In 2017, the National Security Agency (NSA) lost control of some of the hacking tools it used “to spy on other countries,” The New York Times reported. The NSA, it appeared, had itself been hacked — or infiltrated:
Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both. Three employees have been arrested since 2015 for taking classified files, but there is fear that one or more leakers may still be in place. And there is broad agreement that the damage from the Shadow Brokers already far exceeds the harm to American intelligence done by Edward J. Snowden, the former N.S.A. contractor who fled with four laptops of classified material in 2013.
Some of the tools appeared to have been obtained by a group called the Shadow Brokers, who went on to taunt the agency while disclosing information about highly classified operations.
Fast forward to today, and one of the stolen tools, known as EternalBlue, is being used to commit cyberattacks against major U.S. cities.
The Times reported Saturday that Baltimore and other cities have been targeted by “state hackers in North Korea, Russia and, more recently, China.” In Baltimore, hackers had “frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.”
The computer screens of city workers would suddenly lock, the Times reported, and a message would appear demanding $100,000 in Bitcoin to unlock the screens. The message appeared in broken English, just like the messages from Shadow Brokers two years earlier.
“We’ve watching you for days,” the message said, according to The Baltimore Sun. “We won’t talk more, all we know is MONEY! Hurry up!”
Baltimore city officials have refused to pay and are trying to find ways to work around the errors.
The Times reported that Baltimore and other cities, some in Pennsylvania, Texas, and in between, were unaware that part of the malware being used against them was created by the NSA.
It has been two years since the Times first reported on the Shadow Brokers and says the FBI still doesn’t know whether they “are foreign spies or disgruntled insiders.”
EternalBlue, the Times reported, was so named because it originally crashed computers by exploiting a flaw in Microsoft’s software, causing an EternalBluescreen (the original name). The tool was used successfully without alerting the computer company to the issue and used it to gather intelligence.
The Times reported that North Korea has used the tool to attack “the British health care system, German railroads and some 200,000 organizations around the world.” Russia used the tool to attack Ukraine. Their attack spread to major companies, costing FedEx more than $400 million and pharmaceutical company Merck $670 million.
Russia also used the tool to go after hotel Wi-Fi networks. Iran used it to hack Middle Eastern airlines.
The story doesn’t appear to be receiving the attention it deserves.