Since early May, Baltimore has been grappling with a city-crippling ransomware attack. A fiery debate has erupted within the information security community over who is to blame for the mess.
The match that lit the blaze: A story published by the The New York Times last weekend claiming the U.S. National Security Agency is partly responsible for helping to spread the computer-seizing digital infection. The report alleges that hackers used malware, dubbed RobbinHood, paired with EternalBlue, a powerful, self-propagating hacking tool allegedly developed by the NSA to target (now outdated) Microsoft Windows software. The code behind EternalBlue leaked online at the hands of a mysterious, still-unknown entity called the ShadowBrokers in 2017, and nation state actors have used the weapon to launch destructive cyberattacks—including North Korea’s WannaCry and Russia’s NotPetya—costing billions of dollars in damages for businesses and governments around the globe.
Because NSA lost control of this hacking tool, an alleged “key component” of the latest ransomware, according to the Times, the paper lays blame at the spy agency’s feet.
The backlash on that point has been fierce. Some information security professionals have argued that the malware in question did not need EternalBlue to wreak its havoc. Dave Aitel, a former NSA hacker and present chief security officer of Cyxtera, a data center company, wrote on his personal blog that “that particular exploit being used to do lateral movement for this ransomware is neither supported by any public facts, nor my own sources on the issue.” Alternative means of propagation were far likelier, he said. Rob Graham, CEO of Errata Security, a cybersecurity shop, agreed that even if the ransomware incorporated EternalBlue code, it probably didn’t rely on the tool to spread. “Yes, ransomware increasingly includes Eternalblue as part of their arsenal of attacks, but this doesn’t mean Eternalblue is responsible for ransomware,” he wrote on his own blog.