Congressman: 'No evidence' that NSA cyberweapon was used in Baltimore - Technical.ly Baltimore

Civic

Jun. 3, 2019 10:20 am

Congressman: ‘No evidence’ that NSA cyberweapon was used in Baltimore

In a statement, U.S. Rep. C.A Dutch Ruppersberger said the federal government needs to do more to help cities protect their networks.
Rep. C.A. Dutch Ruppersberger (left) has long been an active voice on cybersecurity issues.

Rep. C.A. Dutch Ruppersberger (left) has long been an active voice on cybersecurity issues.

(Photo by Flickr user The U.S. Army, used under a Creative Commons license)

According to U.S. Rep. C.A. Dutch Ruppersberger (D-Baltimore), National Security Agency leaders said that a leaked cyberweapon wasn’t involved in the ransomware attack against the City of Baltimore.

The congressman’s Friday evening statement came after a meeting with senior NSA officials. It effectively amounts to an official denial of a report by The New York Times last weekend detailing how the tool, called EternalBlue, was used by attackers who targeted Baltimore and other municipalities around the country after being leaked online in 2017.

“I have been told that there is no evidence at this time that EternalBlue played a role in the ransomware attack currently affecting Baltimore City,” Ruppersberger, who represents the district that includes NSA headquarters and has long been a leading voice on cybersecurity in Congress, said in a statement. “I’m told it was not used to gain access nor to propagate further activity within the network.”

The Times posted a follow-up story of its own over the weekend, stating that all four contracted firms helping the city assess and recover from the damage told its reporters of EternalBlue’s presence. The paper also reported new information that a tool called a web shell was also found on Baltimore’s networks. Investigators from the FBI are still piecing together the attack, it said.

Advertisement

At the same time, Ruppersberger also called for the intelligence community to protect the tools that it develops from getting out.

“Our country needs cyber tools to counter our enemies, including terrorists, but we also have to protect these tools from leaks. We can’t ignore the damage that past breaches have done to American companies and, possibly, American cities,” he said.

The original Times report about EternalBlue also included information that a patch, which was designed by Microsoft to address the flaws EternalBlue could exploit, has been available since 2017, and led to a call from City Council President Brandon Scott to call for an emergency declaration that would bring federal support for the recovery. Ruppersberger also weighed in on this front.

“It’s easy to suggest that leaked cyber tools are worthless with proper patches and good cyber hygiene,” he said. “But the reality is that patching can be hard and requires resources that many municipalities don’t have. I believe the federal government needs to do more to help municipalities better protect their networks.”

Many Baltimore IT systems have been down since May 7, when the ransomware attack was discovered, leading to “manual mode” workarounds for key city functions.

In one restorative move, Baltimore city officials reported last week that email access was granted once again for some employees. In a statement, Mayor Bernard C. “Jack” Young said the city is in the process of restoring email and computer access to all employees following a pilot.

-30-
CONTRIBUTE TO THE
JOURNALISM FUND

Already a contributor? Sign in here
Connect with companies from the Technical.ly community
New call-to-action

Advertisement

Public safety cybersecurity firm SecuLore Solutions wins $750K in federal funding

NSA goes public with Windows security vulnerability

Fugue is open sourcing a new cloud security tool

SPONSORED

Baltimore

How this entrepreneurial-minded lawyer is helping set founders up for long-term growth

Philadelphia, PA

Vistar Media

Software Engineer

Apply Now

Baltimore, MD

SmartLogic

Developer

Apply Now

Philadelphia

Urban Outfitters

Urban Outfitters: Jr. Motion Graphic Designer

Apply Now

Baltimore’s water mentoring program named a winner of AWS City on a Cloud Innovation Challenge

Power Moves: Mayor’s Office of Criminal Justice will be led by data-driven director

Baltimore police to add 15 license plate readers

SPONSORED

Baltimore

Technology is ever evolving — shouldn’t business education be, too?

Philadelphia

URBN

URBN: User Experience (UX) Designer

Apply Now

Baltimore

14 West

F5 Engineer

Apply Now

Hunt Valley, MD

LawIQ

SOFTWARE ENGINEER – FULL TIME OPPORTUNITY

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!