A Microsoft executive in a blog post Sunday argued that the NSA losing control of the information that allowed hackers to deploy a global cyberattack on Friday is akin to the military losing control of several missiles.
Brad Smith, president and chief legal officers of the Redmond company, says the “WannaCry” or “WannaCrypt” attack shows that the U.S. government and others need to stop stockpiling software vulnerabilities and instead alert tech companies so they can fix the problems.
The WannaCry attack targeted a back door into Windows that was originally discovered by the NSA. At present, agencies like the NSA allow such vulnerabilities to persist because it gives them an advantage over their enemies. But Smith argues that this behavior does more harm than good.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Smith wrote.
He says the solution is a “Digital Geneva Convention,” a reference to the international treaties on humanitarian treatment in war, which were reached after WWII. The convention would require government “to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.”
The WannaCry attack is using so-called ransomeware to encrypt people’s files then charge them $300 to release them. FedEx, the National Health Service in Britain, and Russia’s interior ministry are among those affected.