A cyber security expert has said the attack, which temporarily crippled the National Health Service (NHS) in Britain and other parts of the world a day before, reveals the failure of the United States Government's "protocols for warning software developers and the private sector about system vulnerabilities."
"The National Security Agency (NSA) is supposed to lead the vulnerability equities process with all the other government agencies gathered round to discuss their interests in the vulnerability, and to weigh the offensive capabilities against defensive concerns for the private sector and U.S. interests," The Guardian quoted Adam Segal, the director of the digital and cyberspace policy program at the Council on Foreign Relations, as saying.
"It seems that in this case their hand was forced. They knew the vulnerability was online because of Shadow Brokers and Vault 7, so they went to Microsoft and warned the company they needed to patch it," he added.
A security expert at Surrey university had earlier claimed that the malware resembled an exploit of 'EternalBlue'.
'EternalBlue' was the name given to a weakness in Microsoft's security that is thought to have been identified secretly by the US N.S.A.
"From the analysis that has been done, it looks like it is the 'EternalBlue' weakness that has been exploited because it is using the same ports and protocols. We don't know publicly if it is the NSA (that found the vulnerability) but it is widely assumed it is and that is what Shadow Brokers said," The Guardian quoted Prof. Alan Woodward, as saying.
It was also believed that 'WannaCry' works by taking advantage of a flaw in Windows that the NSA knew about, but kept secret.
This particular vulnerability was publically disclosed by a group calling itself Shadow Brokers, which claimed to have stolen it from the NSA, among a cache of files it took.
However, without yet knowing who or which groups are behind the attack, experts are wary of assigning motive beyond extortion.
One of the theories is that the attack is primarily an attempt to embarrass the U.S. NSA and the intelligence community. It can also be to put more stress on the relationship between the government agencies and the private sector and the vulnerability equities process.
Disclaimer: No Business Standard Journalist was involved in creation of this content
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app