National Security

NSA Developed the Tools Used in Baltimore Ransomware Attack

It’s been two weeks since the city of Baltimore was hit in a sophisticated ransomware attack.

On 7 May, hackers digitally seized about 10,000 Baltimore government computers. As a result, city employees have been locked out of their email accounts and citizens have been unable to access essential services since. These services include online platforms that support basic infrastructure and governance, including websites where Baltimoreans pay their water bills, property taxes, and parking tickets. Currently, hackers are demanding thirteen bitcoins (about $100,000) to unlock the hijacked systems.

The most recent attack isn’t the first time Baltimore has been hit in recent memory. The city was hit with a similar attack last year in a separate incident that shut down the city’s 911 system for about a day. Baltimore has come under scrutiny for its handling of both attacks. As one cyber security expert who specializes in ransomware put it, at some point organizations “don’t have a choice, [they] have to make a business decision.”

The ransomware attacks in Baltimore and other local governments across the U.S. have demonstrated an important fact about the nature of ransomware attacks: vulnerabilities are lurking everywhere. Common targets such as hospitals and schools tend to be the first in line for hackers to set their sights on, not just because crippling these institutions will give them the most leverage, but because they tend to be the most susceptible, a truth learned the hard way in the infamous WannaCry attacks of 2017.

But the most intriguing fact about the Baltimore ransomware attack and other similar incidents relates to the sophisticated tools used by the cybercriminals. According to a recent article in The New York Times, a key component of malware used by hackers was developed by none other than the National Security Agency (NSA). In 2017, the NSA reportedly lost control of the tool, called EternalBlue, in a digital heist still shrouded in mystery. Since then, the tool has been used in several well-known hacks across the globe by hackers in Russia, China and North Korea.

The NSA and FBI have declined to comment to media regarding these assertions. The official stance of government is that the theft of the cyber weapon never occurred in the first place.

The opinions expressed here by contributors are their own and are not the view of OpsLens which seeks to provide a platform for experience-driven commentary on today's trending headlines in the U.S. and around the world. Have a different opinion or something more to add on this topic? Contact us for guidelines on submitting your own experience-driven commentary.
Samuel Siskind

Samuel Siskind studied intelligence research at the American Military University in West Virginia. He served as a squad commander in the Israeli Defense Force (IDF) Corp of Combat Engineers, in the Corps' ground battalions and later in its Intelligence Wing at regional and divisional stations. For the past five years, Samuel has worked as a consultant and researcher on physical and information security issues for private and governmental institutions, in the US, Africa, India, and Israel. He currently lives in Jerusalem.

Join the conversation!

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.

Watch The Drew Berquist Show

Everywhere, at home or on the go.

WATCH NOW