BT

Your opinion matters! Please fill in the InfoQ Survey!

Microsoft Renews Calls for “Digital Geneva Convention” after Widespread Cyber Attacks

| by Charles Humble Follow 356 Followers on May 15, 2017. Estimated reading time: 2 minutes |

A note to our readers: As per your request we have developed a set of features that allow you to reduce the noise, while not losing sight of anything that is important. Get email and web notifications by choosing the topics you are interested in.

The major story from last week was that malware, described in leaked NSA documents, crippled Windows computers worldwide. The WannaCry Ransomware virus is believed to have hit 200,000 victims in 150 countries, including UK hospitals, utilities in Spain, and Russia’s interior ministry. Renault shut down several French factories after the cyberattack, and one of Nissan’s UK factories was also impacted.

The scale of the attack prompted Microsoft to take the highly unusual step of releasing patches for unsupported operating systems, including Windows XP. If you have machines running Windows, needless to say, you should patch them as fast as you can.

Currently the “kill switch” discovered by MalwareTech appears to be holding, although it seems reasonable to assume that variants of the virus without the kill switch will begin circulating soon, and indeed Danish security firm Heimdal Security believes they already are.

In the wake of the news, Microsoft’s president and chief legal officer Brad Smith took to the company’s website to give a post mortem of the attack citing lessons that need to be learned. Whilst accepting Microsoft’s share of the blame, Smith suggested that the bulk of the responsibility for the massive cyberhack lies at the feet of government agencies.

…this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

Smith goes on to renew Microsoft’s call in February for a new "Digital Geneva Convention”:

to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ve pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality.

In this context it’s perhaps worth remembering that last year Apple came under tremendous pressure to create a special version of iOS for the U.S. government, under the promise that it would never escape their safe hands and get into the wild. One of those people was presidential hopeful Donald Trump.

The malware seems to have not proved hugely profitable for its owners so far. The BBC reports that "analysis of three accounts linked to the ransom demands suggests only about $38,000 (£29,400) had been paid by Monday morning."

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT