An NSA cyber weapon is reportedly being used against American cities by the very adversaries it was meant to target

Military Tech

Staff Sgt. Wendell Myler, a cyber warfare operations journeyman assigned to the 175th Cyberspace Operations Group of the Maryland Air National Guard monitors live cyber attacks on the operations floor of the 27th Cyberspace Squadron, known as the Hunter's Den, at Warfield Air National Guard Base, Middle River, Md., June 3, 2017

In less than three years after the National Security Agency found itself subject to an unprecedentedly catastrophic hacking episode, one of the agency's most powerful cyber weapons is reportedly being turned against American cities with alarming frequency by the very foreign hackers it was once intended to counter.


An explosive New York Times story published Saturday detailing how the NSA's Tailored Access Operations lost control of its so-called 'EternalBlue' malware tool to a cadre of hackers known as the Shadow Brokers, which subsequently publicized the agency's software exploits on the internet and passed them along to hackers associated with Russia, China, and North Korea

The Shadow Brokers' disclosure reportedly came thanks to a 54-year-old former contractor Harold Martin III, who plead guilty in March 2019 for, among other things, taking classified documents and electronic devices home with him for more than 20 years in what government officials characterized as the biggest leak of classified information in U.S. history.

The New York Times story comes in the midst of an ongoing cyberattack on the city government of Baltimore that has paralyzed critical infrastructure and halted daily important transactions from home sales to utility payments. But apparently, the NSA connection wasn't publicly known before Saturday — and the first four paragraphs of the Times story will absolutely make your blood boil:

For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.

But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.

Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyber weapon has boomeranged back and is now showing up in the N.S.A.'s own backyard.

It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.

To be clear: the NSA built a malware tool capable of disabling the computer systems that control everything from payroll to power grids, lost it, and then basically kept its mouth shut as its own tool was turned against them by the very enemies they were meant to target in the first place.

This is basically the cyber equivalent of the GBU-43/B Massive Ordnance Air Blast bomb falling into the hands of ISIS fighters in Nangarhar because some personnel assigned to U.S. Forces Afghanistan delivered the schematics by hand.

Even worse, it casts a major shadow over the aggressive cyber defense plan that the Pentagon rolled out last year to "[defend] forward to intercept and halt cyber threats."

It's also worth noting that Martin's 2016 arrest and the Shadow Broker's subsequent leak of NSA hacking tools occurred just over three years after Edward Snowden pulled back the curtain on the agency's vast domestic surveillance apparatus.

But while a narrow majority of Americans tended to support the NSA's domestic surveillance missteps in the aftermath of the Snowden disclosures, they may not be so forgiving when their light start going out.

SEE ALSO: When Does A Cyber Attack Constitute An Act Of War? We Still Don't Know

WATCH NEXT: The Navy's 'Sky Penis' Incident (A Dramatic Reading)

A military funeral at Fort Jackson National Cemetery in 2014. Photo: Sgt. 1st Class Joel Quebec/U.S. Army

A U.S. soldier died on Friday while in Syria supporting Operation Inherent Resolve, the Defense Department announced on Saturday.

Read More
DoD photo

A word that could once not be mentioned in court — torture — was front and center on Friday as a military tribunal prepares to take on the long-delayed trial of Khalid Shaikh Mohammed, the confessed chief plotter of the 9/11 attacks, and four other defendants.

"I know torture's a dirty word," defense attorney Walter Ruiz told the tribunal. "I'll tell you what, judge, I'm not going to sanitize this for their concerns."

Read More

The suspect in the death of 21-year-old U.S. Marine Cpl. Tyler Wallingford, who was fatally shot in the barracks of the U.S. Marine Corps Air Station Beaufort more than nine months ago, was found guilty in military court of involuntary manslaughter earlier this month and sentenced to more than five years.

Read More
U.S. Navy/Mass Communication Specialist 2nd Class Dylan McKay

A U.S. Navy aircrew has been rescued after their MH-60S helicopter went down into the Philippine Sea on Saturday.

Read More
Photo: Fort Jackson Public Affairs

A 19-year-old Army private who died during basic training earlier this month was posthumously promoted to private first class, just before friends and family gathered for a memorial service to honor his life on Jan. 16.

Read More