[HacktionLab] WannaCry question

[Mike Harris]

Hi all,

I have a question in my head regarding the WannaCry virus.

If the virus was a success due largely to people running a 15 year old
unsupported operating system (XP, or W2003), and if a security alert and
patch was issued seven weeks ago, and if the exploit was allegedly
developed/discovered by the NSA, or a group linked to the NSA, and if
the World weren't informed about it upon it's discovery, but rather when
another group made public this knowledge, and if the information about
how to exploit it was published publicly quite a long time before it was
exploited, time sufficient for systems to be patched, who is really to
blame for it?

a) Those who wrote the virus.

b) Microsoft.

c) IT administrators.

d) The NSA

e) The Ruskies

f) Kim Jong-Un

g) Aliens

h) All of the above.

The press and governments give a sensationalist viewpoint on it,
mentioning cyber-attacks, cyber-hackers, but this virus doesn't seem to
me to be really any different to those I used to get 30 years ago on my
Atari ST from some dodgy floppy disk that I'd inserted; it's just that
the means of spreading the virus is these days much, much more
effective.  Yes it was a bad thing to do, and yes it's no doubt criminal
damage, and yes, it's also extortion, but it's also indicative of an
industry that has tied people into running a 15 year old proprietary
operating system that is very widespread still but that hasn't had any
security patches for three years, and which, I imagine, a lot of
organisations haven't had the time, money, resources and/or inclination
to mass upgrade.

Mike.

-- 

Mike Harris . XtreamLab
w: https://xtreamlab.net
e: mike.harris at xtreamlab.net
t: 07811 671 893
s: adelayde