Congressman: ‘No evidence’ that NSA cyberweapon was used in Baltimore

According to U.S. Rep. C.A. Dutch Ruppersberger (D-Baltimore), National Security Agency leaders said that a leaked cyberweapon wasn’t involved in the ransomware attack against the City of Baltimore.

The congressman’s Friday evening statement came after a meeting with senior NSA officials. It effectively amounts to an official denial of a report by The New York Times last weekend detailing how the tool, called EternalBlue, was used by attackers who targeted Baltimore and other municipalities around the country after being leaked online in 2017.

I have been told that there is no evidence at this time that EternalBlue played a role in the ransomware attack currently affecting Baltimore City. More of my thoughts on the issue here: https://t.co/BsQju9aPEq

— Dutch Ruppersberger (@Call_Me_Dutch) May 31, 2019

“I have been told that there is no evidence at this time that EternalBlue played a role in the ransomware attack currently affecting Baltimore City,” Ruppersberger, who represents the district that includes NSA headquarters and has long been a leading voice on cybersecurity in Congress, said in a statement. “I’m told it was not used to gain access nor to propagate further activity within the network.”

The Times posted a follow-up story of its own over the weekend, stating that all four contracted firms helping the city assess and recover from the damage told its reporters of EternalBlue’s presence. The paper also reported new information that a tool called a web shell was also found on Baltimore’s networks. Investigators from the FBI are still piecing together the attack, it said.

At the same time, Ruppersberger also called for the intelligence community to protect the tools that it develops from getting out.

“Our country needs cyber tools to counter our enemies, including terrorists, but we also have to protect these tools from leaks. We can’t ignore the damage that past breaches have done to American companies and, possibly, American cities,” he said.

The original Times report about EternalBlue also included information that a patch, which was designed by Microsoft to address the flaws EternalBlue could exploit, has been available since 2017, and led to a call from City Council President Brandon Scott to call for an emergency declaration that would bring federal support for the recovery. Ruppersberger also weighed in on this front.

“It’s easy to suggest that leaked cyber tools are worthless with proper patches and good cyber hygiene,” he said. “But the reality is that patching can be hard and requires resources that many municipalities don’t have. I believe the federal government needs to do more to help municipalities better protect their networks.”

Many Baltimore IT systems have been down since May 7, when the ransomware attack was discovered, leading to “manual mode” workarounds for key city functions.

In one restorative move, Baltimore city officials reported last week that email access was granted once again for some employees. In a statement, Mayor Bernard C. “Jack” Young said the city is in the process of restoring email and computer access to all employees following a pilot.