Irreal oldtimers know that I have often railed about the activities of the NSA and their domestic spying and about the ever more shrill demands by law enforcement that they be given a back door into our cell phones. As everyone knows by now, the government’s sins have caught up with them.
Here are a couple of tweets from Edward Snowden that illustrate the problem
When @NSAGov-enabled ransomware eats the internet, help comes from researchers, not spy agencies. Amazing story. https://t.co/tNwXwJEy07
— Edward Snowden (@Snowden) May 13, 2017
First question arise in Congress after @NSAGov's attack tools-which officials promised "nobody but us" could use-shut down hospitals in UK. https://t.co/YVAMd1SA3U
— Edward Snowden (@Snowden) May 13, 2017
The NSA developed an exploit for Microsoft Windows and then lost control of the code, which was subsequently published on the Web. Criminals, of course, immediately used it to develop a ransomware worm which, among many other things, shut down several hospitals in the UK. I haven’t yet heard of any deaths resulting from this but it’s probably just a matter of time. In any event, it appears patient records may have been lost.
The US was largely spared but only because a UK security researcher stumbled on a kill switch for the malware and stopped it from spreading. You can read that amazing story in the link from the first tweet. Sadly, it appears that a new version without the kill switch has appeared.
I don’t believe it’s the slightest bit unreasonable to hold the NSA responsible for this mess—including any deaths that result. They wrote the exploit, they didn’t inform Microsoft of the vulnerability that made it possible, and then they let it get stolen. Someone should, at a minimum, lose their job but, of course, no one will.
That brings me to the second point. The government insists it can be trusted with a “golden key” to our smart phones and other devices. They say that of course they won’t abuse the capability and that we can trust them to keep the key out of the hands of criminals and hostile nation states. The WannaCry incident puts the lie to both those claims and justifies my belief that we should never trust the government with the access they desire.
Charlie Stross has an hilarious piece on the incident. He makes the point that if what happened were submitted as a piece of fiction, it would be rejected as unbelievable. He’s got a point.
UPDATE agrees.
: Yoni Heisler