Eternally Blue: Baltimore City leaders blame NSA for ransomware attack

Eternally Blue: Baltimore City leaders blame NSA for ransomware attack

Enlarge / Baltimore: An IT disaster area? (credit: Cyndi Monaghan via Getty Images)

The mayor and city council president of Baltimore are pushing for the ransomware attack that brought Baltimore’s city government to a standstill to be designated a disaster, and officials are seeking federal aid to help pay for the cleanup from the RobbinHood malware’s damage. This call came after a New York Times report that the ransomware used the EternalBlue exploit developed by the National Security Agency to spread across the city’s network.

EternalBlue was part of a set of tools developed for the NSA’s Tailored Access Operations (TAO) group that were leaked by Shadow Brokers in 2017. The tool was then used two months later as part of WannaCry, the destructive cryptographic worm that affected thousands of computers worldwide. Shadow Brokers has been linked by some security experts to a Russian intelligence agency; WannaCry has been attributed

Read the rest Continue Reading
Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak

Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak

Enlarge / The National Security Agency headquarters in Fort Meade, Maryland. (credit: National Security Agency)

On of the most significant events in computer security came in April 2017, when a still-unidentified group calling itself the Shadow Brokers published a trove of the National Security Agency’s most coveted hacking tools. The leak and the subsequent repurposing of the exploits in the WannaCry and NotPetya worms that shut down computers worldwide made the theft arguably one of the NSA’s biggest operational mistakes ever.

On Monday, security firm Symantec reported that two of those advanced hacking tools were used against a host of targets starting in March 2016, fourteen months prior to the Shadow Brokers leak. An advanced persistent threat hacking group that Symantec has been tracking since 2010 somehow got access to a variant of the NSA-developed DoublePulsar backdoor and one of the Windows exploits the NSA used to remotely

Read the rest Continue Reading