BALTIMORE (WJZ) — A spy tool born in Maryland is now being exploited as a cyber weapon in a global attack.
Last week, a software flaw that would become one of the NSA’s powerful hacking tools was stolen and weaponized by cyber criminals for the most disruptive global attack ever.
A new report by the Washington Post outlines how hackers were able to unleash the government tool, and it’s something cyber experts tell WJZ’s Kimberly Eiten the NSA should have seen coming.
Experts say we should expect a government agencies, like the NSA, to safeguard their surveillance tools, but this shows it is just as vulnerable as any other internet user.
EternalBlue is the powerful spy tool born inside the National Security Agency’s Maryland headquarters from a secret software flaw.
It’s used by the government for mass surveillance.
“There’s no patch. There’s no real way to circumvent that vulnerability, and that’s what the NSA relied upon,” said cyber expert Paul Dant.
Last weekend, it was weaponized by cyber criminals, and renamed WannaCry.
Cyber expert Paul Dant is a cyber expert and a skilled hacker himself. He’s studied the computer code for the ransomware unleashed worldwide on Friday.
It triggered a days long attack disrupting hospital systems, Fortune 500 companies, all the way down to personal computers.
“It doesn’t require a click on an link in an email or really any kind of human interaction to spread around the internet,” he said.
And spread it did.
The secret software flaw is a surveillance tool for the NSA, but for hackers, it’s a weapon to hold 300,000 computers hostage in 150 countries.
Dant says it exploits a weakness in a Microsoft operating system.
That allowed the NSA to get inside computers virtually undetected.
Hackers used the same software to lock files, threatening to destroy them unless paid a $300 ransom.
In a blog post, Microsoft President Brad Smith compared it to the “U.S. military having some of its tomahawk missiles stolen.”
He, experts, and even leaders of countries hit by the virus, are all pointing back to NSA as the host of what they say was a preventable attack.
“We should have already been expecting this,” Dant says.
The Washington Post reports government officials knew how dangerous the flaw was, and even discussed revealing it to Microsoft.
In March, Microsoft released a fix for the flaw in some of its more recent software.
Friday, the company scrambled to do the same for its older operating systems hit hardest by the virus.