Microsoft’s Chief lawyer Brad Smith the caring attention since Friday, world Ransomware attack with WannaCry or as WanaCrypt0r 2.0 known malware on the occasion took, to renew his claim put forward in February after a “ digital Geneva Convention “. Smith then urged President Trump, along with Russia to establish new norms for cyberspace. His idea to civilians should be protected from State-controlled Cyberkriegsaktivitäten with the forthcoming Treaty. The set up control authority could focus on the International Atomic Energy Agency (IAEA).
Smith based his claim already in February that intelligence agencies increasingly are looking for security vulnerabilities in software and long time to keep, or to buy up information on the market and then keep them under lock and key. Thus, she made it difficult to provide manufacturers and IT security company for the safety of their customers. Concern in particular the risk that such vulnerabilities to criminal could seep through and then be used extensively by them Smith.
just now happened in the case of WannaCry and WanaCrypt0r 2.0. The vulnerability exploited by the malware, which is known as ETERNALBLUE or MS17-010 was known now closed gaps in firmware Cisco public double pulsar or as well as malicious software following the theft and publication of hacking tools in the NSA .
Microsoft hatte bereits im März einen als “kritisch” eingestuften Patch bereitgestellt, der die von WannaCry ausgenutzte Lücke schließt . However security updates for the no longer supported operating system Windows XP, and Windows Server 2003 on late Friday night. Computers running still, often still in companies, can be found about Deutsche Bahn, British health care facilities or even providers such as the Spanish group Telefónica. All were also victims of the attack.
already in February Microsoft lawyer had suggested Smith, that experts from the private sector and the public sector should be consigned to a to be formed, independent supervisory body. Their task would be to investigate cyber attacks. The technology industry should help it similar to impartial and disinterested, as does the Red Cross in war zones. Finally, belong to the cyberspace of the private sector and will run by you.
at the same time the Panel should ensure that State Cyberaktivitäten are not directed against private-sector institutions. As an example, he called at that time including Sony Pictures attack two years ago. He according to Smith, was a turning point, was a private company attacked for the first time, because it is known to the law on freedom of expression.
expressly Smith now condemned again the handling of public agencies with the knowledge of security vulnerabilities sharp: “Finally this attack is why the storage of vulnerabilities by Governments is such a big problem yet another example. This is a pattern that 2017 increasingly drew off. We saw, they collected security issues of WikiLeaks appeared by the CIA and now a security vulnerability that is stolen in the NSA has harmed customers around the world.”
Smith continues: “repeatedly exploits come from the hands of Governments into the public eye and caused extensive damage. A similar example with conventional weapons would be about U.S. military some of its Tomahawk cruise missiles would steal the.”
according to him the WannaCry Atacke connects although unintended but worrying between the two most dangerous forms of threats to cyber-security – activities by government agencies and organized crime.
Governments worldwide should the WannaCry attack as a wake-up call understanding. “You must change their attitude and apply the same rules on weapons for the cyberspace that apply to weapons in the physical world. Governments need to think about the damage to the civilian population, caused by the storage of vulnerabilities and the exploits for this intended use.”
tip : you know the most famous hacker? Check your knowledge – with 15 questions on silicon.de.
get to know the building blocks of enterprise cloud platform in this audio Webinar. Learn how to achieve maximum freedom and flexibility for your applications. More outcome achieved with less input – specific application examples. [Update: the webinar has already occurred.] Register now and look at the record.