If there is one thing to take away from the entire WannaCry ransomware debacle, it is how the NSA is largely responsible for these problems. To be more specific, the intelligence agency successfully kept a Windows vulnerability hidden from the public. Although the agency reported said issue to Microsoft, it is doubtful they did so right away. That may come to change, thanks to a new legislative proposal.
The Disclosure of Cyber Exploits
It is not entirely surprising to learn the US government is not too happy with NSA exploits being used to shut down computers all over the world. The WannaCry ransomware attack makes use of the EternalBlue vulnerability affecting the Windows SMB protocol. The NSA was all too aware of this problem, and it is their exploit code – which was distributed on the internet which facilitated this global attack. Moreover, it continues to fuel other ransomware attacks as well.
To put things in order, a new legislative proposal has been drafted by Democratic Texas Senator Brian Schatz. If his bill were to be approved, the NSA will be legally obligated to share cyber exploits with the manufacturer immediately. Disclosure of such undocumented attack vectors will allow for companies to patch security holes a lot quicker and keep enterprises and consumers safe.
Part of this legislative proposal revolves around establishing a Vulnerability Equities Review Board. This board is made up of heads of US security agencies and Presidential Cabinet members. Their goal would be to create new policies and regulations to determine when non-government entities will need to be informed regarding tech exploits. Doing so should eventually reduce the number of cyber attacks as a whole.
For the time being, it remains to be seen if this bill will gain any major support from other politicians. It’s a public secret the NSA has a lot more sway among politicians than most people would like. Keeping the country safe at all times is a very demanding job, even though the NSA as overextended its legal powers numerous times in the past. It is due time something changes to address this problem.
Moreover, Microsoft publicly criticizes the existing US cybersecurity policies for allowing security agencies not to disclose these vulnerabilities in a timely manner. In fact, the NSA did the opposite, as they created an in-house developed exploit to take advantage of this weakness whenever they wanted. Stockpiling such powerful weapons is a very dangerous business, as is evident in this particular case.
Although it took a group of hackers stealing the NSA exploits to bring this information to light, it is evident the NSA is not always acting in the public’s best interest. In a strange way, the entire world should be grateful for what The Shadow Brokers did, as they exposed some of the NSA’s most powerful hacking tools known to date. Unfortunately, their publication of said exploits has been used for nefarious purposes.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.