EternalBlue was the NSA most powerful cyber weapon used for countless intelligence-gathering and counterterrorism missions. In April 2017, the cyberweapon was leaked online by a group calling themselves the Shadow Brokers. The NSA and FBI initially refused to acknowledge that the cyberweapon had been leaked, but that could all change now that the cyberweapon is targeting cities in the United States.
Following the leak, nations such as North Korea and Russia reportedly used the cyberweapon to send malware or ransomware to computers in large organizations such as hospitals demanding large sums of money to remove the malware.
According to the New York Times, EternalBlue has now found its way back to the U.S. as the city of Baltimore has been facing numerous cyber attacks to their infrastructure. On May 7th, city workers had their computers locked up with demands written out on flawed English reading: “We’ve watching you for days. We won’t talk more, all we know is MONEY! Hurry up!”
The Baltimore Sun reported the 911 and 311 systems were not affected by the cyber attack, but a similar incident took place in 2018 where a malware attack took down all 911 capabilities.
EternalBlue gives hackers the capability to embed malware deeper into the computer system than previously thought possible, according to three NSA employees who spoke to the NYT under anonymity.
After EternalBlue leaked online, foreign nations and rogue agents have used the software to disrupt airports, railways, shipping operators and ATMs, Task and Purpose reported.
Don Norris, a professor at the University of Maryland, says he was “not surprised that it happened, and it won’t be a surprise if it happens again.”
“You’ve got increasingly sophisticated and very persistent bad guys out there looking for any vulnerability they can find and local governments, including Baltimore, who either don’t have the money or don’t spend it to properly protect their assets,” Noris said in 2016 after he surveyed the city official computers.
The Baltimore employees are still trying to get their systems back online for all of their employees, but the out-of-date software used in many of these city computers leave them wide open for another attack.
“You can’t hope that once the initial wave of attacks is over, it will go away,” Jen Miller-Osborn who works at Palo Alto Networks as a deputy director of threat intelligence, explained. “We expect EternalBlue will be used almost forever, because if attackers find a system that isn’t patched, it is so useful.”