Cybercriminals have just mounted a massive worldwide attack. Here’s how NSA secrets helped them – Washington Post
A massive cyberattack hit tens of thousands of computers in dozens of nations. Reports of the attack first surfaced in Britain, where the National Health Service described serious problems. (Sarah Parnass/The Washington Post)
Computers around the world are suffering an attack from malicious software. The compromised computers have been hit by ransomware software that encrypts the computers hard drive so that all the information on it is unavailable, and refuses to release it until a ransom is paid in Bitcoin, an online currency that is difficult to trace. Among the victims are FedEx, Britains National Health Service and computers belonging to Russias Ministry for the Interior.
Ransomware attacks have happened before. What is unusual is how quickly this attack is compromising large numbers of critical computers. It has been so successful because it has made use of a so-called zero-day exploit a previously unknown flaw in Windows software that makes it easy to take control of vulnerable systems. This zero day exploit became publicly known last month, when it was released as part of a treasure trove of NSA data by the Shadow Brokers, a shadowy group of hackers who many believe are associated with Russian intelligence. Criminal hackers appear to have combined this exploit with ransomware tools to mount a worldwide campaign. Heres what you need to know to understand what happened.
The NSA collects zero day exploits
One of the NSAs key functions is to spy on intelligence targets in other countries. This, very often, involves compromising their computer systems. Hence, zero-day exploits for commonly used software, such as Windows, are potentially very valuable to the NSA and to its rival intelligence agencies. Big complex pieces of software like operating systems have a myriad of bugs, some of which can allow hostile outsiders to take control of computers running the software. Such exploits can be used to gain surreptitious control of computers or other devices running software, scoop up information, or even turn computers or phones into silent spying devices by, for example, taking control of their cameras and microphones. There are even clandestine markets where zero day exploits are bought and sold.
But the NSA has a dual role
The complicating factor for the NSA is that it is not only supposed to hack into the computers of interesting foreigners it is supposed to protect the computers of U.S. citizens and firms from outside attacks. This poses problems, because foreigners and U.S. citizens tend to use the same kinds of software, and be subject to the same kind of attack. Every time the NSA discovers a new vulnerability, it is supposed to go through an equities process, in which it determines whether it is better to disclose the vulnerability to software companies (so that U.S. citizens, firms and the government can be protected) or keep it for its own use (so that it can compromise foreign systems).
When the NSA discloses the vulnerability, the creators of the software can modify the software through a patch, which can then be downloaded by users to close the vulnerability. When the NSA doesnt disclose it, nothing gets done unless someone independently discovers the problem (or the hole gets closed inadvertently thanks to other changes). When Microsoft, Apple or Google make you update your computer or phone operating system (or else suffer a series of annoying reminders), they are sometimes patching real vulnerabilities.
This zero-day exploit was kept by the NSA
The Shadow Brokers leak revealed a number of NSA documents, including zero-day exploits that were previously unknown to the general public. Importantly, the Shadow Brokers leaked the files they had compromised in multiple stages, saving the zero-day exploits for a later release, which happened a couple of months later. Although no one is saying so in public, it appears likely that the NSA contacted Microsoft as soon as they realized that the zero-day exploits had been compromised by hostile actors. Certainly contrary to initial reports Microsoft patched its software soon after the initial Shadow Brokers release in ways that suggested the company had become aware of the vulnerabilities. This meant that when the zero-day exploits were released last month, people with up-to-date installations of the relevant version of Windows were already protected against these particular zero day attacks.
Patching is not always enough
The problem is that many users take time to patch their systems. Sometimes this is because of laziness, ignorance or lack of resources. Sometimes, it is because organizations have to run a variety of complex software packages and may worry that if they change one software component (especially a crucial platform or operating system) the other software will stop working. Thus, big organizations often want to take time to test newly patched software before they start running it.
For whatever reason, a variety of organizations appear not to have downloaded and implemented the patches. This meant that their systems had a gaping vulnerability, which the ransomware has now taken advantage of, compromising systems in hospitals, businesses and government ministries.
There are no easy solutions
There are many causes for the current impasse. If the NSA had weighed the vulnerabilities differently, and quietly informed Microsoft years ago, the problem would never have happened at a wider scale, because Microsoft would have issued the patch long before criminals could take advantage. Obviously, if the Shadow Brokers had kept quiet, criminals would not have been able to take advantage (although the Shadow Brokers themselves could have used the exploits against U.S. and other targets with nearly complete impunity).
