Malware, described in leaked NSA documents, cripples computers worldwide
By Craig Timberg, Griff Witte and Ellen Nakashima
May 12 2017
Hackers unleashed an attack that disabled computers in dozens of nations Friday using a software flaw that once was part of the National Security Agency’s surveillance tool kit.
The resulting wave of online chaos affected tens of thousands of machines worldwide, snarling operations at the Russian Interior Ministry, Spanish telecommunications giant Telefónica and Britain’s National Health Service (NHS), where hospitals were hobbled and medical procedures interrupted.
Europe, Latin America and parts of Asia were hit particularly hard, although in the United States, FedEx also reported falling prey to the malware. The attack was the latest in a growing menace of “ransomware,” in which hackers deliver files to computers that automatically encrypt their data, making it unusable — until a ransom is paid.
“This is not targeted at the NHS,” British Prime Minister Theresa May told reporters. “It’s an international attack, and a number of countries and organizations have been affected.”
The hack renewed a long-running debate about the dangers of intelligence agencies such as the NSA collecting and using software flaws for espionage, rather than quickly alerting companies to vulnerabilities so they can fix them.
In this case, the NSA found a flaw in Microsoft software that made the hack possible. The agency reported the flaw to the company after a security breach was discovered in August, according to former U.S. officials speaking on the condition of anonymity because of the sensitivity of the topic.
Microsoft fixed the problem in a patch it released in March, before a group calling itself the “Shadow Brokers” publicly released it online in April.
But system administrators appear to have applied the patch inconsistently, leaving some computers vulnerable. The vulnerability gave the hackers what amounted to a lock pick to the Microsoft software on computers that did not receive the update from the company or that used outdated operating systems.
It was not clear who was behind the campaign, which, experts said, was the first known time a hacker group used the NSA tools released by the Shadow Brokers to conduct a large-scale hack.
“These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies but by hackers and criminals around the world,” the American Civil Liberties Union, a frequent NSA critic, said in a statement.
The NSA did not respond to requests for comment, but some experts expressed sympathy for the agency because it had warned Microsoft about the problem.
Peter Eckersley, technology projects director for the Electronic Frontier Foundation, a San Francisco-based civil liberties group that has sharply criticized the NSA for its aggressive surveillance, said: “In this instance, it’s a little unfair to blame the NSA. They could have been following the best possible defensive practices, and this probably would have gone down the same way.”