Republish
Reprint

The wide-scale ransomware attack responsible for sidelining computer systems the world over this weekend could have been curbed if the U.S. government acted years ago, according to Edward Snowden.

Mr. Snowden, a former CIA employee and National Security Agency contractor, blamed the latter Monday for allowing the Wannacry virus to worm its way through Microsoft Windows computers in 150 countries and counting, crippling victims ranging from Britain's publicly funded healthcare system to corporations including Fedex and Nissan.

Addressing attendees at a big data conference in D.C., Mr. Snowden said the cyberattack would not have been as damaging had the NSA warned Microsoft earlier about a critical vulnerability harnessed by Wannacry's author.

"They knew about this flaw in U.S. software, U.S. infrastructure, hospitals around the world, these auto plants and so on and so forth, but they did not report it to Microsoft until after the NSA learned that that flaw had been stolen by some outside group," Mr. Snowden told attendees at the conference Monday, Newsweek reported.

Although authorities have failed so far to announce any suspects thought responsible for spreading Wannacry, Microsoft has determined its author incorporated a exploit previously hoarded by the NSA and leaked online last month by a hacker group known as the Shadow Brokers.

And while Microsoft issued a security update in March addressing the vulnerability, Wannacry may have claimed significantly fewer victims had the NSA alerted Microsoft earlier, Mr. Snowden said.

"Had the NSA not waited until our enemies already had this exploit to tell Microsoft, [so that] Microsoft could begin the patch cycle, we would have had years to prepare hospital networks for this attack rather than a month or two, which is what we actually ended up with," he said Monday via video link from Moscow.

Microsoft's president and chief legal officer, Brad Smith, voiced similar sentiments in a blog post Sunday, writing: "This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem."

"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," Mr. Smith wrote. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."

Mr. Snowden, meanwhile, has been accused of causing significant damage in his own right by leaking classified documents. He disclosed a cache of sensitive NSA files to journalists in 2013 and has was subsequently charged by the U.S. Justice Department, but has evaded trial by residing in Moscow on a Russian asylum visa ever since.