Alwaght- Hackers reportedly have obtained US National Security Agency’s most powerful cyber weapon and are using the malware against American cities.
In a Saturday report, the US-based New York Times daily explained how the NSA's Tailored Access Operations lost control of its so-called ‘EternalBlue’ malware tool to a cadre of hackers, referred to as the Shadow Brokers, which subsequently publicized the agency's software exploits on the internet and passed them on to hackers allegedly linked with Russia, China, and North Korea.
According to the American daily "For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services."
"A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case," NY Times added.
The report pointed out that the Shadow Brokers' disclosure came thanks to a 54-year-old former NSA contractor Harold Martin III, who pleaded guilty in March 2019 for, among other things, taking classified documents and electronic devices home with him for more than 20 years in what government authorities described as the biggest leak of classified data in US history.
The cyber weapon, it added, “has left a path of destruction around the world, leaving billions of dollars in damage".
"Cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs".
According to security experts, hackers used EternalBlue, which exploits a vulnerability in certain versions of Microsoft’s Windows XP and Vista systems, allowing an external party to execute remote commands on their target. The tool was leaked by The Shadow Brokers in April 2017. Microsoft had released a patch to fix the exploit. But patching a system doesn’t mean that those vulnerabilities are entirely closed: users must first apply the patch. Hackers using EternalBlue have since been responsible for several major cyberattacks, including Wannacry in May 2017, and the NotPetya attacks against Ukrainian banks and infrastructure in June 2017.
The Baltimore attack is the latest instance of the use of this malware, and a recent report from WeLiveSecurity highlights that its use is increasing, especially against US targets. They found that “there are currently almost a million machines in the wild using the obsolete SMB v1 protocol,” and that that’s the result of “poor security practices and lack of patching are likely reasons why malicious use of the EternalBlue exploit has been growing continuously since the beginning of 2017, when it was leaked online.”
The NSA has been collecting phone calls, texts and emails of the American people as well as those of other nationals.
In 2013, former NSA contractor and whistleblower Edward Snowden leaked classified intelligence documents showing massive collections of phone records of Americans and foreign nationals as well as political leaders around the world.