SoylentNews is people
SoylentNews
For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.
But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.
Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.
It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.
The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders.
Thomas Rid, a cybersecurity expert at Johns Hopkins University, called the Shadow Brokers episode “the most destructive and costly N.S.A. breach in history,” more damaging than the better-known leak in 2013 from Edward Snowden, the former N.S.A. contractor.
“The government has refused to take responsibility, or even to answer the most basic questions,” Mr. Rid said. “Congressional oversight appears to be failing. The American people deserve an answer.”
(Score: 2, Interesting) by Anonymous Coward on Tuesday May 28 2019, @03:43PM (4 children)
NSA dropped this tool to public because the tool's existence was known to adversaries, so the NSA could not use it in false flag operations. After the so called lost control, its value for NSA was significantly restored. Shadow Brokers is a regular operation of NSA, not some foreigners nor disgruntled insiders. And when I say NSA, I mean all of the Five Eyes.
(Score: 2) by Rupert Pupnick on Tuesday May 28 2019, @03:58PM (3 children)
From the NYT story:
In an interview in March, Adm. Michael S. Rogers, who was director of the N.S.A. during the Shadow Brokers leak, suggested in unusually candid remarks that the agency should not be blamed for the long trail of damage.
“If Toyota makes pickup trucks and someone takes a pickup truck, welds an explosive device onto the front, crashes it through a perimeter and into a crowd of people, is that Toyota’s responsibility?” he asked. “The N.S.A. wrote an exploit that was never designed to do what was done.”
***
This guy would have us believe that the NSA corresponds to Toyota in his analogy, rather than the maker of the explosive device.
I guess the interests of National Security [tm] can be served by spouting incredible bullshit for the masses. Hello, Congress? Anyone?
(Score: 2) by krishnoid on Tuesday May 28 2019, @05:29PM
They can *try* to serve their interests this way. Yes, Toyota should not be blamed in this case -- a car is like a computer, right? So the people that make the software that "exploit" the computer should be blamed.
He should have at least run his statement through the PR equivalent of Grammarly first, if it existed. You know, the kind of software service that a propaganda warfare arm of NSA would write.
(Score: 3, Insightful) by etherscythe on Tuesday May 28 2019, @05:46PM (1 child)
He's right, in a misleading way. They did build a vehicle, but in real-world terms it would be more analogous to a cruise missile guidance system. They're not responsible for the payload someone attached, but it was clearly designed to go somewhere that was not in the usage model for the destination.
Thanks for sticking up for American manufacturers, Admiral, but don't tell me that tiger shark you're breeding is just a nutrient collector. We all know it comes with teeth.
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 2) by Rupert Pupnick on Tuesday May 28 2019, @06:35PM
OK, I get that there are parallels to Toyota in terms of abstract function, but it's still absurd to present a scenario in which EternalBlue is analogous to a widely available consumer product. Are these guys going succeed in dodging responsibility for what has happened? Is there a plan to fix this? Doubtful-- why would anyone expect a problem like this to be fixed that no one in government will take responsibility for? Really tired of the National Security Get Out of Jail Free Card being played yet again-- in this case it's just to cover people's asses at NSA.