IntelBrief: When Cyberweapons Escape
Bottom Line Up Front
- In 2017, the National Security Agency lost control of a cyberweapon known as EternalBlue, leaked online by a group known as ‘the Shadow Brokers.’
- Malicious code can be traded and sold on the Dark Web, available to those with the resources to purchase it or in exchange for illicit products and services.
- In cyberwarfare, there are unclear rules of engagement; the laws, and policies governing the use of cyber weapons are still evolving.
- Cyberwarfare has blurred the line between nation-states and non-state actors and even between traditional notions of sovereignty and loyalty.
The National Security Agency (N.S.A.) lost control of a cyberweapon known as EternalBlue in 2017, which appeared online after it was leaked by a group known as ‘the Shadow Brokers.’ Advanced cyber tools like EternalBlue can be used for ransomware and other criminal activities – or for more nefarious political purposes. Hackers have used EternalBlue in North Korea, Russia, China, and elsewhere. Nation-states are aggressively competing to gain access to each other’s classified information and most trusted secrets, as data becomes the new currency of geopolitics and a means of gaining leverage over one’s adversaries.
The estimated cost of damages wrought by the leaking of this cyber weapon has been in the billions of dollars. Foreign intelligence agencies, hacking collectives, and criminal organizations have used EternalBlue to target infrastructure including medical, transportation, and financial institutions. The weapon has been deployed more recently by targeting local governments throughout the U.S., including Allentown, PA; San Antonio, TX; and Baltimore, MD. Destructive malware infected the internal systems of these city governments, wreaking havoc as authorities struggled to cobble together an adequate response. Local governments lack the infrastructure and robust cybersecurity of the Federal government and are therefore more vulnerable to being attacked.
EternalBlue was initially an N.S.A. exploit; and the agency was able to keep it under wraps for years. It is unclear how the weapon made it ‘out into the wild,’ a term reserved for occasions when cyberweapons are used outside the confines of the intelligence agencies that discovered or invented them. It also remains unclear whether this was an inside job or the work of sophisticated cyber forces from a foreign government. In either case, the consequences have been disastrous, and this case is merely one example of the second and third order effects of cyber weapons. Particularly with the U.S., as so few nations can match it in a conventional conflict, there has been a growing trend of near-peer competitors and weaker states investing heavily in cyberwarfare to reduce the asymmetry between their countries and the United States.
Since cyberwarfare is such a recent phenomenon, there are unclear rules of engagement. The laws, authorities, and policies governing the use of cyber weapons are still evolving, often several steps behind the actual deployment of weapons like EternalBlue. There are other issues as well, including attribution, or determining who is behind a cyber attack, and proportionality, or determining whether or not it is reasonable to respond to a cyber attack with a kinetic strike. Malicious code can be traded and sold on the Dark Web, available to those with the resources to purchase it or in exchange for illicit products and services. In some cases, hackers conduct attacks with little apparent motivation, noting that they did it for ‘the lulz,’ a slang term that roughly means, ‘just because I could.’ Cyberwarfare has begun to blur the line between nation-states and non-state actors and even between traditional notions of sovereignty and loyalty; so-called ‘cyber mercenaries’ have sold their services to the highest bidder, even when that might have deleterious consequences for their home country.
For tailored research and analysis, please contact: firstname.lastname@example.org