The bigger problem is that no one is in charge. Responsible software producers will issue patches to protect against vulnerabilities (although they may not be obliged to under the law), but there is no way to ensure that everyone implements them. Unfortunately, the problem is getting worse rather than better over time. As Bruce Schneier points out, many of the devices on the Internet these days are not computers or phones. They are DVD players, TVs, webcams and, maybe soon, even salt shakers. The companies building such devices are not always careful about looking for, or keeping track of vulnerabilities, so that hackers can target huge numbers of poorly secured devices (and use these devices to attack other Internet users). While experts have identified the importance of the problem, it isnt clear that there is any plausible solution without radical changes to the ways we build technologies, and shape incentives for businesses and users to keep these technologies secure.
Continued here:
Cybercriminals have just mounted a massive worldwide attack. Here's how NSA secrets helped them - Washington Post
- Spymaster United States Joshua Rudd, US special forces officer nursing NSA back to health - Intelligence Online - July 7th, 2026 [July 7th, 2026]
- Capability, Not Compute: NSA Discretion in the Frontier AI EO - The Well News - July 7th, 2026 [July 7th, 2026]
- NSA partners with dog walking app to tackle livestock worrying - Agriland UK - July 1st, 2026 [July 1st, 2026]
- Youth Round Table Discussion: Youth round table discussion held at NSA - Myanmar International TV - July 1st, 2026 [July 1st, 2026]
- NSA welcomes Farming Roadmap 2050 and says farmers are ready to meet the challenge - Meat Management - July 1st, 2026 [July 1st, 2026]
- Crypto Executive Disputes Claims Anthropics Mythos Breached NSA Systems - Yahoo Tech - June 22nd, 2026 [June 22nd, 2026]
- Crypto Executive Disputes Claims Anthropics Mythos Breached NSA Systems - BeInCrypto - June 22nd, 2026 [June 22nd, 2026]
- Its more than Iran could have ever hoped for: Ex-US NSA John Bolton on US-Iran deal - Firstpost - June 22nd, 2026 [June 22nd, 2026]
- Manipur slaps NSA on youth already held under UAPA. Why HC quashed both cases, ordered his release - ThePrint - June 22nd, 2026 [June 22nd, 2026]
- Algorand Post-Quantum Security by 2027: 3 Years Ahead of NSA - The Cryptonomist - June 22nd, 2026 [June 22nd, 2026]
- China foreign minister set to attend Brics NSA meet in Delhi next week - The Times of India - June 22nd, 2026 [June 22nd, 2026]
- India to host BRICS NSA meet on June 2223: MEA - Awaz The Voice - June 22nd, 2026 [June 22nd, 2026]
- IDR Final Rule updates NSA dispute resolution | United States | Global law firm - Norton Rose Fulbright - June 16th, 2026 [June 16th, 2026]
- Where Is Edward Snowden Now? What to Know About the NSA Whistleblower's Life in Exile, 13 Years Later - People.com - June 16th, 2026 [June 16th, 2026]
- Former NSA official: 'Timing couldn't have been worse' for FISA 702 to expire - WBFF - June 16th, 2026 [June 16th, 2026]
- SHAREHOLDER ALERT: The M&A Class Action Firm Continues to Investigate the Merger--CZNL, NSA, CNBN, and ESQ - PR Newswire - June 16th, 2026 [June 16th, 2026]
- Training, teamwork, and quick action save a life at NSA Philadelphia - MilitaryNews.com - June 12th, 2026 [June 12th, 2026]
- NSA Insurance celebrates 100 years of selling a promise on the East End - The Suffolk Times - June 12th, 2026 [June 12th, 2026]
- Ex Pakistan NSA Moeed Yusuf says fixing ties with India key to economic revival, regional trade ambitions - ThePrint - June 12th, 2026 [June 12th, 2026]
- RSABI's Carol McLaren wins NSA Silver Salver for her work in the industry - The Scottish Farmer - June 12th, 2026 [June 12th, 2026]
- Anthropic's Mythos model is reportedly powering NSA offensive cyber ops against China and Iran - the-decoder.com - June 7th, 2026 [June 7th, 2026]
- NSA taps three officials for top cybersecurity positions - Nextgov/FCW - June 7th, 2026 [June 7th, 2026]
- Anthropic is blacklisted by the Pentagon and being used by the NSA at the same time - TechSpot - June 7th, 2026 [June 7th, 2026]
- NSA said to be readying Anthropics Mythos for use in cyber operations - TechCrunch - June 5th, 2026 [June 5th, 2026]
- Former NSA John Bolton to plead guilty to retaining classified info - MS NOW - June 5th, 2026 [June 5th, 2026]
- Trump executive order on AI gives central role to NSA - Breaking Defense - June 5th, 2026 [June 5th, 2026]
- Anthropic Is Helping the NSA Hack China. It Also Wants Everyone to Pause AI - Yahoo - June 5th, 2026 [June 5th, 2026]
- NSA using Claude Mythos for 'offensive cyber operations,' report claims says 'half-a-dozen' Anthropic engineers embedded inside the agency - Tom's... - June 5th, 2026 [June 5th, 2026]
- NSA selects new leads for key cybersecurity posts - The Record from Recorded Future News - June 5th, 2026 [June 5th, 2026]
- NSA Joins CISA and Partners to Release Guidance on Hardening Automatic Tank Gauge Systems - National Security Agency (NSA) (.gov) - June 5th, 2026 [June 5th, 2026]
- FT: Anthropic staff helping the NSA use Mythos for offensive cyberattacks - Sherwood News - June 5th, 2026 [June 5th, 2026]
- Anthropic Is Helping the NSA Hack China. It Also Wants Everyone to Pause AI - Decrypt - June 5th, 2026 [June 5th, 2026]
- Anthropic Embeds Engineers at NSA to Deploy Mythos AI for Offensive Cyber Operations - MLQ.ai - June 5th, 2026 [June 5th, 2026]
- The NSA has all the equipment and technology needed to track bandits but lacks the political will to do so -Stephen alleges Watch full interview:... - June 5th, 2026 [June 5th, 2026]
- Anthropic aids NSA with Mythos to bolster offensive cyber operations - CHOSUNBIZ - Chosunbiz - June 5th, 2026 [June 5th, 2026]
- NSA warns that cybercriminals are targeting this one critical component that the energy, chemical, food, agriculture, and transportation sectors rely... - June 5th, 2026 [June 5th, 2026]
- Video | Ex-Trump NSA Adviser Pleads Guilty To Classified Info Leak | Zelenskyy Calls For Meet With Putin - NDTV - June 5th, 2026 [June 5th, 2026]
- Former Trump NSA John Bolton to plead guilty over retaining classified documents: Report - WION - June 5th, 2026 [June 5th, 2026]
- Anthropics Mythos being used by US NSA for cyber operations FT - Business Post - June 5th, 2026 [June 5th, 2026]
- This day, that year: From Robert F. Kennedys assassination to Edward Snowdens NSA revelations how June 5 shaped the world - The Times of India - June 5th, 2026 [June 5th, 2026]
- Strengthening the security architecture with NSA and HSA - The Guardian Nigeria News - June 5th, 2026 [June 5th, 2026]
- Ex-US NSA Bolton to plead guilty over mishandling classified documents: Report - ANI News - June 5th, 2026 [June 5th, 2026]
- The NSA, Mythos and the quiet emergence of AI cyber doctrine - csoonline.com - May 27th, 2026 [May 27th, 2026]
- NSA warning on AI automation protocol raises fresh testing concerns for banks - QA Financial - May 27th, 2026 [May 27th, 2026]
- Pentagon and NSA Form Joint AI Task Force to Deploy Frontier Hacking Models on Classified Networks - SOFX - May 27th, 2026 [May 27th, 2026]
- Marco Rubio meets NSA Doval, discusses defence, security and strategic tech cooperation including TRUST in - The Economic Times - May 27th, 2026 [May 27th, 2026]
- Two protesters detained under NSA to appear before advisory board in Lucknow today - The Times of India - May 27th, 2026 [May 27th, 2026]
- General Paul M. Nakasone Director National Security Agency and staff carry a wreath to the Memorial Wall. - National Security Agency (NSA) (.gov) - May 20th, 2026 [May 20th, 2026]
- NSA scandal: Court admits bank documents between Gifty Oware and ADB - Modern Ghana - May 20th, 2026 [May 20th, 2026]
- Wiretapping trial: NSA, ICPC boss acknowledge conversation cited by in El-Rufai TV Interview - Business News Nigeria - May 20th, 2026 [May 20th, 2026]
- NSA, ICPC El-Rufais Open Confession in Media Interview Witness Testifies - The Guardian Nigeria News - May 20th, 2026 [May 20th, 2026]
