Cybercriminals have just mounted a massive worldwide attack. Here’s how NSA secrets helped them – Washington Post
A massive cyberattack hit tens of thousands of computers in dozens of nations. Reports of the attack first surfaced in Britain, where the National Health Service described serious problems. (Sarah Parnass/The Washington Post)
Computers around the world are suffering an attack from malicious software. The compromised computers have been hit by ransomware software that encrypts the computers hard drive so that all the information on it is unavailable, and refuses to release it until a ransom is paid in Bitcoin, an online currency that is difficult to trace. Among the victims are FedEx, Britains National Health Service and computers belonging to Russias Ministry for the Interior.
Ransomware attacks have happened before. What is unusual is how quickly this attack is compromising large numbers of critical computers. It has been so successful because it has made use of a so-called zero-day exploit a previously unknown flaw in Windows software that makes it easy to take control of vulnerable systems. This zero day exploit became publicly known last month, when it was released as part of a treasure trove of NSA data by the Shadow Brokers, a shadowy group of hackers who many believe are associated with Russian intelligence. Criminal hackers appear to have combined this exploit with ransomware tools to mount a worldwide campaign. Heres what you need to know to understand what happened.
The NSA collects zero day exploits
One of the NSAs key functions is to spy on intelligence targets in other countries. This, very often, involves compromising their computer systems. Hence, zero-day exploits for commonly used software, such as Windows, are potentially very valuable to the NSA and to its rival intelligence agencies. Big complex pieces of software like operating systems have a myriad of bugs, some of which can allow hostile outsiders to take control of computers running the software. Such exploits can be used to gain surreptitious control of computers or other devices running software, scoop up information, or even turn computers or phones into silent spying devices by, for example, taking control of their cameras and microphones. There are even clandestine markets where zero day exploits are bought and sold.
But the NSA has a dual role
The complicating factor for the NSA is that it is not only supposed to hack into the computers of interesting foreigners it is supposed to protect the computers of U.S. citizens and firms from outside attacks. This poses problems, because foreigners and U.S. citizens tend to use the same kinds of software, and be subject to the same kind of attack. Every time the NSA discovers a new vulnerability, it is supposed to go through an equities process, in which it determines whether it is better to disclose the vulnerability to software companies (so that U.S. citizens, firms and the government can be protected) or keep it for its own use (so that it can compromise foreign systems).
When the NSA discloses the vulnerability, the creators of the software can modify the software through a patch, which can then be downloaded by users to close the vulnerability. When the NSA doesnt disclose it, nothing gets done unless someone independently discovers the problem (or the hole gets closed inadvertently thanks to other changes). When Microsoft, Apple or Google make you update your computer or phone operating system (or else suffer a series of annoying reminders), they are sometimes patching real vulnerabilities.
This zero-day exploit was kept by the NSA
The Shadow Brokers leak revealed a number of NSA documents, including zero-day exploits that were previously unknown to the general public. Importantly, the Shadow Brokers leaked the files they had compromised in multiple stages, saving the zero-day exploits for a later release, which happened a couple of months later. Although no one is saying so in public, it appears likely that the NSA contacted Microsoft as soon as they realized that the zero-day exploits had been compromised by hostile actors. Certainly contrary to initial reports Microsoft patched its software soon after the initial Shadow Brokers release in ways that suggested the company had become aware of the vulnerabilities. This meant that when the zero-day exploits were released last month, people with up-to-date installations of the relevant version of Windows were already protected against these particular zero day attacks.
Patching is not always enough
The problem is that many users take time to patch their systems. Sometimes this is because of laziness, ignorance or lack of resources. Sometimes, it is because organizations have to run a variety of complex software packages and may worry that if they change one software component (especially a crucial platform or operating system) the other software will stop working. Thus, big organizations often want to take time to test newly patched software before they start running it.
For whatever reason, a variety of organizations appear not to have downloaded and implemented the patches. This meant that their systems had a gaping vulnerability, which the ransomware has now taken advantage of, compromising systems in hospitals, businesses and government ministries.
There are no easy solutions
There are many causes for the current impasse. If the NSA had weighed the vulnerabilities differently, and quietly informed Microsoft years ago, the problem would never have happened at a wider scale, because Microsoft would have issued the patch long before criminals could take advantage. Obviously, if the Shadow Brokers had kept quiet, criminals would not have been able to take advantage (although the Shadow Brokers themselves could have used the exploits against U.S. and other targets with nearly complete impunity).
