"It is very hard to hold software manufacturers accountable for flaws in their products", said Abdo.

The attack that authorities say swept 150 countries this weekend is part of a growing problem of "ransomware" scams, in which people find themselves locked out of their files and presented with a demand to pay hackers to restore their access.

Also enjoying strong protection from liability over the cyber attack is the U.S. National Security Agency, whose stolen hacking tool is believed to be the basis for WannaCry. The attack mechanism is a phishing operation that encrypts files using the AES-128 cipher, and demands a ransom ranging from US$300 to $600 in bitcoins in order for the data to be released. Brad Smith criticized US intelligence agencies, including the CIA and National Security Agency, for "stockpiling" software code that can be used by hackers.

Alex Abdo, a staff attorney at the Knight First Amendment Institute at Columbia University, noted that software companies including Microsoft have settled lawsuits that could lead to court rulings.

"The government's response has been chaotic", the British Labour Party's health spokesman Jon Ashworth said.

But some other technology industry executives said privately that it reflected a widely held view in Silicon Valley that the United States government is too willing to jeopardize internet security in order to preserve offensive cyber capabilities. "When a design flaw is discovered in a auto, manufacturers issue a recall".

According to the company, "customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March". By that time, Microsoft had discovered the bug on its own and issued a security update, but many users with older versions of Windows no longer receive such updates.

Microsoft released patches for these versions of Windows, despite them having reached end-of-life. Many organizations without updated backups may decide that regaining access to critical files, such as customer data, and avoiding public embarrassment is worth the cost.

They exploited a flawless storm of factors - the Windows hole, the ability to get ransom paid in digital currency, poor security practices - but it's unclear if the payoff, at least so far, was worth the trouble.

Microsoft issued what's called a patch to prevent the malware a couple of months ago, but many people didn't install it. "There is no major impact in India unlike other countries".

Ryan O'Leary, vice president of WhiteHat Security's threat research center, points out that this weekend's hackers weren't asking for much, usually about $300. "That's going to become a more common practice".

"MNCs, banks, telecom and big IT firms are prepared to deal with such attacks as they have got their cyber policy in place by installing latest updates, anti-virus software and firewall". Others subsequently confirmed the Google researcher's work.

He said most computer hackers were wrongly portrayed as criminals, when in fact many of them just wanted to test their skills against computer systems to expose flaws and weaknesses.

Microsoft itself is unlikely to face legal trouble over the flaw in Windows being exploited by WannaCry, according to legal experts.

"For Microsoft to say that governments should stop developing exploits to Microsoft products is naive", said Brian Lord, an MD at PGI Cyber and former deputy director at the Government Communications Headquarters, one of the UK's intelligence agencies.

There are simple things to do to keep your computer protected. PSA Group, Fiat Chrysler, Volkswagen, Daimler, Toyota and Honda said their plants were unaffected.


COMMENTS