Baltimore has been struggling with a cyberattack by extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts, and other services. A key component of malware that cybercriminals used was developed at taxpayer expense a short drive away at the National Security Agency, reports the New York Times. Since 2017, when NSA lost control of the tool, EternalBlue, it has been used by state hackers in North Korea, Russia, and China, to cut a path of destruction around the world, causing billions of dollars in damage. Experts say cybercriminals are zeroing in on vulnerable U.S. towns and cities, paralyzing local governments.
NSA’s connection to the attacks has not been previously reported. The agency has refused to acknowledge the loss of its cyberweapon, dumped online in April 2017 by a group calling itself the Shadow Brokers. The agency and the FBI do not know whether the Shadow Brokers are foreign spies or disgruntled insiders. Thomas Rid, a cybersecurity expert at Johns Hopkins University, called the Shadow Brokers episode “the most destructive and costly NSA breach in history,” more damaging than the 2013 leak from ex-NSA contractor Edward Snowden. “The government has refused to take responsibility, or even to answer the most basic questions,” Rid said. Foreign intelligence agencies and rogue actors have used EternalBlue to spread malware that has paralyzed hospitals, airports, rail and shipping operators, ATMs and factories that produce critical vaccines. On May 7, computers of Baltimore city workers were frozen by hackers. Officials have refused to pay the $100,000 ransom. Hackers have found a sweet spot in Baltimore, Allentown, Pa., San Antonio and other local governments, where public employees oversee tangled networks that often use out-of-date software.