Hacker News new | comments | show | ask | jobs | submit login

I'm kind of confused as to what the role of agencies like NSA, GHCQ, etc are in situations like this. Are they supposed to put an end to the attack? If so, how is it that a single researcher beat them to it (presumably with a budget many orders of magnitude less)?

Or maybe this story isn't really accurate and there was no accident...


And if it isn't the role of those agencies to defend the public health IT infrastructure, which agencies are responsible, if any?

The NSA knew about this vulnerability and decided to use it offensively, rather than notifying Microsoft about it.

Then, due to lax controls, the exploit got leaked and used by the ransomware developers.

Their culpability goes back a lot further than not noticing a kill switch.

If previously aware, shouldn't they have been even more prepared to stop the attack then?

The attackers used the NSA's exploit as a means to distribute their payload. It was the payload that was inadvertently disabled.

I honestly don't know the details, I am just wondering what government agencies have the responsibility of defending against attacks like this.

Even in this case though, you would think the NSA, etc have to do less analysis of the payload since they got to inspect and play with it for much longer than anyone else. Therefore they could waste less time on that and more quickly focus on the rest of the issue.

Historically, I think the answer is just that the NSA doesn't even try.

There are some three-letter agencies that do work on fighting malware, often by partnering with relevant companies like Microsoft (who was a major anti-malware player here too). I know the FBI does so publicly, and some government groups invite large companies to low-secrecy briefings on security.

But I've never heard a mention of the NSA 'fighting' malware that isn't obviously governmental. Even if they knew about the exploit, used the exploit instead of disclosing it, and are well-placed to fight it, I think that's just filed under 'not my department'.

NOBUS is basically a doctrine of assuming that no one else will find and use these exploits, so they can be maintained as strict-offense.

Do you want 3 letter agencies having more ways to get access to private networks?

Right now looking at how the election scandals went they are there at prosecution and have access that they are given willingly.

Sorry, I am unclear on how this is related. Are you saying it is not their responsibility to stop attacks in progress?

The danish center for cyber security issued a threat assessment, but there was not too many git in denmark because friday was a public holiday.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact