Your City, Your State, Your K12 Public School all attacked using NSA weapon.
In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc
By Nicole Perlroth and Scott Shane
May 25, 2019
In Pennsylvania School Districts Stockpiling Huge budget surplus accounts, while still raising property taxes every year
WannaCry? Hundreds of US schools still haven’t patched servers
A dive into vulnerability data shows even big districts’ servers still offering up SMB v. 1.
I think patching your software and making backups will protect you better than blaming the Gov’t
or
… than blaming the government who weaponized an unknown flaw in software and made sure not to tell the software vendor, in order to prevent a patch which customers could install, you mean?
or
Microsoft was warned, and the patch came out a month before Shadow Brokers dumped it.
If you’re wondering why ransomware continues to be such a problem for state and local governments and other public institutions, all you have to do to get an answer is poke around the Internet a little. Publicly accessible security-scan data shows that many public organizations have failed to do more than put a bandage over long-standing system vulnerabilities that, if successfully exploited, could bring their operations to a standstill.
While the method by which RobbinHood ransomware infected the network of Baltimore City two weeks ago is still unknown, insiders within city government have pointed to the incomplete efforts by the Office of Information Technology to get a handle on the city’s tangle of software, aging servers, and wide-flung network infrastructure. Baltimore isn’t even the only city to have been hit by ransomware in the last month—Lynn, Massachusetts, and Cartersville, Georgia, both had electronic payment systems taken offline by ransomware this month. Greenville, North Carolina, was struck by the same RobbinHood ransomware affecting Baltimore in April.
But cities aren’t the only highly vulnerable targets to be found by would-be attackers. There are hundreds of thousands of Internet-connected Windows systems in the United States that still appear to be vulnerable to an exploit of Microsoft Windows’ Server Message Block version 1 (SMB v. 1) file sharing protocol, despite repeated public warnings to patch systems following the worldwide outbreak of the WannaCry cryptographic malware two years ago. And based on data from the Shodan search engine and other public sources, hundreds of them—if not thousands—are servers in use at US public school systems. Even in cases where Microsoft’s patch of SMB v. 1 has been applied, the protocol remains a potential security problem—one that some organizations can’t completely close because some vendors still require the protocol for applications such as networked copiers and scanners.
While conducting research as a follow-up to our coverage of Baltimore City’s ongoing ransomware attack, Ars discovered that neighboring Baltimore County’s public school system had eight publicly accessible servers that still were running in configurations that indicated they were vulnerable to EternalBlue, the Equation Group exploit exposed by Shadow Brokers in April 2017 and then used as part of the WannaCry malware a month later. The exploit is now packaged as part of multiple malware kits, according to security researchers.
https://arstechnica.com/information-technology/2019/05/two-years-after-wannacry-us-schools-still-vulnerable-to-eternalblue/
SEE
Where are the State AG’s in protecting the citizens from malware that “gets away” from the NSA? The weaponized software created by the NSA…. when employees who have been taught everything by the NSA leave their jobs and take what they know with them then form companies and sell their “knowledge /skills / know how” learned on the job by working for America to enemies.
https://krebsonsecurity.com/2017/12/former-nsa-employee-pleads-guilty-to-taking-classified-data/
02
Dec 17
Former NSA Employee Pleads Guilty to Taking Classified Data
A former employee for the National Security Agency pleaded guilty on Friday to taking classified data to his home computer in Maryland. According to published reports, U.S. intelligence officials believe the data was then stolen from his computer by hackers working for the Russian government.
Nghia Hoang Pho, 67, of Ellicott City, Maryland, pleaded guilty today to “willful retention of national defense information.” The U.S. Justice Department says that beginning in April 2006 Pho was employed as a developer for the NSA’s Tailored Access Operations (TAO) unit, which develops specialized hacking tools to gather intelligence data from foreign targets and information systems.
According to Pho’s plea agreement, between 2010 and March 2015 he removed and retained highly sensitive classified “documents and writings that contained national defense information, including information classified as Top Secret.”
Pho is the third NSA worker to be charged in the past two years with mishandling classified data. His plea is the latest — and perhaps final — chapter in the NSA’s hunt for those responsible for leaking NSA hacking tools that have been published online over the past year by a shadowy group calling itself The Shadow Brokers.
https://thehill.com/policy/national-security/436950-former-cia-nsa-employees-sue-agencies-over-alleged-censorship
Ex-NSA employees criticize Mike Rogers’ role with Israeli venture firm
In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc By Nicole Perlroth and Scott Shane May 25, 2019
For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.
But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.
Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.
It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.
The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders.
< – >
WHERE ARE THE CLASS ACTION SUITS?
WHY DOESN’T THE STATE HOLD THE DEFENSE DEPARTMENT ACCOUNTABLE FOR THE DAMAGE DONE TO THEIR CITIZENS?
Breaking news. Patch yourself for the CVEs exploited by NSA tools on the loose. This includes major cities!
ETERNALBLUE was initially nicknamed EternalBluescreen —NSA never seriously considered alerting Microsoft about discovering the vulnerability (before Shadow Brokers happened), and —“held on it” (“used it,” presumably) for more than five years
https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html
https://twitter.com/waveslide/status/1132442317372219392
In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc
https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html
For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.
But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.
Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.
It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.
The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders.
< – >
https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html
In Pennsylvania School Districts Stockpiling Huge budget surplus accounts, while still raising property taxes every year