Tip Sheets

WannaCry attack reveals two troubling ethical lapses

Media Contact

Media Relations Office

The WannaCry ransomware attack continued to spread this weekend. Authorities in Europe say it’s impacting more than 10,000 organizations and 200,000 people in 150 countries. The malware behind WannaCry was reported to have been stolen from the National Security Agency in April.

Stephen Wicker

Professor of Electrical and Computer Engineering

Cornell University engineering professor Stephen Wicker has briefed the U.S. government on cyber security, information technology and privacy concerns and is the author of “Cellular Convergence and the Death of Privacy”. Wicker says the NSA and the CIA are engaging in very dangerous and unethical gamesmanship.

VIDEOStephen Wicker discusses cellular technology, NSA surveillance and the erosion of privacy.

Wicker says:

“The current WannaCry ransomware crisis results from two profound ethical lapses on the part of the government and the computing public at large.

“First, the government: this recent bout of ransomeware exploits vulnerabilities in Microsoft software that were known to the NSA and CIA, but were kept secret by those organizations to be exploited for their own data collection purposes. Such ‘zero-day exploits’ involve a conscious choice by our government to place data collection ahead of protecting U.S. corporations and the computing public. By putting agency instrumentalities ahead of the public good, the NSA and CIA are engaging in very dangerous and unethical gamesmanship.

“Unfortunately, the NSA lost control of the WannaCry vulnerability, only then informing Microsoft that it might have a problem. Microsoft issued a security patch, but it appears a large number of users did not install the patch. This ‘free-rider’ problem – some manufacturers and users choosing to enjoy the benefits of the Internet without taking the time and effort to maintain secure computing systems – is also unethical, and is a problem that will get much worse as the Internet of Things (IoT) continues to grow.

“Ongoing research at Cornell University has shown that recent attacks on the IoT could have been avoided through very basic security precautions. But such precautions require a desire to recognize and meet the ethical responsibilities of being a member of the Internet community, whether as an individual consumer or a government agency.”

Cornell University has television, ISDN and dedicated Skype/Google+ Hangout studios available for media interviews.