The exploit of Microsoft's Windows, which led to the spreading of the WannaCry scourge throughout the globe late last week, was a well-kept secret for five years at the National Security Agency...until it wasn't.
Known as EternalBlue within the agency, the hacking tool was so potent that some personnel advocated informing Microsoft, according to a story on Tuesday in The Washington Post. But, despite other security breaches from within the NSA, the agency withheld the details of the flaw from Microsoft.
It now seems likely that the code used in the WannaCry virus was stolen from the NSA, customized and disseminated throughout the globe late last week, leading to the infection of more than 300,000 computers worldwide, a cyberattack that the Post ranked "as among the most disruptive in history."
While unnamed NSA officials defended the agency's work with EternalBlue as necessary to gather foreign intelligence, blowback on a global scale started once the impact of WannaCry began locking up hundreds of thousands of computers with a demand of ransom.
Everyone from the American Civil Liberties Union to Russian President Vladmir Putin have raised their ire at the NSA's handling of the cyber weapon. The Post quoted a blog post from Microsoft President Brad Smith in which he likened the incident to “the U.S. military having some of its Tomahawk missiles stolen.”
Former NSA director Keith B. Alexander, weighed in as well: “They've absolutely got to do a better job protecting [the hacking tools]. You can't argue against that.”
And now, China has added its voice to those blaming the NSA, saying the U.S. must shoulder the blame for the WannaCry attack, which the China Daily claimed infected 30,000 organizations in China.
"Concerted efforts to tackle cybercrimes have been hindered by the actions of the United States," said the China Daily, which the BBC has dubbed state-run.
The U.S. and China are on the brink of agreeing to broad cybersecurity legislation. The China Daily argued that given the NSA leak, a U.S. ban on components from China-based Huawei Technologies were hypocritical.