Global Cyberattack Spreads, U.S. Avoids Worst Of It

May 15, 2017
Originally published on May 15, 2017 5:29 am
Copyright 2017 NPR. To see more, visit


Fears that a global cyberattack would spread into this week or being confirmed this morning. Universities, hospitals, railways and other institutions in China have become targets as people begin the week and turn on their computers there. Hundreds of thousands of computers in over 150 countries are now believed to be infected with this so-called ransomware, a virus that locks files and disables computers unless a ransom is paid.

While the U.S. has avoided the worst of the attacks so far, President Trump ordered his Homeland Security adviser to lead a coordinated government response to this crisis. Our next guest was Homeland Security secretary under President George W. Bush. It is Michael Chertoff. Mr. Secretary, good morning.

MICHAEL CHERTOFF: David, good morning.

GREENE: So Europe, China, really serious targets here. Is the United States somehow being spared? Are we less vulnerable?

CHERTOFF: Well, I think it's a couple things. We may be somewhat less vulnerable than other countries partly because we may have more up to date systems that we patch and we upgrade. But frankly, a little bit of it's luck.

Apparently, a researcher was able to find a website that was dormant that when he activated wound up basically shutting off at least some aspects of this ransomware. So that was kind of a lucky break for us, but it may not work for everybody around the world.

GREENE: You say maybe we have patches, upgrades. I know Microsoft had this patch back in March. And the expectation was if you actually updated your systems, you might not be vulnerable here. Are you saying that more people in the United States are upgrading their Microsoft systems than, say, in other countries?

CHERTOFF: I think that's correct. There's no question the key here was there was a patch available, but you had to upgrade your system. And you also had a system that - had to have a system that was sufficiently current that it was being serviced by the upgrade.

And I think it may be that more Americans have been doing that than in other parts of the world, partly because in some parts of the world people have pirated software, and that's not supported by upgrades. And therefore, they become basically hazards to everybody.

GREENE: Help me understand this tidbit that we've been hearing repeatedly over the last few days, Mr. Secretary. It's believed that this malicious software came from the U.S. government, maybe stolen from the National Security Agency.

I assume that the NSA is not creating ransomware and trying to get money out of people. What exactly are people saying the NSA would have created to allow this to happen?

CHERTOFF: I think what they're suggesting is there are two aspects. One is there was a vulnerability that was discovered in the Microsoft software that created an open door or at least an ability to develop some kind of malware that could penetrate a system. And then according to the reports, NSA created the malware not in order to do ransomware but in order to penetrate specific targeted systems for intelligence purposes like, for example, catching terrorists communicating over the Internet.

The problem is once it was stolen, the vulnerability was revealed across the entire world. And the tool became available across the entire world. And that's what created the problem that we have.

GREENE: So if - just work this through with me if you can. If the NSA found this vulnerability in Microsoft systems, you have the U.S. government, you have a U.S. company, couldn't they be working together right now to fix this problem and stop this from spreading?

CHERTOFF: I believe they are working. I think the problem has been, as I said, that when people don't upgrade their system or they have a system that's not supported because either it's out of date or perhaps they even acquired it illicitly, those are not so easy to patch and upgrade. And I think everybody is working feverishly now to get the patch out as far as possible, but those networks that are already infected have an existing problem.

GREENE: If you have the U.S. government or someone within the U.S. government who might have been a cause of this initial breach and letting this vulnerability out there, and you have countries like China being targeted, is there potentially a diplomatic crisis here?

CHERTOFF: Well, there is, you know, potentially a diplomatic crisis. There's also a crisis in terms of confidence people have in American products and American services. But I think it reveals a larger issue about playing around with malware, which is it's a little bit like the story used to be with biological weapon experimentation.

You want to make sure that whatever you're doing doesn't get out of the lab. And I think one of the issues here is how do you protect the things you're working on so that what you intend to be a specific tool doesn't become a general problem for the whole world?

GREENE: Michael Chertoff is a former secretary of Homeland Security. He served in that role under President George W. Bush. Mr. Secretary, thanks as always.

CHERTOFF: Good to be on. Transcript provided by NPR, Copyright NPR.