EternalBlue is the name of a vulnerability in Microsoft Window’s operating system, used by the majority of PCs in the world, both personal, by businesses, and governments. It’s also the name of the latest technology in the world of hacking and, even according to Microsoft themselves, was developed by the the USA’s NSA (National Security Agency). The tool targets a chink in the armour of the Windows Server Message Block.
This part of the software is what allows computers running on Windows to communicate each other. Devices used to run remote services such as connecting all of the PCs in an office to shared printers or internal servers holding files.
In what can only be described as extremely remiss of the NSA, it also allowed the EternalBlue tool to be stolen. The perpetrators of the theft subsequently publically leaked it, meaning it is essentially publically available. Hackers all over the world then took it, some refining and further weaponising its malware-spreading capabilities. EternalBlue was used in the WannaCry ransomware attacks last year that severely impacted companies and organisations around the world including the UK’s NHS and Spanish telecoms giant Telefonica. Overall, the tool has been used to hack hundreds of thousands of victims.
Microsoft released a patch but has heavily criticised the NSA for alerting it to the tool only after it had realised it had been stolen. Normal protocol would have been for the NSA to inform Microsoft of the discovered vulnerability, so it could be patched. Even if the NSA had argued the tool was in the country’s national interests, it could have informed Microsoft, one of the USA’s biggest corporations, which would have allowed a patch to be ready in case of an emergency – like EternalBlue being leaked.
Despite the release of the patch, many Windows computers have not been updated and are still vulnerable. Especially PCs used for sensitive work are often kept offline, in ‘cold storage’, to protect them from hackers. However, this means their software is also not regularly updated and the patch installed. If hackers can get into internal computer networks via machines that are internet connected, there is a chance they could then manage to reach these sensitive systems if they are, for example, hooked up to common printers. Some personal PC users also disable or ignore software updates.
This means EternalBlue is still being heavily exploited by hackers. As well as being used to steal passwords and other login details that can be used to hack into online bank accounts and other financial systems, it has been used by malicious cryptocurrency miners to hijack the processing power of thousands of computers. It is thought that before enough computers are patched to close off their vulnerability to EternalBlue to mean hackers no longer use it, several more years will have passed.
It’s not the first time the latest technology in hacking has been mislaid by the NSA. The DarkPulsar tool, “which burrows deep into the trusted core of a computer where it can often lurk undetected” is also thought to have originally been developed by the spy agency. Unwittingly, one of the agencies supposedly meant to protect us from ill-intentioned spies, appears to be doing its best to instead arm them to the teeth!