SoylentNews is people
SoylentNews
For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.
But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.
Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.
It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.
The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders.
Thomas Rid, a cybersecurity expert at Johns Hopkins University, called the Shadow Brokers episode “the most destructive and costly N.S.A. breach in history,” more damaging than the better-known leak in 2013 from Edward Snowden, the former N.S.A. contractor.
“The government has refused to take responsibility, or even to answer the most basic questions,” Mr. Rid said. “Congressional oversight appears to be failing. The American people deserve an answer.”
(Score: 1) by khallow on Tuesday May 28 2019, @04:36PM (4 children)
No, I mean a) intrusion tools that would enable illegal activities, and b) not telling vendors about security holes while exploiting those security holes for your own purposes until your tools got out into the wild.
What was the point of that? Let us keep in mind that the US government will merely foot the bill for the NSA's side of that lawsuit, the NSA will change some program names, and then it'll return to up stream surveillance business as usual.
(Score: 1, Insightful) by Anonymous Coward on Tuesday May 28 2019, @05:41PM (1 child)
Wow Khallow, that's denser than usual for you.
The NSA is *part* of the US government.
(Score: 1) by khallow on Wednesday May 29 2019, @11:30AM
Were you trying to go somewhere with that? The US government has over $3 trillion in tax revenue. The NSA directly handles only about two orders of magnitude less. Any costs of the above lawsuit are going to come from the above huge stream of revenue, not the NSA's share and certainly not the pockets of the people actually making these unlawful decisions.
(Score: 2) by DannyB on Tuesday May 28 2019, @07:02PM (1 child)
Ok, so you mean like the hole of Windows.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Tuesday May 28 2019, @08:20PM
Oh, Facebook on Windows. Got it.
:) NSA exploits: what goes around, comes around. :)