Posted on May 27, 2019 at 5:53 AM
The US city of Baltimore has been under attack for nearly three weeks by cyber extortionists. Thousands of computers have been frozen. Email, as well as online real estate, utility, social, and health services have been disrupted.
On May 7th, the screens of Baltimore city workers froze. A message appeared, demanding $100,000 in bitcoin in order to release their files. The Baltimore Sun released the message, as follows:
“We’ve watching you for days. We won’t talk more, all we know is MONEY! Hurry up!”
City employees and residents have been unware of a major factor in this attack until now. According to security experts, the primary malware that cybercriminals have been using in the attack was developed at the US National Security Agency (NSA).
Two years ago, hackers in Russia, North Korea, and China gained control over the NSA’s very own tool, EternalBlue. Billions of dollars in damages have occurred worldwide because of this serious mistake. Now EternalBlue has shown back up on the NSA’s doorstep.
Recent cyberattacks in the US are not limited to Baltimore. Security experts indicate that EternalBlue attacks have climaxed and span from the east coast to Texas. Local governments are unable to function and costs are increasing rapidly due to the attacks.
Cybercriminals are using EternalBlue to attack vulnerable local governments the United States due to their limited resources and dated infrastructure.
Silence from the NSA
The NSA’s connection to the recent cyberattacks on US soil had not yet been reported, partly because the agency refused to acknowledge the loss of EternalBlue to a group that identifies themselves as the Shadow Brokers. The FBI still has very little information regarding these cybercriminals.
Cybersecurity expert at Johns Hopkins University, Thomas Rid implied that the loss of EternalBlue to the Shadow Brokers has been the most destructive and costly NSA breach in history. Cybercriminals have used EternalBlue to spread malware disabling air travel, medical facilities, ATM services, and transport companies. Previously the biggest mistake was when former NSA contractor, Edward Snowden, leaked priceless information in 2013.
Reports indicate that Rid expressed his frustration with Congress, stating that their oversight appears to be failing and the American people deserve answers. The NSA and FBI have declined to comment.
Initially referred to as EternalBluescreen because of the tendency to crash computers, EternalBlue was once a powerful weapon for counterterrorism and gathering intelligence for the NSA. Anonymous reports from former NSA operators suggest that analysts spent nearly a year working to find flaws in Microsoft’s software and write code to target it, but never really considered warning Microsoft about it. However, the leak of EternalBlue to cybercriminals forced the NSA to admit it had known about the vulnerabilities.
Anonymous comments by FBI and Homeland Security officials suggest that the NSA needs to be held accountable. However, former NSA director, Michael Rogers, does not believe that the NSA should be blamed for the continuing damage caused by the leak of EternalBlue, because the tool was not used for its designated purpose.
Companies such as Microsoft, Google, and Facebook joined 50 countries in signing a pledge by governments to report vulnerabilities to vendors. The Paris Call for Trust and Security in Cyberactors occurred in 2018 and includes Iran, Israel, China, North Korea, Russia, and the United States.
Baltimore remains under the control of cybercriminals due to
a refusal by city officials to give into demands. However, some services have
been restored as officials find alternative means. Experts suggest that
EternalBlue enabled hackers to spread malware faster and farther than they were
previously capable, causing far more damage than without it. They don’t expect
to see the end of its destruction any time in the near future.