NYT: Tool used in cyber attack on City of Baltimore was developed at Maryland-based NSA

As many city government IT systems in Baltimore continue to be inaccessible following a cyber attack, a weekend report from the New York Times brought a new revelation that the malware used in the attack was developed close to home.

A “key component” of the malware was a tool that was stolen from the National Security Agency, the New York Times’ Nicole Perlroth and Scott Shane reported, citing security experts briefed on the case.

A hacking tool stolen from the NSA is being used to hijack cities across the country. One of those, Baltimore, is in the agency's own backyard. https://t.co/gryyAI5Z5l

— The New York Times (@nytimes) May 25, 2019

“The tool exploits a vulnerability in unpatched software that allows hackers to spread their malware faster and farther than they otherwise could,” states the report, which led Sunday’s paper.

Called EternalBlue, the cyberweapon was initially used for intelligence purposes. But it was released online in 2017 by a group called the Shadow Brokers, and has since been used as part of attacks in numerous attacks against towns and cities. That includes Baltimore, which is located just up the Baltimore-Washington Parkway from Fort Meade, where NSA is headquartered.

The tool was also used in the widespread WannaCry attack in 2017, among others. NSA hasn’t acknowledged the loss of the tool.

Microsoft released a patch in 2017, but Baltimore is among municipalities where attackers found a “sweet spot … where public employees oversee tangled networks that often use out-of-date software,” the Times reported.

On Tuesday, The Washington Post’s Cybersecurity 202 newsletter noted the debate playing out in the cybersecurity community about whether blame lies with the NSA or organizations that allow systems to go unpatched.

Following the report on Saturday, City Council President Brandon Scott called on Gov. Larry Hogan to seek a federal emergency and disaster declaration from the federal government for the Baltimore attack. This would allow for reimbursement of damages, costs and infrastructure repairs.

“Given the new information and circumstances it’s even more clear that the federal government needs to have a larger role in supporting the City’s recovery, including federal reimbursement for damages,” Scott said in a statement.

“I’m confident that our state leadership will do what is right for Maryland’s largest city and citizens that have been attacked, likely by foreign actors, through no fault of their own,” Scott said. “The fact that the root technology that enabled this attack came from our own federal government, just miles away, only adds insult to injury.”