A key component of the malware that cyber criminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency (NSA), according to security experts briefed on the case.
Since 2017, when the NSA lost control of the tool, Eternal Blue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyber weapon has boomeranged back and is now showing up in the NSA’s own backyard.
It is not just in Baltimore. Security experts say Eternal Blue attacks have reached a high, and cyber criminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralysing local governments and driving up costs.
The NSA connection to the attacks on US cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyber weapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the FBI still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders.
Thomas Rid, a cyber security expert at Johns Hopkins University, called the Shadow Brokers episode “the most destructive and costly NSA breach in history,” more damaging than the better-known leak in 2013 from Edward Snowden, the former NSA contractor. “The government has refused to take responsibility, or even to answer the most basic questions,” he said. The NSA and FBI declined to comment.
Since that leak, foreign intelligence agencies and rogue actors have used Eternal Blue to spread malware that has paralysed hospitals, airports, rail and shipping operators, ATMs and factories that produce critical vaccines. Now the tool is hitting the US where it is most vulnerable, in local governments with aging digital infrastructure and fewer resources to defend themselves.
News credit : Indiatimes