1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

US cities are being held hostage with stolen NSA tools

By Bubbajim · 29 replies
May 26, 2019
Post New Reply
  1. Since May 7, the city of Baltimore in Maryland has been struggling to cope with a ransomware attack that has crippled its digital capabilities. Local government employees’ computers were infected with a malware that demanded $100,000 for files and access to be restored. And according to a new report by the New York Times, the National Security Agency (NSA) is somewhat to blame.

    It’s no secret that the NSA developed numerous tools to exploit software and hardware vulnerabilities, allowing the agency to snoop on digital activity in the name of national security. But in 2017 an NSA leak led to one of their proprietary tools, dubbed EternalBlue, to fall into the hands of criminals and foreign states.

    EternalBlue allegedly formed the basis of the infamous WannaCry and NotPetya attacks that took out virtual infrastructure across the world, including the computer systems of major companies and the UK’s National Health Service.

    The 2017 leak originated from a group known only as the Shadow Brokers. According to The Times, the NSA and the FBI still do not know whether the group are made up of “foreign spies or disgruntled insiders.” The Times reports that, according to security experts briefed on Baltimore’s situation, there’s a direct link between the 2017 EternalBlue leak and the city’s current predicament.

    Computers have been frozen, email services shut down, and online services used for things like health alerts or paying water bills have all been taken offline. But perhaps more worryingly, Baltimore is not alone. Cities in Texas and Pennsylvania have also been affected.

    Regardless of whether or how quickly this situation is resolved, it will no doubt frustrate citizens to learn that the cyber-weapon that has caused so much damage was developed with their own tax dollars.

    Permalink to story.

  2. Danny101

    Danny101 TS Guru Posts: 732   +281

    Thanks alot, Snowden!:(
    Knot Schure likes this.
  3. Bullwinkle M

    Bullwinkle M TS Booster Posts: 125   +65

    Yes, Thanks Snowden!

    We would never have known these UnAmerican Traitors at the NSA were using OUR Tax Dollars to develop tools to use against us, break into our computers and steal whatever they want if not for your brave Patriotism!

    As for the Local Government Computers being infected with these same NSA exploits.....
    Well......At least you got what you paid for!
    Last edited: May 26, 2019
  4. Uncle Al

    Uncle Al TS Evangelist Posts: 5,263   +3,679

    Not fair to blame the NSA for doing the job they were trained for BUT you certainly can and should blame the managers and developers that put together such tools without also developing a "counter measure" to combat it. We get in such a big damn hurry to invent the next great thing that we don't take the time to study it and how it can be used against us so we can develop a countermeasure.
    The Govt. has become too good at this sort of thing as well as pointing the finger and others when they get exposed. This kind of software was inevitable in order for us to combat those that would do the same to us, but any good manager should know you don't turn loose something that you don't fully understand and that especially includes the very things that can be used against you as well. It's just common sense so perhaps our first lesson should be to teach those that dwell in these shadowy worlds the responsibilities that also come with the job.
    CloudCatcher and Evernessince like this.
  5. Mr Majestyk

    Mr Majestyk TS Booster Posts: 133   +99

    Yeah and Huawei is the problem!

    Snowden is a legend like Chelsea Manning, so proud of these people with the courage to unveil what was happening. And now the hypocrites of the USA have the gall to point the finger everywhere else
    PEnnn, Hasbean and xxLCxx like this.
  6. captaincranky

    captaincranky TechSpot Addict Posts: 14,779   +3,906

    Secrets are supposed to be kept secret. And your moral outrage at their existence is nothing if not predictable.

    I'm not really interested in listening to you making heroes or icons out of traitors like Snowden. The stone cold Darwinian basic of human survival, whether at the personal or national level, is, "do unto others before they do onto you".. And that's whether it's an opposing regime, or a next door neighbor.

    I'm glad our federal agencies do what they do in secret, in cyberspace. Hopefully, they'll be able to fend off the next set of turds trying to fly jetliners into our skyscrapers. Or find out what Kim Jong Un , Putin, or anyone else with the potential to harm us is up to.

    The most recurring theme I'm finding in these threads, is those who don't live in the USA, think it's quite fashionable to hate the USA. It's also rather tedious and superficial..
    Last edited: May 26, 2019
    Kibaruk, Hexic and Evernessince like this.
  7. Evernessince

    Evernessince TS Evangelist Posts: 3,903   +3,350

    There are much better ways to alert the public of these issues then releasing hacking tools for everyone to use.

    A legend? The guy gave top secret documents and tools to enemies of the state. It's a no brainer the NSA was working in secret, doing otherwise would severely hamper their ability to operate. That's just how it works.

