In Baltimore and Beyond, a Stolen NSA Tool Wreaks Havoc
The ransomware attack on the City of Baltimore that has rendered the city’s email system and various other systems unavailable since May 7 involved the use of EternalBlue, a hacking tool developed by the National Security Agency (NSA) that was leaked about two years ago by the Shadow Brokers, a mysterious hacking group.
EternalBlue takes advantage of a critical flaw in Microsoft operating systems that allows attackers to infiltrate vulnerable machines. According to former NSA employees, the agency refused to inform Microsoft of the vulnerability for five years, because it considered EternalBlue to be such a valuable tool. However, the Shadow Brokers leak exposed the issue, prompting Microsoft to roll out a patch. Unfortunately, hundreds of thousands of unpatched machines across the globe remain vulnerable to EternalBlue.
The NSA claims it is not responsible for attacks like the City of Baltimore infection because EternalBlue was not developed for this purpose. However, analysts like Tom Burt of Microsoft believe that EternalBlue and similar exploits “are developed and kept secret by governments for the express purpose of using them as weapons or espionage tools,” which makes these tools “inherently dangerous.”