Originally Posted by In Defense of Marxism
This weekend has seen a massive cyberattack against large corporations and public institutions. Negligence on the part of governments and companies allowed hackers to encrypt data on hundreds of thousands of computers based on tools developed by US security NSA.
In March, Wikileaks released 8,761 documents relating to the hacking activities of the CIA, highlighting the risk that the cyber warfare departments of the intelligence agencies posed to internet security. The leak consisted of a set of hacking tools called “Vault 7” that was mainly used to spy on allies and industrial espionage. This included tools to hack into internet connected computers, Mac computer, windows computers, internet connected devices (baby monitors, CCTV cameras, routers, printers etc), as well as private networks without internet connection (government departments, multinational corporations etc).
The tools enabled CIA agents and contractors (employed by private companies) to access a shared repository of hacking tools that could be used to infect target computers and networks.
Most controversially, it included so called 0-day exploits, which are unpatched security flaws in commonly used software. This was a breach of a promise made by the US intelligence community to notify software and hardware manufacturers of any flaw that they found, so that a patch could be released. By keeping these exploits to themselves, and placing them all together in a poorly guarded treasure trove for hackers they imperilled millions if not billions of devices around the world.
The size of the threat was revealed over the weekend, when almost 200,000 computers were affected by the WannaCry ransomware. A ransomware is basically a piece of software that encrypts all the files on the infected computer and asks the owner to pay money to the hacker in order to get the files back. In addition, there’s a worm that helps spread the ransomware from the infected computer to others, typically using emails or social media, and in this case, vulnerabilities in the computer network that it has infiltrated.
[...]
The irresponsible way in which governments and companies act puts in jeopardy the entire existence of the Internet. It threatens to parcel it up within national borders (as has already happened to a large extent with China). This will eradicate one of the most significant technological achievements over the past 20 years.
The only way to combat this is to disarm the security services, publish all their exploits (after giving some time for software manufacturers to patch their software), publish the source code of Windows and other software publicly for inspection. The biggest software companies should be nationalised and put under workers’ control. No more discovered and unpatched security flaws. Co-operation between countries and companies is the only way forward. Taking the profit motive out of the Internet is the only way to secure its long term future.
Massive hacking attack using tools developed by US intelligence agency
