The tool used to infect Windows was stolen last year from this US intelligence agency. Although this is still a developing issue, the digital attack that disabled the systems of several hospitals in England, in addition to affecting the internal network of Telefónica and other telecommunications companies in Europe, may well have a de facto culprit: United States National Security (NSA).
At the outset, one thing should be made clear: the NSA did not perpetrate the attack and, in fact, it is not very clear who is behind these actions, which have spread to more than 70 countries.
Now, what has been established is that the attack uses a tool that was stolen from the arsenal of digital weapons developed by the Agency; this development later happened to be distributed in Internet by a group that calls itself Shadow Brokers.
In short, the attack exploits a vulnerability that the NSA discovered in Windows, which apparently had not been previously reported. This is commonly referred to as a zero-day attack and is one of the most frequently traded currencies in the world of cyber attacks, as it is one of the most effective ways to violate a system's digital security.
The publication of the tools developed by the NSA has been going on quietly since last year. Since then, Microsoft has released an update of its products to cover the gap discovered by the NSA and so far so good. The point is that many users, mainly corporate, constantly live on old versions of software and it is here when things get complicated.
But updating systems is just part of the whole problem. Another of the complex issues in this scenario is the design of these tools in the first place. Many of these attacks are designed by state security agencies, especially those with offensive operations in the digital realm. We are talking about old acquaintances, such as the CIA, NSA or the English GCHQ, but military units also fit here.
However, national intelligence agencies appear to be the largest manufacturers and buyers of malicious software in the world. This is true for the aforementioned institutions, but it is also true for national police in countries such as Mexico and Colombia, which have a marked interest in software to break the digital security of smartphones, among other things. At the same time, information leaks often occur to these organizations.
And in this sort of tension between manufacturing and filtration are exposed millions of users, who do not do their part to not constantly update their operating systems and software on which critical issues depend, such as the operation of hospitals.
The attack takes advantage of a vulnerability in Windows, which was made public by Microsoft on April 14 of this year, and remotely executes a malicious code. The user typically receives an email with an attachment that, when decompressed, allows certain information from your system to be encrypted by the attacker; To be encrypted, the data are useless for its owner, who must pay US $300 to be able to access them again. The number of these rescues usually amounts to thousands of dollars.
This type of attacks is known as ransomware, or information hijacking, and is one of the fastest growing forms of cybercrime in the world.
I wouldn't be surprised.