Hackers steal another cyber weapon from American spy agency
Hackers have adapted a second cyber weapon stolen from US spies and released it on the internet to be picked up by criminals, it was reported last night.
The new hacking tool also exploits weaknesses in older versions of Microsoft Windows software and was stolen from the US National Security Agency, like the stolen tool that formed the basis of last week's WannaCry attack.
The tool, called EsteemAudit, has been adapted and is now available for criminal use, analysts told the 'Financial Times'.
The leak raises the prospect of another wave of cyber attacks like the one that struck more than 150 countries and crippled parts of the NHS on Friday.
In response, cyber spies around the world are calling on the skills of bedroom computer prodigies such as the 22-year-old surfer credited with helping to stop Friday's attack. Government intelligence agencies want them to work alongside their own in-house experts.
Security sources said they were working with Marcus Hutchins, who uses the name Malware Tech, and others to try to stop the spread of the WannaCry ransomware attack.
Security sources said spy agencies such as GCHQ and the National Cyber Security Centre in Britain had long had a policy of reaching out to leaders in the cyber security field who may be working alone.
One source said: "We work with a lot of different people. Some of those are people that you wouldn't necessarily expect us, or large organisations, to work with. We need to reach out to these bright young things and get their expertise."
Conor McKenna, a computer security expert at the University of Birmingham, said that many of the most gifted people in the field preferred to work alone, or in the private sector, rather than for government.
He said most computer hackers were wrongly portrayed as criminals, when in fact many of them just wanted to test their skills against computer systems to expose flaws and weaknesses.
Mr Hutchins, from Devon, has been credited with stopping the WannaCry attack from spreading across the globe by accidentally triggering a "kill switch".
The self-taught expert is understood to have stopped the incident escalating from a small bedroom in his parents' house.
In a blog, he described how he stopped the spread of the virus by purchasing a web domain for pounds 8 and by redirecting it elsewhere.
He reportedly shouted "eureka" when he realised he had halted the spread of the criminal software.
Last night, his mother said she was ''very proud'' of her son and that he was in London "at a meeting".