NYT: Tool used in cyber attack on City of Baltimore was developed at Maryland-based NSA - Technical.ly Baltimore


May 28, 2019 10:51 am

NYT: Tool used in cyber attack on City of Baltimore was developed at Maryland-based NSA

Called EternalBlue, the tool has been used in multiple attacks against towns and cities. It was released online in 2017, the Times reports.
NSA headquarters at Fort Meade.

NSA headquarters at Fort Meade.

(Photo via Wikimedia Commons)

As many city government IT systems in Baltimore continue to be inaccessible following a cyber attack, a weekend report from the New York Times brought a new revelation that the malware used in the attack was developed close to home.

A “key component” of the malware was a tool that was stolen from the National Security Agency, the New York Times’ Nicole Perlroth and Scott Shane reported, citing security experts briefed on the case.

“The tool exploits a vulnerability in unpatched software that allows hackers to spread their malware faster and farther than they otherwise could,” states the report, which led Sunday’s paper.

Called EternalBlue, the cyberweapon was initially used for intelligence purposes. But it was released online in 2017 by a group called the Shadow Brokers, and has since been used as part of attacks in numerous attacks against towns and cities. That includes Baltimore, which is located just up the Baltimore-Washington Parkway from Fort Meade, where NSA is headquartered.

The tool was also used in the widespread WannaCry attack in 2017, among others. NSA hasn’t acknowledged the loss of the tool.

Microsoft released a patch in 2017, but Baltimore is among municipalities where attackers found a “sweet spot … where public employees oversee tangled networks that often use out-of-date software,” the Times reported.


On Tuesday, The Washington Post’s Cybersecurity 202 newsletter noted the debate playing out in the cybersecurity community about whether blame lies with the NSA or organizations that allow systems to go unpatched.

Following the report on Saturday, City Council President Brandon Scott called on Gov. Larry Hogan to seek a federal emergency and disaster declaration from the federal government for the Baltimore attack. This would allow for reimbursement of damages, costs and infrastructure repairs.

“Given the new information and circumstances it’s even more clear that the federal government needs to have a larger role in supporting the City’s recovery, including federal reimbursement for damages,” Scott said in a statement.

“I’m confident that our state leadership will do what is right for Maryland’s largest city and citizens that have been attacked, likely by foreign actors, through no fault of their own,” Scott said. “The fact that the root technology that enabled this attack came from our own federal government, just miles away, only adds insult to injury.”

Companies: City of Baltimore

Already a contributor? Sign in here
Connect with companies from the Technical.ly community
New call-to-action


Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!