Hackers continue to find new and creative ways to target personal and business information that is stored on computers and mobile devices.
The government shouldn’t be helping them.
Tools used by the National Security Agency, CIA and FBI to catch suspected spies and terrorists can be turned against law-abiding people here and abroad when leaked online to criminals.
Hackers are using a suspected NSA tool to hold hostage the data of more than 200,000 people in more than 150 countries. “WannaCry” hacking victims are being told to pay up or see all their computer files deleted.
This cyberterrorism raises reasonable questions about how many similar software flaws federal security agencies know about and use to access American and international technology — and how effectively the government protects them.
Similar leaks that spawn major hacks could threaten the connected global economy.
Microsoft’s president, Brad Smith, capably described the risk: “The governments of the world . . . need to take a different approach and adhere in cyber space to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these (software) vulnerabilities.”
Security agencies in the U.S. and elsewhere will continue to find code they can exploit in the software people use on computers and cell phones. That’s part of the job of learning what those who intend harm don’t want to share. But people need to be reassured that those agencies can protect the software flaws they identify.
Critics of the NSA, including many in the technology industry, argue that government agencies should notify software developers when risks to information security reach a certain level.
This makes sense. The good guys aren’t the only people hunting security flaws to exploit.