Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
China Security United States IT Technology

Chinese State Media Says US Should Take Some Blame For Cyberattack (cnbc.com) 82

An anonymous reader shares a CNBC report: Chinese state media on Wednesday criticized the United States for hindering efforts to stop global cyber threats in the wake of the WannaCry ransomware attack that has infected more than 300,000 computers worldwide in recent days. The U.S. National Security Agency (NSA) should shoulder some blame for the attack, which targets vulnerabilities in Microsoft systems and has infected some 30,000 Chinese organisations as of Saturday, the China Daily said. "Concerted efforts to tackle cyber crimes have been hindered by the actions of the United States," it said, adding that Washington had "no credible evidence" to support bans on Chinese tech firms in the United States following the attack. The malware attack, which began on Friday and has been linked by some researchers to previous hits by a North Korean-run hacking operation, leveraged a tool built by the NSA that leaked online in April, Microsoft says.
This discussion has been archived. No new comments can be posted.

Chinese State Media Says US Should Take Some Blame For Cyberattack

Comments Filter:
  • by Anonymous Coward

    Blame Microsoft.

    • no this is on the government i have no problem with the government having tools however they should still inform microsoft so they can make a patch that can be sent out asap if one of those tools gets loose
      • by gnick ( 1211984 )

        ...they should still inform microsoft so they can make a patch that can be sent out asap if one of those tools gets loose

        Are you suggesting that they inform Microsoft as soon as they find a vulnerability and have them sit on a patch until the exploit "gets loose"? What would be the difference between that and just requesting that Microsoft include a back door that could be modified once it's discovered by someone else?

    • by gweihir ( 88907 )

      Of course the NSA has the largest share of the blame, because they lost ready-to use 0-day exploit code. That is about the worst thing possible.
      The NSA is also to blame because they did not report the 0-day after a reasonable time, say 1 year or so.

      That makes to major screw-ups or seriously criminal acts on the side of the NSA.
      MS puts out shoddy software, but a) everybody knows that and b) a lot of others do it to. So some, but not a lot of blame to MS.
      The the fuckups that used this code also have some blam

      • Re: (Score:2, Insightful)

        by Solandri ( 704621 )
        No, the people who stole the code from the NSA and released it without giving Microsoft a couple months to come up with patches bear the largest share of the blame. They're the ones who turned this into a 0-day exploit.

        Releasing the code to the public wasn't necessary to shame and cripple the U.S. intelligence infrastructure. All they needed to do was give Microsoft a copy and publicly tell them to patch it or they'd make it public in 60 days. Once Microsoft confirmed the vulnerabilities were real, th
        • This reminds me of the of the plot from the movie "Outbreak'.

          Sure, that chick from Grey's Anatomy started the outbreak by stealing the monkey, but why the fuck was the US gov't weaponizing horrific viruses in the first god damn place?

        • No, their actions were a brutal but much needed outing the NSA as the enemy. They are sitting on many, many more exploits, and Microsoft was caught purposefully introducing backdoors for NSA before (like, say, the _NSAKEY signing key).

          Patching this particular exploit would have no lasting effect.

          • by gweihir ( 88907 )

            Indeed. What the NSA did here would be called treason in any non-government organization, because what they did massively helped enemies. They need to massively reduce the number of exploits they keep secret (I can understand that they want a few), they need to make very sure the exploits and exploit-code does not ever get stolen and they need to make sure the exploits they keep secret are both hard to find and hard to exploit. Unless and until they do that, they will indeed need to be considered an enemy o

  • Well, that kind of "blame" is a step up from the traditional Chinese statements about the US:

    “If the U.S. monopoly capitalist groups persist in pushing their policies of aggression and war, the day is bound to come when they will be hanged by the people of the whole world. The same fate awaits the accomplices of the United States.”

    “Under the white population of the United States of America only the reactionary classes oppress the black population. Under no circumstance can they represent

  • If only the NSA reported the vulnerabilities to Microsoft first.
  • they have a point. (Score:2, Insightful)

    by Anonymous Coward

    If the National Security agency had actually given a shit about security, it would help companies fix these problems before they are exploited in the wild, rather than hoard and weaponize them. They made a conscious decision to attack security rather than enhance it. As a result, critical infrastructure such as hospitals have suffered, and we haven't seen the end of it yet.

