtakingly hypocritical, I don’t know where to begin.
For starters, the NSA and gigantic tech companies are buddies. Edward Snowden revealed that the biggest tech giants partnered with NSA to platoon the PRISM program, which functions as a metadata Pacman for the government: eating up all of the little bits of data that we produce until they cover our entire map.
Microsoft wasn’t just one of these companies, they were the first company to sign up to join PRISM on September 11, 2007, the originators of giving the NSA access to their servers and presumably their deepest darkest secrets. Now they want to go back and cry foul that the access the government has without disclosing its activities is harmful to people?
First ballot Chutzpah Hall of Fame nomination right there.
Furthermore, it’s not the government’s fault that someone (bear with me on the analogy) came into Microsoft’s “house” broke their property and made off with their money. Microsoft is responsible for investigating their own vulnerabilities, creating their own patches and providing users with their own updates. To suggest that the government should do this for them is absurd on its face.
Ironically, the “expert” on how to stop this attack is a 22 year-old cyber security researcher. For the billions spent by the government and the company on security, all it takes is a kid in a bedroom to solve their problems.