Microsoft’s top lawyer has blamed the government’s stockpiling of hacking tools as part of the reason for the WannaCry attack, the worldwide ransomware that has hit hundreds of thousands of systems in recent days.
Brad Smith, president and chief legal officer, pointed out that WannaCrypt is based on an exploit developed by the National Security Agency (NSA) and renewed his call for a new “Digital Geneva Convention,” which would require governments to report vulnerabilities to vendors rather than stockpile, sell, or exploit them.
“The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyber space to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Smith said he hopes the recent WannaCry attack will change the minds of government agencies and stop developing hacking tools in secret and holding them for use against adversaries, especially since the technology for WannaCry was stolen from the NSA.
Smith made this call in February for an international convention on the use of cyberwarfare similar to the Geneva Convention rules governing war and protections of noncombatants.
“The governments of the world should treat this attack as a wake-up call,” Smith said. “They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”
WannaCry has proven so nasty and ubiquitous that Microsoft took the unusual step of releasing security fixes for long-abandoned operating systems, including Windows XP and Windows Server 2003, since they are still widely used in some corners of the world and WannaCry has been a worldwide problem.