An online hacking tool developed by the NSA is being used to cripple American cities and extort millions of dollars from government coffers, the New York Times reports. Called EternalBlue, the tool was stolen in 2016 and dropped online the year after, enabling rogue actors and foreign intelligence agencies to use it against hospitals, airports, factories, ATMs, and other targets. Now the victims are US cities including Baltimore, San Antonio, and Allentown, Pa. And the perpetrators aren't messing around: "We've been watching you for days," said a message that popped up on Baltimore city workers' screens in early May, demanding roughly $100,000 in Bitcoin to unlock their files, per the Baltimore Sun. "We won't talk more, all we know is MONEY! Hurry up!"
NSA workers apparently found a flaw in Microsoft's software but didn't tell Microsoft while the agency used EternalBlue for counter-terror and intelligence-gathering. Only when Shadow Brokers leaked the tool did the NSA inform Microsoft, which put out a patch—yet hundreds of thousands of computers remain unprotected around the world. Not all the damage is known, but Allentown had to pay about $1 million and Baltimore, which refuses to pay, is trying to restore services with workarounds. Meanwhile, officials are disputing who's to blame and what's to be done. "Congressional oversight appears to be failing," says a cybersecurity expert. "The American people deserve an answer." (See what happened when hackers hit Atlanta.)