A powerful technology developed in secret escapes the government lab and is unleashed on an unsuspecting population. Sound familiar?

It's basically what's happening with the Petya cyber attack.

The ransomware has taken out servers and shut down computers at companies all over the world. It freezes your computer so that you can't open your files until a 'ransom' is paid in the virtual currency bitcoin. The source is still unknown, but numerous security experts have confirmed it uses an exploit, or security flaw, that's generally believed to have been developed by the US's electronic surveillance agency - the National Security Agency (NSA).

The exploit known as EternalBlue was stolen from the NSA and leaked by the Shadow Brokers hacker group in April this year. It was used as part of the WannaCry ransomware attack in May and now for a second time with the Petya attack.

Skip Twitter Tweet FireFox NVDA users - To access the following content, press 'M' to enter the iFrame. Symantec confirms global #Petya ransomware attack hitting computers today (hospitals, supermarkets, banks) uses NSA's #ETERNALBLUE exploit. pic.twitter.com/wDuHoRcFCr — Edward Snowden (@Snowden) June 27, 2017

The attack raises questions about the ethics of governments developing and hoarding security vulnerabilities that can undermine the security of the internet.

But even as the Petya virus was spreading - shutting down the power grid in Ukraine, a transport company in the Netherlands, a food and drinks company in the US - the intelligence sharing alliance known as Five Eyes was pushing to have access to more of these vulnerabilities.

Petya is 'backdoors gone rogue'

In Ottawa, Attorney-General George Brandis was meeting with his counterparts from the US, the UK, Canada and New Zealand. Top of the agenda: getting tech companies to give access to the encrypted messages being sent on their networks.

The tech companies have said that to give government access to the messages they would have to install a security flaw in their own software - a flaw that could be then stolen and misused, much like the EternalBlue exploit.

The Petya cyber attack is a "real life case study" of 'the bad guys' gaining access to a tool originally developed to catch them, according to Dr Suelette Dreyfus from the University of Melbourne's School of Computing and Information Systems.

"It is an example of backdoors gone rogue," she said.

"This whole scenario has been well hypothesised by the tech community for a number of years.

They said 'if you force us to break things, don't be surprised if it falls into the wrong hands and get used'.

And lo and behold that's what happened."

Dr Robert Merkel, a lecturer in software engineering at Monash University, said there was a "substantial possibility" these vulnerabilities would be misused by people other than the governments have been been put in for.

"Tools developed by a government which we have a very strong intelligence sharing relationship with has been turned against us and businesses and organisations across the world," he said.

"My view is the people making the decisions to keep this exploit secret are the ones that gain the kudos for intelligence gathering based on it, but they don't really suffer any of the downsides and the costs of having these exploits in widely used systems."

We don't want to resort to force: Attorney-General

The Attorney-General told RN Breakfast the Five Eyes governments had committed to engaging with internet service providers (ISPs) and device makers to provide "voluntary assistance to law enforcement".

He said he did not want to resort to "coercive powers" - essentially passing laws that would force tech companies to do their bidding.

"What we need to develop ... is a series of protocols as to the circumstances to which they will be able to provide voluntary assistance to law enforcement," he said.

"We want to engage with the private sector to achieve a set of voluntary solutions."

Asked if that meant tech companies installing a bug in their own software, the Attorney-General said he didn't want to "get ahead of the discussion".

Dr Dreyfus said the proposal was causing a lot of concern in the tech community.

"There is a great deal of concern that a small set of people in five governments will actually determine the future security of our online economy by forcing this," she said.

"If your banking system or the other transactions you have online are vulnerable, then public confidence in the online economy is also vulnerable."

"If people don't feel confident about buying things online, that's bad for whole economy."

"If you want to be the innovation economy, you need to be able to do things like innovate using secure encryption."