Subscribe to Here’s the Deal, our politics newsletter for analysis you won’t find anywhere else.
Thank you. Please check your inbox to confirm.
Over the last few weeks, the city of Baltimore essentially went offline after a cyberattack was followed by a ransom demand which the city refused to pay. According to the New York Times, ‘EternalBlue’, the software that wreaked havoc in Baltimore and other cities, was actually created by the National Security Agency. New York Times reporter Scott Shane joins Hari Sreenivasan for more.
Over the past few weeks the city of Baltimore has essentially shut down online after a massive cyberattack followed by a ransom demand, which the city refuses to pay. But according to The New York Times, the malicious software known as EternalBlue used to attack Baltimore and many other cities and businesses around the world was created not by criminals but by the United States National Security Agency.
Reporter Scott Shane co-wrote The New York Times story. He joins us now via Skype from Baltimore. Thanks for being with us.
Tell us, what is this piece of software do?
Well it is only one component of the software used to attack Baltimore. And Baltimore is only one of multiple American cities and other places that have been attacked using EternalBlue. But EternalBlue allows the malware, this bad software, to move laterally as they say through a network from one computer to another very quickly. And you know, the experts we talked to said that. EternalBlue, the use of EternalBlue in this case, NSA's software, made the attack worse than it would have been otherwise.
How do we know that it came from the NSA?
We talked confidentially to technicians who are familiar with the problem in Baltimore and they gave us that information. I should say that EternalBlue has been used since it escaped from NSA in 2017 all over the world in many, hundreds and hundreds of cyber attacks. Some of which have cost you know hundreds of millions of dollars, caused hundreds of millions dollars in damage.
So you know Baltimore is just the latest example of the use of this software.
So when criminals use this now they are sitting somewhere else in the world and they lock up all the computers and then they demand some sort of money and say we'll go we're gonna go ahead and release that information and we're going to take the locks off of this?
Exactly. And experts usually advise victims like the city of Baltimore don't pay because even if you pay there is no guarantee that the criminals wherever they are will relent and unlock the machines. But it's you know but it's not a pretty situation. A lot of city services in Baltimore have either been halted or greatly disrupted by this attack and you know the end is not near in terms of the effects on Baltimore of this attack.
If there was any sort of agreement around the world which automatically I as I say that sentence I think of how difficult that might be, to try to figure out a way to stop these attacks from happening? What's to say that government actors who are building these kinds of software tools would even comply?
Well I mean I think that's a great question. I mean NSA. One of its jobs in gathering intelligence is to break into foreign computer networks, go inside those computer networks and steal information essentially. And all of the kind of advanced countries with big intelligence agencies, eavesdropping agencies like NSA, do this kind of work.
And we were told that EternalBlue, which was essentially based on a vulnerability in Windows software that NSA discovered some years ago, produced tremendous intelligence — both in terms of espionage against other countries and in terms of counterterrorism. So it was very valuable for NSA to go into Windows machines around the world using this vulnerability.
But then what happened was in 2017 a still unidentified group calling itself the 'Shadow Brokers,' somehow got a hold of NSA's cyber arsenal including EternalBlue, threw it up on the web for anyone to grab and since then you know both state intelligence agencies and other places and criminals have been able to grab these tools and use them for their own attacks.
OK. One quick question. Is Baltimore back up and running again? Has Microsoft patched that software? Is it all better?
You know they're working with Microsoft I know on this and have been now for going almost three weeks. But not all the systems are up. As of Friday this city employee's e-mail was still down and you can imagine trying to run a city without e-mail.
And then finally who's responsible or who pays the bill on all this? I'm assuming that the hospitals and the cities that lose all the money and productivity they're on the hook for it's themselves. But technically if the NSA or a government created this tool and you've described it as a cyber arsenal isn't that letting weapons out there? Isn't that their responsibility?
Well some members of Congress are raising that very question. And also Baltimore officials not surprisingly. You know Baltimore is not the wealthiest city in the United States and I think they may be looking right down the road, I mean NSA is only a 15-minute car ride away, they may be looking at their neighbors right down the road and saying, hey, you guys have a very big budget. How about helping us out here?
Scott Shane from New York Times joining us via Skype. Thanks so much.
Watch the Full Episode
Support Provided By:
Additional Support Provided By: