The NSA reportedly created a tool to do this, which it also called EternalBlue.<\/p>\n
The New York Times said the agency did not disclose the problem to Microsoft for more than five years until a breach forced its hand.<\/p>\n
Microsoft released a fix for EternalBlue flaw in March 2017.<\/p>\n
Weeks later, a group calling itself the Shadow Brokers\u00a0leaked the NSA’s related hacking tool online<\/a>.<\/p>\n The NSA has never confirmed how it came to lose control of its code nor officially commented on the affair.<\/p>\n But the suggestion is that if it had shared its findings with Microsoft at an earlier stage, fewer PCs would have been exposed to subsequent attacks that made use of the vulnerability.<\/p>\n Thousands of Baltimore’s city government computers were frozen on 7 May after their files became digitally scrambled.<\/p>\n The criminals responsible demanded 13 Bitcoin ($114,440; \u00a36,940) to unlock them all, or three Bitcoin to release specific systems ahead of a deadline, which has now passed.<\/p>\n The authorities refused.<\/p>\n <\/p>\n Local residents have been unable to pay utility bills, parking tickets and some taxes online as a consequence.<\/p>\n In addition, staff have been unable to send or receive emails from their normal accounts.<\/p>\n Senator Chris Van Hollen and Congressman Dutch Ruppersberger have told the Baltimore Sun newspaper that they are now seeking “a full briefing” directly from the NSA.<\/p>\n “We must ensure that the tools developed by our agencies do not make their way into the hands of bad actors,” the senator told the paper.<\/p>\n Some security experts say if EternalBlue is truly involved, then IT managers should have installed a patch long ago.<\/p>\n Eternalblue was released over two years ago.. If an organization has substantial numbers of Windows machines that have gone 2 years without patches, then that’s squarely the fault of the organization, not Eternalblue.<\/p>\n But one consultant noted that this may have been easier said than done.<\/p>\n “For some organisations, patching can be a non-trivial exercise, even with a couple of years of lead time,” said Troy Hunt.<\/p>\n “Specialised systems such as medical devices, for example, often go unpatched for long periods of time.<\/p>\n “Offsetting that risk are factors such as the devices not being internet-connected. although given we’re still seeing infections due to EternalBlue two years after it was patched, evidently there are still systems out there both unpatched and exposed.”<\/p>\n It’s not exactly the talk of the town here – after all, it’s not like Facebook has gone down, merely crucial public services.<\/p>\n For those who have been affected, it’s very frustrating – a delayed house sale here, a new business that can’t open on schedule there. One person told me about how they have been unable to pay for their wedding venue at a place part-owned by the city.<\/p>\n Another told me they couldn’t go online to pay a parking ticket – that’s not as fortunate as it sounds, trust me.<\/p>\n A further kick in the teeth for this city is the suggestion that this attack used an exploit discovered not by the Russians or Chinese, but by an organisation based just 20 miles away – the US National Security Agency.<\/p>\n City officials want answers on that, but locals don’t want it to be a scapegoat. There have been repeated warnings here about severe underinvestment in government IT infrastructure.<\/p>\n Source: bbc.co.uk<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Email lock-out<\/h2>\n
![\"City](\"https:\/\/ichef.bbci.co.uk\/news\/624\/cpsprodpb\/1EFC\/production\/_107123970_92bc601b-533c-447f-b9f6-59684847e726.jpg\")
<\/span>\n
![\"\"](\"https:\/\/pbs.twimg.com\/profile_images\/1765729789\/image1326952644_normal.png\")
<\/a><\/p>\nOn the ground in Baltimore:<\/h2>\n
![\"Analysis](\"https:\/\/ichef.bbci.co.uk\/news\/624\/cpsprodpb\/17FF7\/production\/_104759289_davelee-nc.png\")
<\/span><\/figure>\n