On the major hack that was reported today:
www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html?ribbon-ad-idx=3&rref=world/europe&module=Ribbon&version=context®ion=Header&action=click&contentCollection=Europe&pgtype=article
What is the National Security Administration doing with malware?
Hackers exploiting malicious software stolen from the National Security Agency executed damaging cyberattacks on Friday that hit dozens of countries worldwide, forcing Britain’s public health system to send patients away, freezing computers at Russia’s Interior Ministry and wreaking havoc on tens of thousands of computers elsewhere....
...Security experts described the attacks as the digital equivalent of a perfect storm. They began with a simple phishing email, similar to the one Russian hackers used in the attacks on the Democratic National Committee and other targets last year. They then quickly spread through victims’ systems using a hacking method that the N.S.A. is believed to have developed as part of its arsenal of cyberweapons. And finally they encrypted the computer systems of the victims, locking them out of critical data, including patient records in Britain.
The connection to the N.S.A. was particularly chilling. Starting last summer, a group calling itself the “Shadow Brokers” began to post software tools that came from the United States government’s stockpile of hacking weapons.
The attacks on Friday appeared to be the first time a cyberweapon developed by the N.S.A., funded by American taxpayers and stolen by an adversary had been unleashed by cybercriminals against patients, hospitals, businesses, governments and ordinary citizens.
Something similar occurred with remnants of the “Stuxnet” worm that the United States and Israel used against Iran’s nuclear program nearly seven years ago. Elements of those tools frequently appear in other, less ambitious attacks.
The United States has never confirmed that the tools posted by the Shadow Brokers belonged to the N.S.A. or other intelligence agencies, but former intelligence officials have said that the tools appeared to come from the N.S.A.’s “Tailored Access Operations” unit, which infiltrates foreign computer networks. (The unit has since been renamed.)...
...“It would be deeply troubling if the N.S.A. knew about this vulnerability but failed to disclose it to Microsoft until after it was stolen,” Patrick Toomey, a lawyer at the American Civil Liberties Union, said on Friday. “These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world.”
During the Obama administration, the White House created a process to review software vulnerabilities discovered by intelligence agencies, and to determine which should be “stockpiled” for future offensive or defensive cyberoperations and which should be reported to the companies so that they could be fixed.