Hackers Used Stolen NSA Tool To Conduct Global Cyberattacks
ROBERT SIEGEL, HOST:
Craig Timberg reports that the ransomware used in this attack apparently took advantage of a software vulnerability discovered by the National Security Agency. He's a national technology reporter with The Washington Post. He's also covering this story. Welcome to the program.
CRAIG TIMBERG: Thanks, Robert.
SIEGEL: And what's the NSA connection here?
TIMBERG: The NSA spends a lot of its time looking for vulnerabilities in software so that it can spy on people around the world. That's the job of the agency. And so this group called Shadow Brokers managed to get their hands on a bunch of these vulnerabilities and release them on the internet. It appears to be one of these things that was actually used in the attacks today.
SIEGEL: Now, Microsoft had released a patch fixing that flaw. That was in March. But it seems that many, many computers were vulnerable to this attack. Why?
TIMBERG: Indeed, you know, the patch that Microsoft released came out even before the - this document describing the vulnerability that the NSA had found (laughter) was made public. So in a perfect world, everyone patches their Microsoft software. This kind of attack doesn't become a problem. But the reality is that people don't update their computers. And one of the things we're learning is how many people and how many (laughter) parts of the world are failing to update their computers in a timely way.
SIEGEL: But we're not just talking about people. We're talking about some very big institutions. And you write that the health care industry is the easiest to exploit. Briefly, why is that?
TIMBERG: So hospitals, doctors offices, et cetera use a huge amount of computers and software technology, but updating that software tends not to be a top priority of theirs. It's also the case that sometimes regulations affect how quickly you can update. There's all sorts of HIPAA laws involving personal information. So health care has traditionally really lagged behind other industries in keeping itself secure by updating software, getting new hardware and generally sort of tightening up its ship.
SIEGEL: And the stakes can be life or death. You write about someone whose surgery was canceled today because of the ransomware attack.
TIMBERG: Indeed, and if nobody dies today because of this, we'll have to consider that a very happy turn of events because (laughter), as anyone who's ever been to a hospital knows, these things run on computers. And the world is incredibly dependent on these machines working properly, so when an attack like this happens, it's frankly very terrifying.
SIEGEL: Let's talk about the scale of this attack. It's big. It's in many, many countries. Is it a record-breaking attack? Is it very unusual? What would you say?
TIMBERG: It certainly is unusual in terms of its scope and essentially the amount of damage it's done. It's not unusual for a worm to get loose and affect, you know, a gazillion computers around the world. But this is unusual. This isn't just a worm that, you know, flashes some funny messages. This actually shut down computers. It shut down entire computer systems. So the scale on the sweep does seem very unusual. A number of analytics folks have said that we're talking about many dozens of countries- 70, 80, 90 - affected. And the numbers of computers are in the tens of thousands, maybe in the hundreds of thousands once people get around to counting all of them.
SIEGEL: Do you know who is behind this attack?
TIMBERG: I wish I did. I can tell you a lot of folks are trying to figure that out right now. These ransomware attacks - they're very pernicious. They're very common, and they're incredibly hard to track. And it'll take a lot of detective work to figure out who put this thing together.
SIEGEL: That's Craig Timberg, national technology reporter at The Washington Post. Craig, thanks for talking with us today.
TIMBERG: It was my pleasure. Transcript provided by NPR, Copyright NPR.