- NSA issues strong warning to sports bodies over governance compliance - GhanaWeb - May 20th, 2026 [May 20th, 2026]
- Witness: NSA confirmed wiretapped conversation referenced by el-Rufai was authentic - TheCable - May 20th, 2026 [May 20th, 2026]
- NSA wiretapping: El Rufai returned to DSS custody, awaits bail - Pointblank News - May 20th, 2026 [May 20th, 2026]
- Alleged Security Breach: NSA Confirmed Conversation Referenced By El-Rufai Was Authentic Witness - Channels Television - May 20th, 2026 [May 20th, 2026]
- El-Rufai: NSA, ICPC chair confirmed tapped conversation Witness - Punch Newspapers - May 20th, 2026 [May 20th, 2026]
- Imran Khan coup: 'US message to Pakistan was clear ...' says Tilak Devasher, frmr NSA board - The Economic Times - May 20th, 2026 [May 20th, 2026]
- NSA Lady Saints two wins from claiming seventh consecutive V... - The Suffolk News-Herald - May 16th, 2026 [May 16th, 2026]
- The imposition of NSA on Satyam Verma and Aakriti Chaudhary is a conspiracy to keep them in jail - Countercurrents - May 16th, 2026 [May 16th, 2026]
- 'No Sailor Lives Afloat' Initiative: NSA Naples Moves 54 Sailors from Shipboard Berthing to Shore - DVIDS - May 16th, 2026 [May 16th, 2026]
- Workers protest: Day after invoking NSA, police say 1 cr transactions found in banks accounts of one accused | Hindustan Times - Hindustan Times - May 16th, 2026 [May 16th, 2026]
- Press Club of India urges Uttar Pradesh govt. to withdraw NSA against journalist Satyam Verma - The Hindu - May 16th, 2026 [May 16th, 2026]
- Uttar Pradesh police invoke NSA against two accused held during workers protest in Noida - The Hindu - May 16th, 2026 [May 16th, 2026]
- Illegal Mining: FG Hands Over Foreign Terror Suspects To NSA - Channels Television - May 16th, 2026 [May 16th, 2026]
- Noida Violence: NSA invoked against Satyam Verma and Aakriti Choudhary over alleged role in labour protest - Organiser - May 16th, 2026 [May 16th, 2026]
- NSA invoked against two accused in Noida labour unrest case - Awaz The Voice - May 16th, 2026 [May 16th, 2026]
- NSA invoked against two in April 13 workers stir in Noida - The New Indian Express - May 16th, 2026 [May 16th, 2026]
- Homeland Security: Replace NSA Ribadu if you lack confidence in him ADC to Tinubu - Daily Post Nigeria - May 16th, 2026 [May 16th, 2026]
- NSA sweeps Cape Henry for TCIS baseball and softball titles - The Suffolk News-Herald - May 9th, 2026 [May 9th, 2026]
- News - NSA Naples Sailor Named Navy Military Fire Officer of the Year - DVIDS - May 9th, 2026 [May 9th, 2026]
- Bergen's solo homerun lifts NSA into the TCIS Final - The Suffolk News-Herald - May 9th, 2026 [May 9th, 2026]
- NSA members bring sheep farming into the classroom - Farmers Guardian - May 9th, 2026 [May 9th, 2026]
- Amritpals mother confronts Mann: His NSA over, why arent you bringing him to Punjab? - The Indian Express - May 9th, 2026 [May 9th, 2026]
- They Said They Were From NSA Ribadus Office, Seized My Husband In Abuja Hotel: Woman Cries Out Over Alleged Disappearance - Sahara Reporters - May 9th, 2026 [May 9th, 2026]
- NSA Ajit Doval, Vietnam President discuss strengthening strategic partnership - The Sentinel - of this Land, for its People - May 9th, 2026 [May 9th, 2026]
- Cyber Command, NSA chief warns foreign adversaries likely to target midterms - The Record from Recorded Future News - April 29th, 2026 [April 29th, 2026]
- CISA flags data-theft bug in NSA-built OT networking tool - theregister.com - April 29th, 2026 [April 29th, 2026]
- Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' fast16 targeted nuclear reactors, dam design, and... - April 29th, 2026 [April 29th, 2026]
- The NSA Just Warned Everyone to Reboot Their Routers What to Do Right Now - National Cybersecurity Alliance - April 29th, 2026 [April 29th, 2026]
- Former NSA Science Chief Warns Humanity May Be Missing Something 'Huge' About UFO Phenomena - International Business Times UK - April 29th, 2026 [April 29th, 2026]