    It is a rogue agency, and needs to be brought to heel. When parts of the government start treating its own people as enemies, it's ti

    • You are aware that the vulnerability was patched in the March Cummulative update for Windows, right? Now MS didn't release patches for out-of-support versions of Windows (XP, Vista, etc) until recently but it had been patched already.
  • by spoot ( 104183 ) on Wednesday May 17, 2017 @10:54AM (#54434507) Homepage

    According to Engaget [engadget.com] and other sources. So yea, the US is to blame for all the pirated un-patched installs of XP in China. Russia has purportedly Russia 64 percent. Isn't it strange that the NSA would code such and exploit. Live by the sword, die by the sword.

    • by AmiMoJo ( 196126 )

      Gonna call bullshit on those numbers. For a start, they come from the Business Software Alliance, which profits from scaring companies about piracy and "fining" them for unlicensed software. Also, they don't give the number for the US for comparison.

      I live in the UK. Everyone I know uses at least one pirate app, often Windows.

      Anyway, if China pirates software so much, why would it stick with XP? Just pirate Windows 10 instead.

    • hmmm...let's see what mr Gates himself said...

      "Although about 3 million computers get sold every year in China, people don't pay for the software. Someday they will, though," Gates told an audience at the University of Washington. "And as long as they're going to steal it, we want them to steal ours. They'll get sort of addicted, and then we'll somehow figure out how to collect sometime in the next decade."
      http://articles.latimes.com/20... [latimes.com]

  • by UnknowingFool ( 672806 ) on Wednesday May 17, 2017 @11:15AM (#54434653)

    While it might have been the NSA that created the basis of the ransomware, there's really larger problems. Any hacker could have discovered the vulnerability and launched the same attack.

    The first problem is that the malware affected Russia and China in greater numbers for the simple reason that many Windows installations there are pirated so they are not likely to receive patches. MS for their part did patch the vulnerability in the March cumulative update if I remember correctly.

    The second problem is that MS didn't patch unsupported, older versions of Windows until WannaCry became widespread (Windows XP, Vista, etc). So there are still many older versions of Windows out there being used. This second problem does affect companies and machines that have stayed on older Windows for a number of reasons (hospitals, factories, etc.)

    The third problem is that trust in MS has slowly been eroded over the years with their behavior:

    • Auto-updating their users without permission
    • Rebooting machines without warning
    • Sneaking in non-critical features (like telemetry) as critical updates
    • Rolling up patches so that customers cannot refuse certain patches for practical reasons
    • Patch quality dropping with a few of them making machines unusable

    For many, they simply don't trust MS anymore. In years past, a bad patch every now and then could be forgiven. With no trust in MS, consumers are simply taking their chances.

    • With no trust in MS, consumers are simply taking their chances

      Right conclusion but wrong causality. Consumers have been taking their chances for many years before MS's patching practices became even remotely questionable. Back when security was just a thing those IT nerds talked about disabling windows update was common. Didn't want it slowing my internet connection down. Didn't want it doing something on my computer. This goes back into the early days to the point that in Service Packs MS introduced warnings to users who disabled windows update.

      It was an endless powe

      • Consumers have been taking their chances for many years before MS's patching practices became even remotely questionable.

        Consumers didn't run updates as often as MS would like but it was mostly due to laziness than anything else. Now they legitimately have reasons not to do so.

        Back when security was just a thing those IT nerds talked about disabling windows update was common.

        IT Admins did not roll out updates automatically for good reasons. For corporate networks, software compatibility and testing were priorities than merely installing whatever patch MS rolled out. As an IT admin if you roll out an update without testing it and systems go down, it affects the company. But MS respected the system back then. These days MS se

        • but it was mostly due to laziness than anything else.

          If you installed Windows XP SP1 and later and just click next a few times to make the popups go away the updates would be automatic. Same with every subsequent version. No people actually put effort into not updating.

          IT Admins did not roll out updates automatically for good reasons.

          You misread my sentence. Of course IT admins didn't do it for good reason. My post wasn't about IT admins.

