The software tool, known as EternalBlue, has helped cripple computers in Baltimore and elsewhere.
The news: According to the New York Times, EternalBlue has been used in a “ransomware” attack that has encrypted files in computer systems used by city officials in Baltimore. The hackers have demanded around $100,000 in Bitcoin to liberate thousands of machines, but the city is refusing to cough up the ransom. Residents can no longer pay things like utility bills and parking tickets online while the chaos continues.
A cyber own goal: EternalBlue, which helps spread malicious software swiftly across computers, was created by the US National Security Agency (NSA) to exploit a flaw it had discovered in Microsoft’s operating system. The agency reportedly kept its tool secret for five years, but in 2017 a mysterious group called the Shadow Brokers leaked the code. Microsoft promptly issued a software fix, but Baltimore’s experience suggests it hasn’t been applied rigorously enough yet.
Coming to America: Hackers initially used EternalBlue outside the US, notably as part of the notorious WannaCry ransomware attack that caused havoc in the UK’s National Health Service. Now it’s being turned on Baltimore and other targets, which the Times says include the city of San Antonio.
Poacher and gamekeeper: There’s an inherent tension between the NSA’s dual missions of protecting US networks and spying on foreign ones. It’s mainly focused on snooping, so the temptation is to exploit cybersecurity holes it finds. But if bad guys spot them too, US networks are put at risk. The agency hasn’t yet commented on EternalBlue, but some politicians are calling for a full briefing about its role in the debacle.
Sign up here to our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.
A chip design that changes everything: 10 Breakthrough Technologies 2023
Computer chip designs are expensive and hard to license. That’s all about to change thanks to the popular open standard known as RISC-V.
Modern data architectures fuel innovation
More diverse data estates require a new strategy—and the infrastructure to support it.
Chinese chips will keep powering your everyday life
The war over advanced semiconductor technology continues, but China will likely take a more important role in manufacturing legacy chips for common devices.
The computer scientist who hunts for costly bugs in crypto code
Programming errors on the blockchain can mean $100 million lost in the blink of an eye. Ronghui Gu and his company CertiK are trying to help.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.