Former NSA Chief Defends WannaCry-Style Government-Owned Hacking Tools

The recent WannaCry ransomware, which targeted the systems of 150 countries and encrypted their computers, raised an alarm. The fact that hacking tools possessed by the National Security Agency (NSA) and leaked sometime ago were used in the mass cyber attack, also raised eyebrows.

Read: NSA Hacking Tools Used In WanaCry Global Ransomware Attack Targeting Hospitals, Banks And Tech Companies

General Keith Alexander, former NSA chief and former chief of the Central Security Service might be the best person to ask about the current situation. Speaking at the TechCrunch Disrupt New York event, being held in New York City till Wednesday, in response to being asked how much responsibility should be assigned to the agency for the WannaCry ransomware, he said: “The NSA didn’t use the WannaCry, criminals did –- someone stole it…This WannaCry starts to split [government agencies and industry] apart but our nation needs industry and government to work together.”

He denied the NSA is to blame for designing the tools, some of which was used in the past for mass surveillance, but not being able to protect them from getting leaked to “criminals.” Instead, despite the recent crisis, he still wants the tech industry to work with agencies such as the NSA.

“The fact that Microsoft actually put a patch out in March — how do you make sure that those things go out? And is there a way that government and industry can work together so that those things are done seamlessly… And the answer’s yes. And should we do that? Yes,” he said

He defended the NSA’s use of such exploits and also argued the agency should not be obligated to make such tools public, as it needs to match to its adversaries.

“We’ve got to have tools,” he said. “[NSA] don’t hoard exploits; they release 90+ percent of what they get but to go after a terrorist you need an exploit.”

Alexander’s comments are in stark contrast with Microsoft’s press release on the subject Sunday.

"The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States," it said.

"That theft was publicly reported earlier this year. A month prior, on March 14, Microsoft had released a security update to patch this vulnerability and protect our customers. … this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem."

The company even went so far as to mention the WikiLeaks Vault 7 leaks that were published earlier this year.

"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," the company said.

"An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today – nation-state action and organized criminal action."

Read: Cryptocurrency Botnet Used Leaked NSA Exploits Before WannaCry Ransomware Attack

The company also called for governments to treat the attack as a wake-up call.

While Alexander did not reveal any information about other such tools, which could be used in such attacks, he did sound out an ominous warning. "I think this is just one of many that we’re going to see," he said. "Many people said this is the year of ransomware."