UNITED24 - Make a charitable donation in support of Ukraine!

Homeland Security

US City of Baltimore Under Attack by NSA Cyber Weapon – Report

Sputnik News

03:26 26.05.2019

The cyber weapon was developed by the US tech spying agency to break into foreign computers, but now the US itself is under attack by the malware, and tech experts say it's the handiwork of the NSA.

Guess which list unites North Korea, Iran, China, Russia, Israel and the United States? These are all the nations that have not signed the Paris Call for Trust and Security in Cyberspace – Emmanuel's Macron's effort to stop cyber-attacks in peacetime.

The US's National Security Agency (NSA), often portrayed in the media as the most technologically advanced intelligence agency in the world, and routinely resorts to hacking and cyber-attacks in order to steal the information they need. To do so, tech geniuses on government payrolls write "tools" – malware programs designed specifically to strike at vulnerabilities found in operational systems, including the US-made Windows OS family.

And then these programs get leaked.

In 2017, an unidentified group of hackers named Shadow Brokers published EternalBlue – NSA-made very powerful program capable of taking control of computers run on the Windows operational system. Anonymous NSA operators, cited by The New York Times, say it took the agency a year to find a flaw in Microsoft security to build the malware upon. Needless to say, once the flaw was discovered, NSA did not go out of its way to inform the software giant about it. In fact, it was only after the malware was published online that they contacted Microsoft and told them about the vulnerability.

Now the NSA-written malware is rampaging Baltimore, Maryland. The exact geography of the affected computers is undisclosed as Microsoft is trying to keep the lid on the outbreak, but it is likely that other cities were affected as well, the Times report says.

The malware is capable of paralyzing hospitals, airports, rail and shipping operators, ATMs and factories. Local US governments that use aged software and hardware are particularly vulnerable to EternalBlue attacks, according to the Times.

On 7 May, Baltimore city workers were hit with a classic ransomware attack. The malicious software locked the workers out of their computers and displayed a message written in remarkably poor English.

"We're watching you for days and we've worked on your systems to gain full access to your company and bypass all of your protections," the note on the screen warned against calling the FBI and demanded $100,000 in Bitcoin as ransom.

"We won't talk more, all we know is MONEY!" the note said. "Hurry up! Tik Tak, Tik Tak, Tik Tak!"

According to The Baltimore Sun report, poor spelling does not necessarily indicate a foreign attacker: domestic hackers use it to deceive both victims and investigators.

Earlier in February, Allentown, Pennsylvania was also hit with an EternalBlue-based attack. It cost the city $1 million to remedy and $400,000 for new defences, according to the Times. In September, the malware hit San Antonio, Texas, locking the local sheriff's office.

The Times reported that EternalBlue has become the favourite tool of the trade for government hackers. The 2016 WannaCry attack, attributed to North Korea and 2017 NotPetya attack, blamed on Russia, is said to be all based on EternalBlue. Iran has been accused of hacking airline networks in the Middle East, and China is said to have targeted Middle Eastern governments using the same tool.

The NSA tries to deflect flak for the Shadow Brokers leak and release of EternalBlue in the world, making an analogy with a Toyota truck – initially designed for peaceful use but converted by Middle Eastern militants into a weapon of war. Microsoft officials reject that analogy, saying EternalBlue was designed as a weapon from the start.

"These exploits are developed and kept secret by governments for the express purpose of using them as weapons or espionage tools. They're inherently dangerous," says Tom Burt, Microsoft's Vice President of Customer Security and Trust. "When someone takes that, they're not 'strapping a bomb' to it. It's already a bomb."


Join the GlobalSecurity.org mailing list