Snowden on ransomware attack: 'It's hard being right in the worst possible way'

Edward Snowden called the continuing "ransomware" scourge "a perfect storm of all the problems everyone has been warning about" at a privacy issues conference Monday.

The ransomware Wanna Cry, also known as WanaCrypt0r and WanaDecrypt, boosted its effectiveness by using leaked hacking tools apparently stolen from the National Security Agency, where Snowden was an intelligence contractor before he leaked documents outlining bulk surveillance programs.

Snowden has also spoken out against the more focused NSA hacking operations. Critics of the NSA's "Tailored Access Operations" note that, if the NSA reported security holes it uses to break into computers to manufacturers rather than using them in espionage, manufacturers could patch the holes and increase global cybersecurity for everyone.

ADVERTISEMENT

"It's hard being right in the worst possible ways," Snowden said at the K(NO)W Identity conference in Washington, D.C., via video conference. 

A similar point was made Sunday by Microsoft President and chief legal officer Brad Smith in a blog post calling for governments to report all security vulnerabilities they discover to manufacturers. 

"In February [we called] for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them," wrote Smith. 

Snowden quoted from a separate section of the blog post, on the severity of having NSA tools leaked: "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."

The tool used in Wanna Cry was taken from a cache of documents periodically leaked by a group known as the ShadowBrokers, who presented them as being stolen from the NSA. The claims appear to be accurate; a tracking code in one of the files matches a tracking code contained in a previously unreleased Snowden document. 

Microsoft patched the security flaw used in Wanna Cry in March. Snowden noted that the NSA appears to have been aware of the flaw for quite a while longer, meaning that it could have given Microsoft the ability to patch the bug months ago rather than weeks. 

Snowden, however, did not begrudge the government for not changing immediately to his and others suggestions not to hoard these kinds of security flaws. 

"There's a natural inclination to be like 'Aw. Why didn't they listen.' But at the same time there's a natural understanding that there is inertia that exists in all our institutions," he said. 

Ransomware is a type of cyberattack that encrypts a target's files, with the attacker providing the decryption key only after a ransom is paid, usually in bitcoins.