The bigger problem is that no one is in charge. Responsible software producers will issue patches to protect against vulnerabilities (although they may not be obliged to under the law), but there is no way to ensure that everyone implements them. Unfortunately, the problem is getting worse rather than better over time. As Bruce Schneier points out, many of the devices on the Internet these days are not computers or phones. They are DVD players, TVs, webcams and, maybe soon, even salt shakers. The companies building such devices are not always careful about looking for, or keeping track of vulnerabilities, so that hackers can target huge numbers of poorly secured devices (and use these devices to attack other Internet users). While experts have identified the importance of the problem, it isnt clear that there is any plausible solution without radical changes to the ways we build technologies, and shape incentives for businesses and users to keep these technologies secure.
Continued here:
Cybercriminals have just mounted a massive worldwide attack. Here's how NSA secrets helped them - Washington Post
- Ranveer Singhs Dhurandhar Is Not Based On NSA Ajit Doval? Internet Speculates With Clues From The First Look - Mashable India - July 8th, 2025 [July 8th, 2025]
- NSA RIBADU: Nigeria on the brink when Tinubu assumed office - Vanguard News - July 6th, 2025 [July 6th, 2025]
- EXCLUSIVE: The Real Tin Shady How Paranoid Eminem Holes Up in Tinfoil-Covered Mansion and Hotels To 'Block' NSA Spies - RadarOnline - July 6th, 2025 [July 6th, 2025]
- Former Indian NSA: BRICS brings hope for alternative global solutions - news.cgtn.com - July 6th, 2025 [July 6th, 2025]
- Builder tied to house collapse that killed 3 slapped with NSA - Times of India - July 4th, 2025 [July 4th, 2025]
- We are working to retrieve all documents on abandoned facilities NSA Boss - Citi Sports Online - July 4th, 2025 [July 4th, 2025]
- NSA and CISA urge shift to languages improving memory safety - Developer Tech News - July 2nd, 2025 [July 2nd, 2025]
- Credit Rating For The Unrated REITs (Part 5): National Storage Affiliates Trust (NYSE:NSA) - Seeking Alpha - July 2nd, 2025 [July 2nd, 2025]
- NSA, CISA Release CSI Urging Adoption of Memory Safe Languages for Enhanced Software Security - ExecutiveGov - June 28th, 2025 [June 28th, 2025]
- Brandonville native named Sailor of the Year at NSA Mechanicsburg - The Shenandoah Sentinel - June 28th, 2025 [June 28th, 2025]
- NSA and CISA Release CSI Highlighting Importance of Memory Safe Languages in Software Security - National Security Agency (NSA) (.gov) - June 28th, 2025 [June 28th, 2025]
- NSA Doval Emphasizes Anti-Terror Cooperation During High-Level Beijing Talks With Chinese Foreign Minister - The Hans India - June 24th, 2025 [June 24th, 2025]
- NSA Doval and Chinese Foreign Minister discuss future meet on boundary issue - Tribune India - June 24th, 2025 [June 24th, 2025]
- NSA Ajit Doval to deliver strong message on terrorism on his upcoming China visit - Moneycontrol - June 22nd, 2025 [June 22nd, 2025]
- Bangladesh NSA In Washington, Talking To Trump Officials. More Regional Shifts? - IndiaWest - June 22nd, 2025 [June 22nd, 2025]
- Naval Academy, NSA Annapolis closed Monday for mysterious world events. Both reopened Tuesday. - Baltimore Sun - June 22nd, 2025 [June 22nd, 2025]
- Pakistan is useful to the world: Former NSA Shivshankar Menon explains why countries still support Islam - The Economic Times - June 22nd, 2025 [June 22nd, 2025]
- Midland University Receives Grant from NSA - Midland University - June 20th, 2025 [June 20th, 2025]
- NSA Approves Wave Relay Devices for Securing Classified Information - AFCEA International - June 7th, 2025 [June 7th, 2025]
- NSA Validates Wave Relay devices to Protect Classified Information - PR Newswire - June 5th, 2025 [June 5th, 2025]
