Who Really Is Responsible For The Wana Cry Worm?
Who really is responsible for the Wana Cry worm that spread across the internet this past weekend? Well, it’s not that simple. The Wana cry worm is the amalgamation of failures on the part of several different organizations.
In the off chance you are not aware, Wana Cry is a computer worm, developed by nefarious individuals, that introduce it to a network via a phishing email. Once a machine on the network is infected, it spreads through the network using a vulnerability in Microsoft’s SMB sharing protocol (US CERT VU#867968)(MS17–010). It then crypto locks the infected computers requiring the owners to pay $300.00 in Bitcoin to receive the code to unlock the computer. This infection effected transportation systems in Russia, shut down manufacturing in automobile plants in England as well as the British National Healthcare Service.
In February of 2017, a load of exploits tools was being sold on the open market by a group called the Shadow Brokers. When they could not get the asking price they wanted, they released the tools to WikiLeaks, supposedly in response to the presidency of Donald Trump, who later released the data on these vulnerabilities. WikiLeaks released the source code for the exploits tools that were developed by the NSA, called EternalBlue. Prior to the release of this data by WikiLeaks, Microsoft released a series of patches for the vulnerabilities. It is thought that the NSA tipped Microsoft off to the vulnerability allowing them to build the patch that fixed the issue, even in versions of Windows that are no longer supported by Microsoft.
The Washington Post attempted to place the blame squarely on Microsoft. While this is partially true, the NSA has got some issues with security on its hands for allowing these stockpiled exploits tools to be released to the public. Yet again WikiLeaks doing what they do best when they “fire and forget” data like this out to the internet. They do this without a thought of what the second and third order of effects are going to be.
So, let’s start with Microsoft. Microsoft has had a history of not fully vetting their software, allowing the users to fully test their product releases. Understandably, it is difficult to fully vet a piece of software. However, they continue to do this even with Windows 10. By doing this, researchers, governments and nefarious actors go through the software with a fine tooth comb looking for vulnerabilities they know will be there because of Microsoft’s testing methodology.
The NSA being one of those groups mentioned above, found a vulnerability, developed a tool to exploit it, and then stockpiled it in a cache of weaponized exploits. Due to its own security issues, the knowledge of this vulnerability and the source code for the tool was acquired by the Shadow Brokers. So the ultimate question is, how did this find its way out of the NSA? Was stolen in a Snowdon-esk insider job or was the NSA a victim of a cyber-attack and this information exfiltrated in the process? I would be surprised if we ever find out the answer.
The last character in this tragedy is WikiLeaks. The issue with WikiLeaks has always been that they really have no idea what they are releasing. I understand the Robin Hood mentality and providing open access to information. The bigger issue here is they provided the source code used by the actors that created the Wanna Cry worm. This is likely because they had no idea what they had or what it did. A little knowledge can go a long way. At the same time a little knowledge can be dangerous. WikiLeaks, in this case, had no idea what they had or the ramifications of the effects this release could cause.
The bottom line is all of the organizations involved with this are to blame. Microsoft for not fully vetting their software. The NSA for having hap hazard security and allowing access to the vulnerability and the tool to individuals that didn’t need access to it. Lastly WikiLeaks for releasing it to the general public and not fully realizing what their actions in this could cause.