Ex-spy chief condemns Microsoft for leaving Windows XP users vulnerable to cyberattacks
In a letter to the Times, Sir David Omand, former head of Britain’s electronic intelligence agency GCHQ, called into question Microsoft’s decision to withdraw its security services for the system in 2014 while private and public sectors around the world still relied on it.
“Should Microsoft have stopped supporting Windows XP so soon, knowing that institutions had invested heavily in it (at the urging of the company at the time)?” Omand queried.
NHS hospitals were brought to a standstill on Friday by a massive cyberattack that struck in 150 countries. The NHS has 70,000 devices operating Windows XP, through which the ransomware, known as Wanna Decryptor or WannaCry, managed to spread.
The WannaCry ransomware attack was slowed down by self-taught cybersecurity researcher Marcus Hutchins, 22, while he was working in his bedroom at his parents’ house in north Devon.
Hutchins, who is known as MalwareTech on Twitter, has been hailed an “accidental hero.”
Natalie Coull, lecturer in ethical hacking at Abertay University in Dundee, told the Times: “The WannaCry crisis highlights the need for organizations like GCHQ to employ people with offensive security skills, which was only recently acknowledged in the UK’s national cybersecurity strategy last November.”
Coull added that Hutchins’ actions are a testimony to “the importance of responding offensively to such an attack rather than relying on defensive measures.”
Intelligence services, however, have denied claims that GCHQ has been left red-faced after Hutchins fought off the malware, which has been described as “poorly designed.”
In fact, Salim Neino, the chief executive of Kryptos Logic, the LA-based company that employs Hutchins, said the ransomware was “unsophisticated.” He praised his employee for saving the world from “further damage.”
“Marcus, with the program he runs at Kryptos Logic, not only saved the United States but also prevented further damage to the rest of the world,” Neino said, according to the Telegraph.
“Within a few moments, we were able to validate that there was indeed a kill switch. It was a very exciting moment. This is something that Marcus validated himself.”
Meanwhile, the government has come under fire over claims that it had been warned by GCHQ and the Ministry of Defence (MoD) about the risk of serious cyberattacks three years ago.
General Sir Richard Barrons, former commander overseeing the MoD’s cyber capabilities, said he had written to Whitehall ministers to warn them against state-sponsored cyberattacks, supposedly much more threatening than that unraveling over the weekend.
“If the UK is hit so easily like this by a single type of ransomware attack, how would we cope with a strategic cyber-assault, phased over weeks and spreading across all forms of critical national infrastructure, deliberately designed to bring daily life to a halt?” Barrons said in an interview with the Times.