News

Source of Baltimore City Hack Came From 'Just Down the Road'

Giulio Saggin
Giulio Saggin
Tuesday 28 November 2023

Baltimore, Maryland, is a city under siege. Cyber siege.

On May 7, hackers froze the computers of Baltimore City workers, in effect crippling the city. Employees can't access email and the city is unable to accept payments for, among other things, water bills, property taxes, and parking tickets (understanding the severity of the situation, city officials are suspending late fees). Despite this, the city remains steadfast and refuses to pay the $100,000 Bitcoin ransom.

The exploit used in the attack - RobbinHood - is believed to be a 'linked' to EternalBlue, developed by the National Security Agency (who have never admitted designing EternalBlue).

EternalBlue made the news in 2016, when it was stolen by hacking group 'Buckeye', believed to be contracted to the Chinese Ministry of Security Services. It was released onto the internet a year later by Shadow Brokers, whose identity remains a mystery.

Since then, EternalBlue has been used by Russia, North Korea and China to disable and disrupt, among other things, airports, hospitals, rail and shipping companies and ATMs. It has also been used in hybrid form in assaults costing FedEx more than $400 million and pharmaceutical giant, Merck, $670 million.

EternalBlue has now come full circle, as Baltimore is 'just down the road' from the NSA headquarters in Fort Meade, Maryland (pictured above).

Despite never admitting their 'association' with EternalBlue, the spotlight is on the NSA. According to the New York Times, NSA analysts spent almost a year finding a flaw in Microsoft's software and writing the code to target it. Enter EternalBlue, a tool that exploits unpatched software and allows malware to spread at a far greater rate of knots.

One month before EternalBlue was made available to the world, the NSA, who knew of the breach, contacted Microsoft and other IT companies about possible repercussions involving their software. Microsoft released a patch, but computers numbering in the hundreds of thousands remain unprotected. As Baltimore has discovered.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203