- Cyberattacks Surge in 2025: Data Analysts Urged to Bolster Privacy with PETs and NSA-CISA AI Security Guidelines - WebProNews - June 1st, 2025 [June 1st, 2025]
- India is ready and has capability to fight terrorism on its own: Former Dy NSA Pankaj Saran in London - The Economic Times - June 1st, 2025 [June 1st, 2025]
- NSA Teams With Int'l Cyber Agencies to Craft Guidance for Implementing SIEM, SOAR Platforms - ExecutiveGov - May 28th, 2025 [May 28th, 2025]
- NSA, ASDs ACSC, and other agencies publish three Cybersecurity Information Sheets with gu - National Security Agency (.gov) - May 28th, 2025 [May 28th, 2025]
- Punjab MP and NSA detainee Amritpal Singhs jailed aides look to speed up trials in other FIRs, file plea - Times of India - May 28th, 2025 [May 28th, 2025]
- NSA Ajit Doval down with flu, calls off visit to Russia - Hindustan Times - May 28th, 2025 [May 28th, 2025]
- Former NSA Director and SandboxAQ CEO on Quantitative AI and its inevitable integration - MSN - May 28th, 2025 [May 28th, 2025]
- NSA Ajit Doval speaks with Chinese FM Wang Yi amid rising India-Pak tension 'War not India's choice' - The Economic Times - May 11th, 2025 [May 11th, 2025]
- 'War was not India's choice and was not in the interests of any party': NSA Ajit Doval speaks to China's - Times of India - May 11th, 2025 [May 11th, 2025]
- NSA to cut up to 2,000 civilian roles - The Hill - May 10th, 2025 [May 10th, 2025]
- NSA Ajit Doval speaks with US Secretary of State 'shortly after' Indian strikes on Pak - Deccan Herald - May 10th, 2025 [May 10th, 2025]
- NSA to cut up to 2,000 civilian roles as part of intel community downsizing - The Record from Recorded Future News - May 10th, 2025 [May 10th, 2025]
- Operation Sindoor: NSA Doval engages with counterparts from US, UK, China, and Russia - Social News XYZ - May 10th, 2025 [May 10th, 2025]
- CIA, NSA to face major layoffs as Trump pushes intelligence reform - Times of India - May 5th, 2025 [May 5th, 2025]
- Dont see a major war with India, but have to be ready: Pakistan ex-NSA - Al Jazeera - May 5th, 2025 [May 5th, 2025]
- Donald Trump set to axe thousands of jobs at CIA, NSA and other agencies - Daily Mail - May 5th, 2025 [May 5th, 2025]
- 757Teamz softball Top 15: NSA moves up as Hickory perseveres to remain No. 1 - The Virginian-Pilot - May 5th, 2025 [May 5th, 2025]
- NSA head Mike Waltz and his deputy Alex Wong to exit Trump admin amid Signal chat fiasco - The Economic Times - May 5th, 2025 [May 5th, 2025]
- Trump speaks out on NSA shakeup, addresses third term talk - Fox News - May 5th, 2025 [May 5th, 2025]
- Mike Waltz, Alex Wong to resign: Here's who may replace NSA head and deputy - Hindustan Times - May 5th, 2025 [May 5th, 2025]
- A Lot of People Want the Job: Trump Says Hell Choose Waltzs NSA Replacement in Next 6 Months - The Daily Signal - May 5th, 2025 [May 5th, 2025]
- Will Steve Witkoff replace Mike Waltz as Donald Trump's new NSA? - Times of India - May 5th, 2025 [May 5th, 2025]
- Beavercreek native recognized for NSA Codebreaker achievement - Fairborn Daily Herald - May 5th, 2025 [May 5th, 2025]
- Marco Rubio to serve as acting NSA; Mike Waltz removed by President Trump - FOX 35 Orlando - May 5th, 2025 [May 5th, 2025]
- Trump says he will name new NSA within 6 months - LiveNOW from FOX - May 5th, 2025 [May 5th, 2025]
- Mike Waltz out as NSA, Rubio to serve in the interim - LiveNOW from FOX - May 5th, 2025 [May 5th, 2025]
- Mike Waltz Leaves White House for UN Witkoff Tipped as Trumps Next NSA - Hungarian Conservative - May 5th, 2025 [May 5th, 2025]
- McConnell calls out Trump for hiring amateur isolationists at Pentagon, firing NSA director - The Hill - April 8th, 2025 [April 8th, 2025]
- Trumps firing of NSA chief is rolling out the red carpet for cyber attacks - Politico - April 8th, 2025 [April 8th, 2025]
