A former head of Britain’s communications agency GCHQ has come out fighting following assertions by Microsoft that it was not wholly to blame for a widespread cyber attack which disrupted much of the NHS over the weekend.
Microsoft called the incident a ‘wake-up’ call for governments and customers to take security seriously, but in a letter to the Times Sir David Omand, GCHQ director from 1996 to 1997, pins the blame squarely on the technology firm for failing to maintain support for its ageing Windows XP platform.
Referencing Microsoft ditching support for Windows XP in 2014 – despite the software remaining in widespread public and private use – Omand asked: “Should Microsoft have stopped supporting Windows XP so soon, knowing that institutions had invested heavily in it (at the urging of the company at the time)?”
The NHS alone continues to run 70,000 devices using Windows XP, leaving an open goal for hackers to propagate their Wanna Decryptor ransomware across the hospital network.
Microsoft did create a fix for some of its more recent operating systems in March but did not extend this support to Windows XP until news of the attack first began to filter through, leading Omand to state: “… it would have been better if [the fix for XP] had been released a month earlier, when the company first became aware of the problem.”
Investigators are continuing efforts to identify the culprits behind the attack with Russian security firm Kaspersky Lab observing similarities between code used in the ransomware software with hackers linked to North Korea.
Microsoft has been accused of profiting from its discontinuation of XP, charging groups such as the US Navy $9.1m to continue support.