Hold North Korea Accountable for WannaCry—and the NSA, Too
Consequences are checks on the balance of power provided by a surprise attack.
But for some in the cybersecurity community who watched WannaCry’s catastrophe unfold, North Korea isn’t the only party that requires accountability. They argue that if guilty parties are going to be named—and lessons are to be learned from naming them—those names should include the US government itself. At least some of the focus, they say, belongs on the National Security Agency, which built and then lost control of the code that was integrated into WannaCry, and without which its infections wouldn’t have been nearly as devastating.
“As we talk about to whom to attribute the WannaCry attack, it’s also important to remember to whom to attribute the source of the tools used in the attack: the NSA,” says Kevin Bankston, the director of the New America Foundation’s Open Technology Institute. “By stockpiling the vulnerability information and exploit components that made WannaCry possible, and then failing to adequately shield that information from theft, the intelligence community made America and the world’s information systems more vulnerable.”
For many cybersecurity researchers, in fact, WannaCry has come to represent the dangers not only of rogue states using dangerous hacking tools, but of the US government building those tools and using them in secret, too.
More: Hold North Korea Accountable for WannaCry—and the NSA, Too