Congressman: 'No evidence' that NSA cyberweapon was used in Baltimore - Technical.ly Baltimore

Civic

Jun. 3, 2019 10:20 am

Congressman: ‘No evidence’ that NSA cyberweapon was used in Baltimore

In a statement, U.S. Rep. C.A Dutch Ruppersberger said the federal government needs to do more to help cities protect their networks.

Rep. C.A. Dutch Ruppersberger (left) has long been an active voice on cybersecurity issues.

(Photo by Flickr user The U.S. Army, used under a Creative Commons license)

According to U.S. Rep. C.A. Dutch Ruppersberger (D-Baltimore), National Security Agency leaders said that a leaked cyberweapon wasn’t involved in the ransomware attack against the City of Baltimore.

The congressman’s Friday evening statement came after a meeting with senior NSA officials. It effectively amounts to an official denial of a report by The New York Times last weekend detailing how the tool, called EternalBlue, was used by attackers who targeted Baltimore and other municipalities around the country after being leaked online in 2017.

“I have been told that there is no evidence at this time that EternalBlue played a role in the ransomware attack currently affecting Baltimore City,” Ruppersberger, who represents the district that includes NSA headquarters and has long been a leading voice on cybersecurity in Congress, said in a statement. “I’m told it was not used to gain access nor to propagate further activity within the network.”

The Times posted a follow-up story of its own over the weekend, stating that all four contracted firms helping the city assess and recover from the damage told its reporters of EternalBlue’s presence. The paper also reported new information that a tool called a web shell was also found on Baltimore’s networks. Investigators from the FBI are still piecing together the attack, it said.

Advertisement

At the same time, Ruppersberger also called for the intelligence community to protect the tools that it develops from getting out.

“Our country needs cyber tools to counter our enemies, including terrorists, but we also have to protect these tools from leaks. We can’t ignore the damage that past breaches have done to American companies and, possibly, American cities,” he said.

The original Times report about EternalBlue also included information that a patch, which was designed by Microsoft to address the flaws EternalBlue could exploit, has been available since 2017, and led to a call from City Council President Brandon Scott to call for an emergency declaration that would bring federal support for the recovery. Ruppersberger also weighed in on this front.

“It’s easy to suggest that leaked cyber tools are worthless with proper patches and good cyber hygiene,” he said. “But the reality is that patching can be hard and requires resources that many municipalities don’t have. I believe the federal government needs to do more to help municipalities better protect their networks.”

Many Baltimore IT systems have been down since May 7, when the ransomware attack was discovered, leading to “manual mode” workarounds for key city functions.

In one restorative move, Baltimore city officials reported last week that email access was granted once again for some employees. In a statement, Mayor Bernard C. “Jack” Young said the city is in the process of restoring email and computer access to all employees following a pilot.

-30-
JOIN THE COMMUNITY, BECOME A MEMBER
Already a member? Sign in here
Connect with companies from the Technical.ly community
New call-to-action

Advertisement

Power Moves: Leadership changes at CAMI and Maryland Momentum Fund

UMBC and UMB are joining forces to protect and probe medical data

clean.io releases data behind malicious ads

SPONSORED

Baltimore

Verizon is looking for the brightest ideas on how to use its 5G technology

Baltimore, MD 21201

14 West

Junior Database Administrator

Apply Now
Baltimore, MD

SmartLogic

Account Executive (Baltimore)

Apply Now
Baltimore, MD

14 West

Product Operations Manager

Apply Now

Bowie-based Trinity Cyber, led by NSA and White House alums, raises $23M

DataTribe is hosting its second cyber startup competition

DreamPort plans expansion of Columbia collaboration space

SPONSORED

Baltimore

Escape the August heat with cool AI tech

Philadelphia OR Baltimore

Technically Media

Technical.ly Editorial Intern (Fall 2019)

Apply Now
Baltimore

Fastspot

Business Development Manager

Apply Now
Columbia, MD

Vectorworks

Python Engineer (Software Systems Development)

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!