Tech companies, lawmakers call on NSA to comment on stolen cyberweapons: 5 things to know

Two recent global ransomware attacks — called "WannaCry" and "Petya" — used techniques reportedly stolen from the National Security Agency. However, the NSA has yet to release a statement or work with technology companies to address the issue, sparking concerns from both lawmakers and the private sector, The New York Times reports.

Here are five things to know.

1. WannaCry, which struck in May, and the ongoing June 27 Petya threat both exploit a Microsoft vulnerability reportedly developed by the NSA, called EternalBlue. Shadow Brokers, a hacker group that regularly posts stolen software and hacking tools developed by the U.S. government, released the tool online in April.

2. U.S. Rep. Ted Lieu, D-Calif., called on the NSA to release information on how to stop the Petya attack in a June 28 letter to NSA Director Michael S. Rogers. "If the NSA has a kill switch for this new malware attack, the NSA should deploy it now," he wrote.

3. Mr. Lieu also requested the NSA work with private industry leaders to protect computer systems from malware. "I also urge the NSA to disclose to Microsoft and other entities what it knows that can help prevent future attacks based on malware created by the NSA," concludes Mr. Lieu's letter.

4. Microsoft President and Chief Legal Officer Brad Smith penned a blog post May 14, after the WannaCry attack, in which he blamed the U.S. government for not working with technology companies to address the software vulnerability. He urged the NSA to "consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

5. Michael Anton, spokesman for the National Security Council at the White House, told The New York Times via email "[the government] employs a disciplined, high-level interagency decision-making process for disclosure of known vulnerabilities [in software]."

He added "[the administration] is committed to responsibly balancing national security interests and public safety and security," but did not disclose the "origin of any of the code making up this malware.

More articles on health IT:

Northwestern Medicine, University of Calgary partner for precision medicine study

AI-based health service gains $10M in new funding

3 Solutions to physician summer break schedule mayhem

 

© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months