          I don't know who you know but none of those reasons were ever brought up by people I knew not to update.

          Plenty. What reasons do you know? Lazyness? That's even worse.

          No, updates were inconvenient for most people.

          Exactly my point, read my last sentence again.

          • If you installed Windows XP SP1 and later and just click next a few times to make the popups go away the updates would be automatic. Same with every subsequent version. No people actually put effort into not updating.

            Did you forgot the hours it took to update to service packs and patches?

            Plenty. What reasons do you know? Lazyness? That's even worse.

            Again did you forget that a SP could take hours? SP3 took me at least 8 hours with one computer and 1 hour with another. But the thing is you never really knew how long it might take.

  • Even if the NSA told Microsoft about this bug a year or more ago, it wouldn't have helped China at all. They're running tens of thousands of stolen copies of Windows and on old versions like XP so any patch Microsoft released would have never been installed anyway.

    The blame here is on China and any other companies that kept using XP passed it's end of support date. They made that decision, they have to live with it. If they can't afford Windows, there are some perfectly usable Linux distributions out th

  • by wisebabo ( 638845 ) on Wednesday May 17, 2017 @11:20AM (#54434701) Journal

    ... when the Chinese take a LOT of blame (all the blame?) for North Korea.

    For over 50 YEARS, CHINA has been basically the SOLE supporter of a despotic regime that, in addition to crimes and atrocities only exceeded by the Holocaust, Stalin or "The Great Leap Foward", through forced labor, prison camps and also responsible for the DEATHS of MILLIONS of its citiizens (primarily through starvation), is now threatening the security of much of the world (even Putin made some nervous remarks). That the North Koreans don't give a flying F*** about convention or Geneva protocols or whatever is obvious from their past terrorist attacks (bombing of an airliner) to using the (most) deadly chemical weapon known to man (basically all other nations have destroyed their stocks) in a densely populated city in an uninvolved country just to kill one possible dissident (and they probably smuggled it in via diplomatic pouch, hence the police apprehending N. Korean embassy workers).

    That the Chinese were willing to put an entire nation of people IN HELL for five decades just so that they could possibly keep the Americans from being on their doorstep shows how little regard they have for HUMAN RIGHTS or even LIFE. (They probably could've gotten the Americans to have agreed to leave S. Korea if N. Korea was unified. From what I can tell, they never tried). But even if you were ignorant of the North Korean situation, you could probably have guessed their (lack of) morals from the way they treated Tibet and their own ethnic minorities.

    That is why I have so little regard for the Chinese (government) and long ago stopped making direct investments in China. As for their citizens, I'd like to believe that they are the classic example of why a people blindfolded by censorship can be lead to do the worst imaginable things. A person can easily be convinced to murder (and a country to genocide) if he is lied to.

    • by ghoul ( 157158 )

      The US put nukes into South Korea as well as invaded North Korea twice - once all the way to the Chinese border. If North Korea is hyper militarized its not because they want to but because they have to if they want to avoid becoming another East Germany. US would never have withdrawn from South Korea. Only way to get US to withdraw is to make the costs too heavy like in Vietnam.

      US was also willing to put an entire nation (Cuba) into misery using sanctions just so that an example of a successful communist c

  • There 'Murica, I fixed that for you. The "NIA" has turned bloated, slow, unaccountable, and has gone rogue. Only congress can reign them in but they have to expect very dirty fight-back from them, the CIA, and the Pentagon. Who's going to effectively take on the deep state?
  • Hey China, your truck was stolen and then driven into a crowd. You should share some of the terrorists blame. It might have been OK as they tried the vehicle gates and they were blocked, so they rammed a pedestrian gate. Where you, China, provided a target rich environment.
  • It seems to me that Microsoft has been negligent with security. They don't support any sort of granular permissions, nor any modes for running applications that would limit the damage they can do. (Why can DailyJoke.exe read/write all files except system files, read the screen buffer, and listen for keypresses?) If granular permissions are too hard, why has sandboxing not been implemented? Why is every installer a black box which must be run as admin?

    However, since we haven't legislated that they aren't all

Veni, Vidi, VISA: I came, I saw, I did a little shopping.

Working...