Pages

Monday, May 27, 2019

Cyberattacks use National Security Agency tech.

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc - The New York Times - Nicole Perlroth & Scott Shane:

May 25, 2019 - "For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services. But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.

"Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard. It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.

"The N.S.A. ... has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers.... Thomas Rid, a cybersecurity expert at Johns Hopkins University, called the Shadow Brokers episode 'the most destructive and costly N.S.A. breach in history,' more damaging than the better-known leak in 2013 from Edward Snowden, the former N.S.A. contractor....

"Before it leaked, EternalBlue was one of the most useful exploits in the N.S.A.’s cyberarsenal. According to three former N.S.A. operators who spoke on the condition of anonymity, analysts spent almost a year finding a flaw in Microsoft’s software and writing the code to target it. Initially, they referred to it as EternalBluescreen because it often crashed computers — a risk that could tip off their targets. But it went on to become a reliable tool used in countless intelligence-gathering and counterterrorism missions....

"North Korea was the first nation to co-opt the tool, for an attack in 2017 ... that paralyzed the British health care system, German railroads and some 200,000 organizations around the world. Next was Russia, which used the weapon in an attack ... aimed at Ukraine but spread across major companies doing business in the country.... In the past year, the same Russian hackers who targeted the 2016 American presidential election used EternalBlue to compromise hotel Wi-Fi networks. Iranian hackers have used it to spread ransomware and hack airlines in the Middle East....

"One month before the Shadow Brokers began dumping the agency’s tools online in 2017, the N.S.A. — aware of the breach — reached out to Microsoft and other tech companies to inform them of their software flaws. Microsoft released a patch, but hundreds of thousands of computers worldwide remain unprotected."

Read more: https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html
'via Blog this'

No comments:

Post a Comment