The Cloud Consultancy Europe Ltd.
+44 (0) 203 637 6667 [email protected]

Microsoft are not happy that leaked NSA exploits led to the WannaCrypt ransomware causing havoc computers worldwide. Company President Brad Smith posted a response to the attack that roasts the NSA CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There is an “emerging pattern” of these stockpiles leaking out, he says, and they cause “widespread damage” when that happens. He goes so far as to liken it to a physical weapons leak — it’s as if the US military had “some of its Tomahawk missiles stolen.”

To Smith, this is a “wake-up call.” Officials ought to treat a mass of exploits with the same caution that they would a real-world weapons cache, he argues. Microsoft had already floated the concept of a “Digital Geneva Convention” that required governments to report security holes, but the idea has gained a new sense of urgency in light of the recent ransomware chaos. Will the NSA and other agencies listen? Probably not — but Microsoft at least some has some evidence to back up its claims.