Several cities in the US are subjected to ransomware attacks by a stolen NSA tool. Read on to know the consequences of the stolen NSA tool…
In Baltimore, computers have been frozen, email services shut down, and online services used for things like health alerts or paying water bills have all been taken offline. Several cities in the US are subjected to ransomware attacks by a stolen NSA tool. As a result, the consequences of NSA code leaks are hitting US homes. The recent ransomware attacks in Baltimore and other US cities appear to have a common link — they are all using the NSA tools on the agency’s home soil.
It is no secret that the NSA developed numerous tools to exploit software and hardware vulnerabilities, allowing the agency to snoop on digital activity in the name of national security. But in 2017 an NSA leak led to one of their proprietary tools, dubbed EternalBlue, to fall into the hands of criminals and foreign states. Since then, EternalBlue has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the NSA’s own backyard.
EternalBlue allegedly formed the basis of the infamous WannaCry and NotPetya attacks that took out virtual infrastructure across the world, including the computer systems of major companies and the UK’s National Health Service.
Security experts talking to the New York Times (NYT) revealed that the malware in the cyberattacks is using the NSA’s stolen EternalBlue as a “key component,” much like WannaCry and NotPetya. While the full list of affected cities is not available, San Antonio and the Pennsylvania city of Allentown have reportedly been victims of EternalBlue-based campaigns.
The 2017 leak originated from a group known only as the Shadow Brokers. According to The Times, the NSA and the FBI still do not know whether the group are made up of “foreign spies or disgruntled insiders.” The Times reports that, according to security experts briefed on Baltimore’s situation, there’s a direct link between the 2017 EternalBlue leak and the city’s current predicament.
For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.
It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.
But this is what the frustrated employees and residents in the affected US cities do not know. According to security experts briefed on the case, a key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency.
But perhaps more worryingly, Baltimore is not alone. Cities in Texas and Pennsylvania have also been affected. Regardless of whether or how quickly this situation is resolved, it will no doubt frustrate citizens to learn that the cyber-weapon that has caused so much damage was developed with their own tax dollars.