    It's always Amazing to me how some Americans can praise the likes of Julian Assange and Snowden when the results of their actions range from extremely detrimental to attacking the foundations of our democracy.
    HyperPete, Kibaruk and captaincranky like this.
  8. Danny101

    Danny101 TS Guru Posts: 732   +281

    There is always the possibility that any tool or virus used against our enemies will get back engineered, once they realized what hit them. Unless all players agree to stop, it'll always be a tit for tat. I agree with Bullwinkle that ours. all of governments, shouldn't be using these tools for domestic spying. What's the point of a constitution and system if our government is allowed flout it? What they should be doing is helping to harden our infrastructure to attack, including stress tests, through partnerships with U.S. companies.
    xxLCxx likes this.
  9. brucek

    brucek TS Maniac Posts: 149   +187

    Snowden curated what he released, and did not include these tools. They are from a separate breach.

    I'd also point out that Snowden released his materials only after witnessing the director of the NSA lie to congress about what it was doing (on big, major, juicy policy points, not some twiddly little detail.) The director's response to being directly asked if the military was spying on the american population it is entrusted to defend: "No sir, we are not conducting mass surveillance on the American people."

    If the entire point of our democracy is that we elect lawmakers who oversee the military and have the right to set policy for it, anyone who has positive proof that that oversight mechanism is being defeated, with the connection between the voting public and the government having been severed, is in a tough spot as far as what the morally right thing to do is.

    As to these tools, being able to spy effectively on America's enemies is what the NSA is supposed to be doing. I don't have any problem with the tools. Obviously the safe keeping of them came in a little under par though.
  10. Hexic

    Hexic TS Evangelist Posts: 494   +319

    Not sure what rock you have been living under, but that’s the intention of the NSA. Every other first-world country has very similar cyber-security tools, and enacts similar surveillance on their citizens [See Britain and their big-brother camera systems, I just left London 2 days ago] and other citizens abroad. We just had two morons who wanted attention leak information in our case.

    If you’re just discovering this, I suggest performing research on “how the world works 101”.
    captaincranky likes this.
  11. toooooot

    toooooot TS Evangelist Posts: 754   +372

    I am curious, if you are approached by NSA agents who politely ask you to add a backdoor to your product, can they actually make you to do that?
    Legally, they shouldnt have the right to force you.
    But then, somehow they "persuaded" many of our top firms to do that...
    Impudicus and xxLCxx like this.
  12. Damocles

    Damocles TS Rookie

    And I suppose you are also one of the misguided folk who think that there should be a "back-door" in encryption programs. I'm looking at all this from the other side of the pond (and am appalled by Trump - HE is tedious and superficial, but that's another story). This is a prime example of why there should not be any "back-doors". There's no way of letting the good guys in whilst keeping the bad guys out. Stuff is bound to leak out and this ransomware chaos is just one example. Your "agencies" can do what they need to do without hoovering up all sorts of information that they're not entitled to, sticking their noses into other people's business or deliberately exploiting software weaknesses and/or vulnerabilities, without informing the public of them. In my opinion, it's immoral, if not actually illegal.
    Impudicus likes this.
  13. captaincranky

    captaincranky TechSpot Addict Posts: 14,779   +3,906

    Who died and left you in charge of labeling people "misguided"? As if you know the truth, the whole truth, and nothing but the truth.

    Beyond that, you're apparently one of the legion of US haters who want to run this country with your mouth, from thousands of miles away.

    And if by "across the pond", you mean the UK, you should tend to your own affairs in dealing with that emerging "nanny state", and say hello to the queen for me.

    BTW, I'm not of of those Americans who is infatuated with all things about the royals. As far as I'm concerned, they're parasites whose time is long past., "God save the Megan Markel", and do have a lovely day
  14. David Belkin

    David Belkin TS Enthusiast Posts: 46   +41

    Don't shoot the messenger.
    Thanks a lot NSA.
    Impudicus likes this.
  15. Damocles

    Damocles TS Rookie

    Oh dear.......someone's a little bitter and twisted, it would seem. "Captain Cranky" does seem a singularly appropriate user-name. I bet you're a wow at parties. You seem to have left out the "small" minor problem that when the USA (or Trump) tries to rule the world, it does tend to impact on everyone. Therefore I think outsider comments on the way your so-called politicians pretend to run your country (and everybody else's) are perfectly valid. I think I'll leave this now and let other folk comment on your troll-like qualities. I would watch your back for incoming from North Korea though.
  16. Hexic

    Hexic TS Evangelist Posts: 494   +319

    By definition, our “agencies”, namely the NSA due to the context of the conversation - literally can’t do “what they need to do” as you say it, and not have secrets. Certain information literally has to be classified, or it will cause infinitely more harm in the wrong hands.

