On May 7, hackers took control of Baltimore’s digital infrastructure and demanded over $100,000 to release it. Now, the New York Times reports the tool used in the cyber-attack was developed by the National Security Agency (NSA). Though the agency has not officially recognized the connection, the Times contacted cybersecurity experts who confirmed the Baltimore hackers used the EternalBlue exploit.
The Origins of EternalBlue
At some point in the last decade, the NSA discovered a vulnerability in Microsoft’s application-layer software. Instead of informing the tech giant of the issue, the agency developed an algorithm to exploit it. The Defense Department subsidiary used EternalBlue to collect intelligence on targeted systems for years. However, in 2017, a group of hackers called the Shadow Brokers stole the tool and published its code online.
In the aftermath of the theft, the NSA finally notified Microsoft of the vulnerability and the corporation sent out a patch. However, the update has not been universally applied, and millions of networks are still vulnerable to attack.
Since its release, both state-sponsored and independent rogue operators have used EternalBlue to facilitate debilitating ransomware attacks. Notably, hackers used the exploit in the WannaCry, Petya, and NotPetya attacks that inflicted an estimated $14 billion in private and public losses in 2017 and 2018.
Last July, the Department of Homeland Security warned municipalities across the country about an increase in malware attacks. Unfortunately, the agency’s warning did not prompt all local administrators to update their systems with the latest software patches. Allentown, Pennsylvania, San Antonio, and Baltimore have all been hit with ransomware attacks using EternalBlue.
All three affected cities refused to give in to the hackers’ demands but paid a significant cost for doing so. In Allentown, the city had to pay $1 million to get its systems back online. The local government now spends $420,000 a year protecting its digital infrastructure. Last year, hackers inflected Atlanta’s digital networks with the SamSam malware, and the city ended up paying $17 million to recover from the attack.
Even though the Baltimore hack has gained international attention, hackers are unlikely to stop targeting municipal networks.
No Solution in Sight
While EternalBlue has been incredibly destructive, the public and private sector have no new solutions for the problem. Despite developing the program, the NSA has offered no guidance regarding the tool since it was stolen in 2017. And though Microsoft patched the vulnerability that allows the program to work, it can’t force all users of its products to install the update.
Furthermore, civilian efforts to suspend the use of destructive cyber weapons have been ineffective. In 2018, Facebook, Google, and Microsoft joined 50 countries in signing the Paris Call for Trust and Security in Cyberspace. The accord called for the suspension of the state-sanctioned digital attacks during peacetime. However, China, Iran, North Korea, Russia, and the United States declined to sign on to the agreement.
As a result, individuals and organizations should protect themselves against destructive malware by practicing good cyber hygiene.