- A conspiracy theorist convinced Trump to fire the NSA director - Vox - April 8th, 2025 [April 8th, 2025]
- William Hartman Named Acting NSA Director Following Dismissal of Top Officials - ExecutiveGov - April 8th, 2025 [April 8th, 2025]
- NSA and partners Issue Guidance on Fast Flux as a National Security Threat - National Security Agency (NSA) (.gov) - April 8th, 2025 [April 8th, 2025]
- Security News This Week: NSA Chief Ousted Amid Trump Loyalty Firing Spree - WIRED - April 8th, 2025 [April 8th, 2025]
- Head of NSA and US Cyber Command reportedly fired - Cybersecurity Dive - April 8th, 2025 [April 8th, 2025]
- Trump fires Gen. Timothy Haugh from leadership of Cyber Command and NSA - DefenseScoop - April 8th, 2025 [April 8th, 2025]
- Gen. Timothy Haugh, head of NSA and Cyber Command, is fired - CBS News - April 8th, 2025 [April 8th, 2025]
- Trump's mixed tariff messaging and NSA director and deputy fired: Morning Rundown - NBC News - April 8th, 2025 [April 8th, 2025]
- NSA Director and Deputy Reportedly Dismissed: What We Know - Newsweek - April 8th, 2025 [April 8th, 2025]
- Haugh fired from leadership of NSA, Cyber Command - The Record from Recorded Future News - April 8th, 2025 [April 8th, 2025]
- Trump administration fires head of NSA and U.S. Cyber Command, along with other top officials - CBS News - April 8th, 2025 [April 8th, 2025]
- US Cyber Command, NSA Chief Gen. Timothy Haugh ousted by Trump admin - Breaking Defense - April 8th, 2025 [April 8th, 2025]
- Face the Facts: Rep. Himes talks about firing of two top NSA officials - NBC Connecticut - April 8th, 2025 [April 8th, 2025]
- NSA Issues Advisory on Fast Flux Cyberthreat - ExecutiveGov - April 8th, 2025 [April 8th, 2025]
- Loomer, far-right activist, urged Trump to remove NSA director and others: Sources - ABC News - April 8th, 2025 [April 8th, 2025]
- The NSA Sounds Security Alarm For Billions Of iPhone And Android Phones - HotHardware - April 8th, 2025 [April 8th, 2025]
- NSA director fired after Trumps meeting with right-wing influencer Laura Loomer - The Verge - April 8th, 2025 [April 8th, 2025]
- Trump fires head of NSA and Cyber Command - Nextgov - April 8th, 2025 [April 8th, 2025]
- What are the national security concerns of Trump firing the NSA, Cyber Command head? - CBS News - April 8th, 2025 [April 8th, 2025]
- Who is Timothy Haugh? The NSA chief fired amid cyber security concerns - Times of India - April 8th, 2025 [April 8th, 2025]
- NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on Fast Flux, a National Security Threat - Hstoday - April 8th, 2025 [April 8th, 2025]
- Senator King Responds to Reported Firing of NSA Director General Timothy Haugh - WAGM - April 8th, 2025 [April 8th, 2025]
- NSA warned of vulnerabilities in Signal app a month before Houthi strike chat - CBS News - March 26th, 2025 [March 26th, 2025]
- Trump said poised to fire NSA Mike Waltz for including journalist in top secret war chat - The Times of Israel - March 26th, 2025 [March 26th, 2025]
- Not the last Waltz: Trump defends NSA after security breach - The Times of India - March 26th, 2025 [March 26th, 2025]
- NSA warned about vulnerabilities in Signal prior to White House group chat fiasco - SiliconANGLE News - March 26th, 2025 [March 26th, 2025]
- NSA warned the Signal app was vulnerable last month - WTIC - March 26th, 2025 [March 26th, 2025]
- Codebreakers and Covert Agents: The Women Behind the NSA and CIA heads to Illinois State Museum - WAND - March 26th, 2025 [March 26th, 2025]
- NSA warned about using Signal a month before leak of Houthi strike chat - CBS News - March 26th, 2025 [March 26th, 2025]
- 'Putin is giddy': NSA knew Signal was vulnerable to Russian hackers before security breach - AlterNet - March 26th, 2025 [March 26th, 2025]
- RAW: NSA MIKE WALTZ EXPECTED TO VISIT GREENLAND - Local 3 News - March 26th, 2025 [March 26th, 2025]