The software tool, known as EternalBlue, has helped cripple computers in Baltimore and elsewhere.
The news: According to the New York Times, EternalBlue has been used in a “ransomware” attack that has encrypted files in computer systems used by city officials in Baltimore. The hackers have demanded around $100,000 in Bitcoin to liberate thousands of machines, but the city is refusing to cough up the ransom. Residents can no longer pay things like utility bills and parking tickets online while the chaos continues.
A cyber own goal: EternalBlue, which helps spread malicious software swiftly across computers, was created by the US National Security Agency (NSA) to exploit a flaw it had discovered in Microsoft’s operating system. The agency reportedly kept its tool secret for five years, but in 2017 a mysterious group called the Shadow Brokers leaked the code. Microsoft promptly issued a software fix, but Baltimore’s experience suggests it hasn’t been applied rigorously enough yet.
Coming to America: Hackers initially used EternalBlue outside the US, notably as part of the notorious WannaCry ransomware attack that caused havoc in the UK’s National Health Service. Now it’s being turned on Baltimore and other targets, which the Times says include the city of San Antonio.
Poacher and gamekeeper: There’s an inherent tension between the NSA’s dual missions of protecting US networks and spying on foreign ones. It’s mainly focused on snooping, so the temptation is to exploit cybersecurity holes it finds. But if bad guys spot them too, US networks are put at risk. The agency hasn’t yet commented on EternalBlue, but some politicians are calling for a full briefing about its role in the debacle.
Sign up here to our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.