Chinese State Media Says US Should Take Some Blame For Cyberattack

An anonymous reader shares a CNBC report: Chinese state media on Wednesday criticized the United States for hindering efforts to stop global cyber threats in the wake of the WannaCry ransomware attack that has infected more than 300,000 computers worldwide in recent days. The U.S. National Security Agency (NSA) should shoulder some blame for the attack, which targets vulnerabilities in Microsoft systems and has infected some 30,000 Chinese organisations as of Saturday, the China Daily said. "Concerted efforts to tackle cyber crimes have been hindered by the actions of the United States," it said, adding that Washington had "no credible evidence" to support bans on Chinese tech firms in the United States following the attack. The malware attack, which began on Friday and has been linked by some researchers to previous hits by a North Korean-run hacking operation, leveraged a tool built by the NSA that leaked online in April, Microsoft says.

Not just the Chinese saying this

[XXongo]

It's not just the Chinese saying "blame the NSA".
https://www.washingtonpost.com...
http://www.zerohedge.com/news/2017-05-14/microsoft-slams-nsa-letting-its-hacking-tools-cause-global-malware-epidemic

Re:Don't blame the U.S.A.

[Pieroxy]

They did this weekend. https://www.microsoft.com/fr-F...

70% of software in China is "unregistered"

[spoot]

According to Engaget and other sources. So yea, the US is to blame for all the pirated un-patched installs of XP in China. Russia has purportedly Russia 64 percent. Isn't it strange that the NSA would code such and exploit. Live by the sword, die by the sword.

The larger problems

[UnknowingFool]

While it might have been the NSA that created the basis of the ransomware, there's really larger problems. Any hacker could have discovered the vulnerability and launched the same attack.

The first problem is that the malware affected Russia and China in greater numbers for the simple reason that many Windows installations there are pirated so they are not likely to receive patches. MS for their part did patch the vulnerability in the March cumulative update if I remember correctly.

The second problem is that MS didn't patch unsupported, older versions of Windows until WannaCry became widespread (Windows XP, Vista, etc). So there are still many older versions of Windows out there being used. This second problem does affect companies and machines that have stayed on older Windows for a number of reasons (hospitals, factories, etc.)

The third problem is that trust in MS has slowly been eroded over the years with their behavior:

• Auto-updating their users without permission
• Rebooting machines without warning
• Sneaking in non-critical features (like telemetry) as critical updates
• Rolling up patches so that customers cannot refuse certain patches for practical reasons
• Patch quality dropping with a few of them making machines unusable

For many, they simply don't trust MS anymore. In years past, a bad patch every now and then could be forgiven. With no trust in MS, consumers are simply taking their chances.