ISLAMABAD – The cyber weapon was developed by the US tech spying agency tobreak into foreign computers, but now the US itself is under attack by themalware, and tech experts say it’s the handiwork of the NSA.
Guess which list unites North Korea, Iran, China, Russia, Israel and theUnited States? These are all the nations that have not signed the ParisCall for Trust and Security in Cyberspace — Emmanuel’s Macron’s effortto stop cyber-attacks in peacetime.
The US’s National Security Agency (NSA), often portrayed in the mediaas the most technologically advanced intelligence agency in the world, androutinely resorts to hacking and cyber-attacks in order to steal theinformation they need. To do so, tech geniuses on government payrolls write”tools” — malware programs designed specifically to strikeat vulnerabilities found in operational systems, including the US-madeWindows OS family.
And then these programs get leaked.
In 2017, an unidentified group of hackers named Shadow Brokers publishedEternalBlue — NSA-made very powerful program capable of taking controlof computers run on the Windows operational system. Anonymous NSAoperators, cited by The New York Times, say it took the agency a yearto find a flaw in Microsoft security to build the malware upon.
Needless to say, once the flaw was discovered, NSA did not go out of itsway to inform the software giant about it. In fact, it was only after themalware was published online that they contacted Microsoft and told themabout the vulnerability.
Now the NSA-written malware is rampaging Baltimore, Maryland. The exactgeography of the affected computers is undisclosed as Microsoft is tryingto keep the lid on the outbreak, but it is likely that other cities wereaffected as well, the Times report says.
The malware is capable of paralyzing hospitals, airports, rail and shippingoperators, ATMs and factories. Local US governments that use aged softwareand hardware are particularly vulnerable to EternalBlue attacks, accordingto the Times.
On 7 May, Baltimore city workers were hit with a classic ransomware attack.The malicious software locked the workers out of their computers anddisplayed a message written in remarkably poor English.
Read Top Stories
“We’re watching you for days and we’ve worked on your systems to gain fullaccess to your company and bypass all of your protections,” the note on thescreen warned against calling the FBI and demanded $100,000 in Bitcoinas ransom.
“We won’t talk more, all we know is MONEY!” the note said. “Hurry up! TikTak, Tik Tak, Tik Tak!”
According to The Baltimore Sun report, poor spelling does not necessarilyindicate a foreign attacker: domestic hackers use it to deceive bothvictims and investigators.
Earlier in February, Allentown, Pennsylvania was also hit with anEternalBlue-based attack. It cost the city $1 million to remedy and$400,000 for new defences, according to the Times. In September, themalware hit San Antonio, Texas, locking the local sheriff’s office.
The Times reported that EternalBlue has become the favourite tool of thetrade for government hackers. The 2016 WannaCry attack, attributed to NorthKorea and 2017 NotPetya attack, blamed on Russia, is said to be all basedon EternalBlue. Iran has been accused of hacking airline networks in theMiddle East, and China is said to have targeted Middle Eastern governmentsusing the same tool.
The NSA tries to deflect flak for the Shadow Brokers leak and releaseof EternalBlue in the world, making an analogy with a Toyota truck —initially designed for peaceful use but converted by Middle Easternmilitants into a weapon of war. Microsoft officials reject that analogy,saying EternalBlue was designed as a weapon from the start.
“These exploits are developed and kept secret by governments for theexpress purpose of using them as weapons or espionage tools. They’reinherently dangerous,” says Tom Burt, Microsoft’s Vice Presidentof Customer Security and Trust. “When someone takes that, they’re not‘strapping a bomb’ to it. It’s already a bomb.” -Sputnik
