Source of Baltimore City Hack Came From 'Just Down the Road'
Baltimore, Maryland, is a city under siege. Cyber siege.
On May 7, hackers froze the computers of Baltimore City workers, in effect crippling the city. Employees can't access email and the city is unable to accept payments for, among other things, water bills, property taxes, and parking tickets (understanding the severity of the situation, city officials are suspending late fees). Despite this, the city remains steadfast and refuses to pay the $100,000 Bitcoin ransom.
The exploit used in the attack - RobbinHood - is believed to be a 'linked' to EternalBlue, developed by the National Security Agency (who have never admitted designing EternalBlue).
EternalBlue made the news in 2016, when it was stolen by hacking group 'Buckeye', believed to be contracted to the Chinese Ministry of Security Services. It was released onto the internet a year later by Shadow Brokers, whose identity remains a mystery.
Since then, EternalBlue has been used by Russia, North Korea and China to disable and disrupt, among other things, airports, hospitals, rail and shipping companies and ATMs. It has also been used in hybrid form in assaults costing FedEx more than $400 million and pharmaceutical giant, Merck, $670 million.
EternalBlue has now come full circle, as Baltimore is 'just down the road' from the NSA headquarters in Fort Meade, Maryland (pictured above).
Despite never admitting their 'association' with EternalBlue, the spotlight is on the NSA. According to the New York Times, NSA analysts spent almost a year finding a flaw in Microsoft's software and writing the code to target it. Enter EternalBlue, a tool that exploits unpatched software and allows malware to spread at a far greater rate of knots.
One month before EternalBlue was made available to the world, the NSA, who knew of the breach, contacted Microsoft and other IT companies about possible repercussions involving their software. Microsoft released a patch, but computers numbering in the hundreds of thousands remain unprotected. As Baltimore has discovered.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.