Blowback from NSA Hacking Weapon Cripples Baltimore Computers
About 10,000 Baltimore city government computers have remained frozen as a result of a May 7 ransomware attack that disabled e-mail and disrupted technology dependent city services, such as real estate sales, water bills and health alerts. Mayor Bernard C. “Jack” Young has warned it could take months to recover some systems.[i] Much attention has focused on whether the city should pay the ransom demanded by anonymous hackers to unlock Baltimore’s computers.
A key component of the malware that cybercriminals used turns out to have been developed elsewhere in Maryland, at the National Security Agency. The New York Times reported this past Saturday that a hacking vulnerability known as EternalBlue was exploited to blackmail Baltimore. The NSA discovered the flaw, but the paper claims that its cyber-spies kept the discovery secret for years. ii The NSA apparently “lost control” to foreign hackers of its cyber weapon it had been using to penetrate targeted computers.
Baltimore is hardly the first victim. The same leaked NSA hacker tools were deployed in other ransomware outbreaks and are alleged to have been used to breach the Democratic National Committee computers in 2016. In May 2017 the world-wide WannaCry ransomware attack used NSA’s EternalBlue to penetrate older Microsoft Windows systems.
Considerable finger pointing by the US intelligence community has been directed about these and other cyber attacks by state-sponsored hackers, especially those in Russia. However, the NSA has remained radio silent, declining to comment for the New York Times story on its role in the Baltimore breach.
Our Intelligence Community even has a term to describe what happened, blowback. This describes the unintended consequences, unwanted side-effects, or suffered repercussions when a covert operation intended to be directed toward another country ends up falling back on those responsible and impacting the home country.
U.S. tech companies have been complicit with the NSA. Among the Snowden revelations were that the NSA’s Special Source Operations office coordinates links between the agency and tech firms. Google, Facebook, Yahoo and other firms were paid millions of dollars to cover the costs associated with PRISM “compliance.” iii
PRISM is a code name for a NSA program that collects Internet communications from various US Internet companies. Congress authorized this in Section 702 of the Foreign Intelligence Surveillance (FISA) Amendments Act in 2008. iv Section 702 permits the collection of foreign intelligence from non-Americans located outside the United States. As the law is written, the intelligence community cannot use Section 702 programs to target Americans, who are protected by the Fourth Amendment’s prohibition on unreasonable searches and seizures. However, by letting the Intelligence Community target foreign communications, those of American citizens can be swept in as well.
The NSA’s PRISM program has relied on hacking “tools,” such as EternalBlue, to give the agency the means to covertly access targeted communications.
The genie intended to capture foreign communications instead escaped from the NSA’s bottle, crippling public services in Baltimore, just 15 miles up the road from its Ft. Meade headquarters.
________________________________[i] https://www.wsj.com/articles/two-weeks-after-cyberattack-baltimore-is-still-hobbled-11558431002 [i] https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html
[ii] https://www.theguardian.com/world/2013/aug/23/nsa-prism-costs-tech-companies-paid [iv] https://www.govtrack.us/congress/bills/110/hr6304/text