Given the global hacking spree with the use of a stolen NSA hacking tool, there are grounds for massive questioning of the actual capacities of the United States’ hacking prowess and their actual monopoly on global private knowledge.
What happened?
A series of global cyber-attacks were noted late Friday, May 13th, which breached into various hospitals and other institutions, and demanded ransom in exchange for returned access. This breach was noted as the largest global ransomware attack on record, with it being spread to more than 74 countries counted. With a simple phishing email sent to the users of the core hospital computers, the hackers gained access to the core files of the computer, encrypting the critical data that could be obtained and then holding it for ransom. The weapon, code-named ‘Eternal Blue,’ targeted a vulnerability in Microsoft’s Windows servers which are regularly used in the majority of operating systems in hospitals worldwide.
The more chilling aspect about this attack is the arsenal of weapons that were used, and more importantly how they were obtained. The arsenal of hacking software, identified in the wake of the attacks, was software that was part of the arsenal of the NSA, stolen by the hackers. After publicizing the weapons as well as giving an in-depth review, former intelligence officials have disclosed that the hacking software belonged to the Tailored Access Operations unit of the NSA, a unit designed to target and attack foreign nations in order to obtain the desired information from said targeted nations.
What does this mean?
The attacks pointed out a glaring issue about the weakness of the current state of cyber security, raising questions about the most effective methods of protection in the status quo, especially regarding what actions could be taken immediately to find a solution. Microsoft has already taken initiative to try and alleviate the concerns regarding the issue, with creating an immediate safety patch for the current vulnerability in its security system. However, therein rises the questions of the manner in which Microsoft found out in such an immediate manner and responded. We would assume that Microsoft preemptively knew about such an attack, yet did not take action in time or beforehand to repair this vulnerability so that the safety of the patients of the targeted hospitals would not have been jeopardized.
Following the same level of question of Microsoft, yet another group that ought to be put under scrutiny is the NSA. First and foremost, the concern of the weapons being stolen from the NSA takes into account the possibility that the NSA knew of this vulnerability, but actively decided to maintain this vulnerability in order to continue the potential success of its weaponry. Not only that, but this also shed lights onto the nearly limitless strength of how much information the NSA can seamlessly gather without any interruption.
This is something that should frighten us very much if only we could fully comprehend the complexity that is the world of surveillance and interventionist interrogation that the NSA is capable of. Despite its complexity, we ought to take into regard the direct impact of such attacks and be more wary of our surroundings, as well as attempt to understand just how broad and widespread the capacity of the NSA is. The revealing of the classified documents from the NSA by Edward Snowden shed a great light onto this issue, and moving forward, such concepts ought to be kept at high regard and alert.
Be careful everyone, we simply cannot easily understand just how powerful the NSA may be, and how dangerous a small leak can be for everyone.