Hackers reportedly launched a cyberattack on Baltimore with a leaked NSA tool



  • Hackers are reportedly using a tool leaked from the National Security Agency in a cyberattack that has plagued the city of Baltimore since May 7.
  • The New York Times reported that the tool, called EternalBlue, has affected residents’ access to “real estate sales, water bills, health alerts,” and other city services.
  • The tool has also been used in other major cyber attacks, including WannaCry in May 2017, as well as the June 2017 NotPetya attacks against Ukranian banks and official systems.
  • Visit Business Insider’s homepage for more stories.

A tool leaked from the National Security Agency has reportedly been at the center of a ransomware attack that has shut down some online systems for the entire city of Baltimore.

Since May 7th, Baltimore has been plagued by cyberattacks caused by a tool called EternalBlue that has “frozen thousands of computers, shut down email,” and targeted residents’ access to services including “real estate sales, water bills, health alerts,” according to The New York Times.

City officials have so far refused to pay a ransom demand, and some alternatives have popped up to aid residents and city officials in the meantime, including a city-specific Gmail.

The initial attack on the city contained a message in flawed English demanding about $100,000 in Bitcoin to free their files.

“We’ve watching you for days,” the message said, according to a version obtained by The Baltimore Sun. “We won’t talk more, all we know is MONEY! Hurry up!”

Read more: The NSA publicly released a tool for cracking software wide open, and hackers are loving it — so long as the NSA makes good on its promise not to use it to spy on them


The city’s IT department is currently working to fix residents’ access to the affected systems and repair holes in software security, according to The Baltimore Sun.

Already, lawmakers and Baltimore officials have been demanding a briefing from the NSA on the issue. 

“The information that was included in The Times story was very troubling,” a spokesman for the city’s acting mayor, Bernard Young, told The Baltimore Sun. “There’s going to be a lot of speculation around this. What the mayor’s going to be interested in is getting beyond speculation and hearing from the authorities that would have some insight into what actually went on.”

The NSA and FBI declined The Times’ request to comment.

The tool was initially leaked in April 2017 by the still-unidentified hacking group Shadow Brokers in April 2017, and within a day, Microsoft had released a patch to fix the exploit.

EternalBlue has since been used in several other major attacks. Hackers behind Wannacry in May 2017 were using the tool, as well as the June 2017 NotPetya attacks against Ukranian banks and official systems.

SEE ALSO: ‘It’s a cat-and-mouse game’: The head of technology at $60 billion hedge fund Two Sigma explains why cybersecurity is a bigger challenge than AI

DON’T MISS: Google kept unencrypted, plaintext copies of some G suite business customer passwords on its servers for more than ten years

Join the conversation about this story »

NOW WATCH: Nxivm founder Keith Raniere began his trial. Here’s what happened inside the alleged sex-slave ring that recruited actresses and two billionaire heiresses.