Call it the irony of ironies, but it seems that a three-week long cyberattack by hackers in Baltimore that shut down computer networks affecting various public utilities was partly caused by the government itself. A key component of the code that launched the cyber attacks was leaked from the National Security Agency.
According to a New York Times report citing security experts who did a briefing on the case, the said code known as EternalBlue has been picked up by hackers in North Korea, Russia and more recently, China in 2017. The NSA lost control of the tool and since then it has been wreaking havoc online and causing destruction globally.
Commenting on the leak in April 2017, Edward Snowden said that the “NSA just lost control of its Top Secret arsenal of digital weapons; hackers leaked it.”
NSA just lost control of its Top Secret arsenal of digital weapons; hackers leaked it.
Now, the said code has made its way home and used by hackers in launching massive cyber attacks in Baltimore and nearby states. Cybersecurity expert Thomas Rid from Johns Hopkins University called the attack as the most destructive and costly N.S.A. breach in history. Unfortunately, the U.S. government refused to take responsibility. Both N.S.A. and F.B.I declined to give comment on the issue.
It's ironic that about ten years ago, the NSA was even bragging that the tool belonged only to them and even coined the term “NOBUS,” meaning “nobody but us,” obviously referring to the fact that the tool belongs to nobody but them. But it is not the case anymore as anyone can practically grab the code and used it to launch their own cyber attacks. So much for NOBUS, then.
A former FBI official told the New York Times that NSA should admit more accountability for the leaking of the code and the aftermath of the incident.
As hackers continue to employ in their attacks targeting areas such as Baltimore, San Antonio, and Pennsylvania, how long will it be until NSA do something to prevent further damages? As Microsoft's corporate vice president of consumer trust said, exploits such as in the case of the EternalBlue are inherently dangerous. It's like a bomb that has been taken away and set to explode eventually. And who should stop this bomb from exploding? The NSA, perhaps?