Stolen NSA hacking tool now victimizing US cities, report says
The EternalBlue hacking exploit, already used in the infamous WannaCry and NotPetya attacks, has now surfaced in the NSA's own backyard, says The New York Times.
Edward MoyerSenior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
"It is not just in Baltimore," says the Times report. "Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs."
The news might prompt some surveillance critics and privacy advocates to say, "I told you so."
For years, law enforcement and intelligence agencies have argued that backdoors should be built into encryption systems to allow the agencies to access suspects' computers. And the
has often developed its own tools for cracking into machines and networks to gather data. But critics have long argued that any such backdoors would inevitably be discovered by hackers and that efforts by spy agencies could spin out of control.
Referring to EternalBlue, Vikram Thakur, Symantec's director of security response, told the Times that "it's incredible that a tool which was used by intelligence services is now publicly available and so widely used." And unnamed officials told the paper that more accountability was needed at the NSA, with one comparing the EternalBlue leak to failing to secure a warehouse of automatic weapons.
Agency advocates, though, say such tools are needed to fight crime and terrorism, and that they're the inevitable cost of being prepared for cyberwarfare and ensuring national security.
When asked by CNET about the Times report, the NSA declined to comment.
Watch this: Finding our personal data on the dark web was far too easy