    So yes, they absolutely need to shore up information that is only accessible to the public at a need-to-know basis. And yes, there is corruption involved, as there is with other governments. Do you believe your own government, whomever that may be, hasn’t been secretly collecting your metadata (and more) for at least the last 15-20 years? If you don’t think they have, then I encourage you to research some history prior to posting the stereotypical “you can have your cake and eat it too” scenario of privacy vs. security.
  17. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 11,266   +4,935

  18. Bullwinkle M

    Bullwinkle M TS Booster Posts: 125   +65

    Cranky says...
    "Secrets are supposed to be kept secret."

    These programs were not secret and many people already knew about them before Snowden, and, since we are not under contract or non-disclosure agreements, we can talk about them as much as we like!

    If you believe otherwise due to National Security or some other nonsense, then we should debate these secret programs in public to decide for ourselves exactly who's National Security we are being asked to protect (Mine or Your's)
    "I'm not really interested in listening to you making heroes or icons out of traitors like Snowden."

    I AM!
    Tell me more!
    Last edited: May 27, 2019
    netman likes this.
  19. captaincranky

    captaincranky TechSpot Addict Posts: 14,779   +3,906

    It's always the rookies who sign up to mouth off against the US.

    It's always the rookies who pick fights they won't or can't finish. "It's beneath your dignity to continue dealing with me". Spare me. .Have you been on Pornhub recently, looking for typewriter enhancements? :rolleyes:

    As for my screen name being "captaincranky", that's something else rookies like to key on, since it seems to justify the responses they provoke. Actually, I'\m here for the laughs, and to ponder the sociological and psychological impact of the computer on formerly sane individuals. You know, how hands start to shake when someone can't get to check their Twitter account.

    Well now here's a question, did you pick your screen name (while suffering from Dionysian delusions), from the famous "sword of Damocles"?


    As for Trump, however narcissistic, ego-maniacal, and pathological he may be with regards to not telling the truth, he's gotten a few things exactly right. For example, the US having to pick up an unfair portion of the tab for NATO. This is something which has been complained about in the US for the past several decades. And our foreign aid spends pretty well too, doesn't it? ("Unless your own corrupt leaders head it off at the pass", so to speak).

    Most Europeans think they're so much refined that we uncouth and classless Americans, but they'll sure pander to, and suck up our tourist dollars in a heartbeat.
    Hexic likes this.
  20. captaincranky

    captaincranky TechSpot Addict Posts: 14,779   +3,906

    If you weren't addicted to the smartphone, the NSA wouldn't know squat about you. They still need a warrant to tap your landline, and you have to have done something, for the courts to approve one. At the end of the day, most of those here with the massively overinflated egos and paranoid personality disordered people here complaining about "invasion of privacy", aren't that interesting, or worth an NSA analyst's time or hourly wage to examine in the first place.

    And considering the volume of calls you're claiming the NSA is/ or would like to screen, you're most likely not even a blip on their radar.

    So, really, don't flatter yourself
  21. Bullwinkle M

    Bullwinkle M TS Booster Posts: 125   +65

    Cranky says......
    "I'm not really interested in listening to you making heroes or icons out of traitors like Snowden."

    I AM!

    After all, it's Memorial Day!
    A day to reflect on the great sacrifices he made for his Country instead of the mindless ramblings of an angry old man
    Last edited: May 27, 2019
    Impudicus likes this.
  22. Markoni35

    Markoni35 TS Booster Posts: 131   +67

    Well... them being NSA, maybe they know something about you that you don't want your friends to know. Or enemies. So they blackmail you. Or they bribe you. Or they blackmail and bribe you. There's always a way.

    Open-source programmers usually don't earn anything from their projects. So it's not hard to bribe them. People who think that open-source is safer than closed-source have hopefully learned from the last 20 huge security holes that it's often not true.
  23. Bullwinkle M

    Bullwinkle M TS Booster Posts: 125   +65

    Open source IS safer!
    How can you hide a backdoor if it's OPEN SOURCE?
  24. captaincranky

    captaincranky TechSpot Addict Posts: 14,779   +3,906

    How would you know if there's a back door in open source software if you weren't a programmer yourself?

    The proof of that is, how much malware Google had to pull from their store. Software which I might add, was downloaded thousands of times..:eek:

    Now why don't you toddle along and write us some malware? Whoops, I mean "free open source software". Make sure it's truly free too, with none of this "buy me a coffee" nonsense.
    Last edited: May 27, 2019
  25. captaincranky

    captaincranky TechSpot Addict Posts: 14,779   +3,906

    Have you made any sacrifices for the USA? If so, tell us all about it.. (y) (Y) If not, it would be much more reflective, courteous, and civilized, if you just kept your mouth shut.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...