Stolen NSA hacking tool now victimizing US cities, report says

The EternalBlue hacking exploit, already used in the infamous WannaCry and NotPetya attacks, has now surfaced in the NSA's own backyard, says The New York Times.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
Expertise Wordsmithery. Credentials
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Edward Moyer
2 min read
The NSA's logo on a computer screen inside the Threat Operations Center at the agency's headquarters in Fort Meade, Maryland, in the Baltimore metro area.

A computer screen inside the Threat Operations Center at NSA headquarters in Fort Meade, Maryland, in the Baltimore metro area.

Brooks Kraft/Getty Images

A hacking tool developed by the US National Security Agency is now being used to shut down American cities and towns, says a Saturday report in The New York Times.

Code-named EternalBlue, the hacking exploit involves malicious software and was leaked in 2017 by a group called Shadow Brokers. Hackers used the tool that same year in the worldwide WannaCry ransomware attacks, which locked up computer systems at hospitals, banks and phone companies and required a ransom to set the networks free. It was also used in the 2017 NotPetya assault against Ukraine, which has been called one of the most destructive cyberattacks ever.

Now, though, EternalBlue has reportedly landed in the NSA's own backyard: Baltimore, site of the agency's headquarters. The city has been hobbled since a ransomware attack on May 7 ensnared the local government's computers, disrupting city services. Baltimore's IT department is only slowly getting systems up and running again.

"It is not just in Baltimore," says the Times report. "Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs."

The news might prompt some surveillance critics and privacy advocates to say, "I told you so."

For years, law enforcement and intelligence agencies have argued that backdoors should be built into encryption systems to allow the agencies to access suspects' computers. And the NSA has often developed its own tools for cracking into machines and networks to gather data. But critics have long argued that any such backdoors would inevitably be discovered by hackers and that efforts by spy agencies could spin out of control.

Referring to EternalBlue, Vikram Thakur, Symantec's director of security response, told the Times that "it's incredible that a tool which was used by intelligence services is now publicly available and so widely used." And unnamed officials told the paper that more accountability was needed at the NSA, with one comparing the EternalBlue leak to failing to secure a warehouse of automatic weapons.

Agency advocates, though, say such tools are needed to fight crime and terrorism, and that they're the inevitable cost of being prepared for cyberwarfare and ensuring national security.

When asked by CNET about the Times report, the NSA declined to comment.

Watch this: Finding our personal data on the dark web was far too easy