Home → Magazine Archive → January 2021 (Vol. 64, No. 1) → The Ethics of Zero-Day Exploits: The NSA Meets the... → Abstract

The Ethics of Zero-Day Exploits: The NSA Meets the Trolley Car

By Stephen B. Wicker

Communications of the ACM, Vol. 64 No. 1, Pages 97-103

[article image]

The May 2017 WannaCry ransomware attack caused a great deal of damage across Europe and Asia, wreaking particular havoc with Britain's National Health Service.a The attack exploited a Microsoft Windows vulnerability that had been discovered and exploited by the U.S. National Security Agency.5 The NSA informed Microsoft of the vulnerability, but only after the NSA had lost control of the assets it had developed to take advantage of the vulnerability. Shortly after the attack Microsoft President and Chief Legal Officer Brad Smith characterized the NSA and CIA's stockpiling of vulnerabilities as a growing problem:

Back to Top

Key Insights


Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.b


No entries found