Atlanta, Hit by Ransomware Attack, Also Fell Victim To Leaked NSA Exploits

Zack Whittaker, reporting for ZDNet: It's been almost a week since the City of Atlanta was hit by a ransomware attack, which encrypted city data and led to the shutdown of some services. Mayor Keisha Lance Bottoms said in a press conference Monday that the city's government is working on recovering the network after ransom notes appeared on computer displays on Thursday afternoon. The city has hired local cybersecurity firm SecureWorks to assess the situation. Reports say the notorious SamSam ransomware was used in the Atlanta attack, which exploits a deserialization vulnerability in Java-based servers.

[...] But according to one security firm, last week's cyberattack was not a surprise because the city had fallen victim to leaked government exploits used in the WannaCry outbreak. New data provided by Augusta, Ga.-based cybersecurity firm Rendition Infosec, seen by ZDNet, shows that the city's network was silently infected last year with leaked exploits developed by the National Security Agency. The cybersecurity firm's founder Jake Williams said at least five internet-facing city servers were infected with the NSA-developed DoublePulsar backdoor in late April to early May 2017. That was more than a month after Microsoft released critical patches for the exploits and urged users to install.

GG NSA

[thegarbz]

So while the NSA also failed to keep citizens safe it now is shown to have directly contributed to an attack on its own government.

Well done!

Re:

[gnick]

...I would have assumed that their very role was to ensure any vulnerability they found would have been patched...

You would assume wrong. That's not their role at all. In fact, discovering vulnerabilities and keeping that information to themselves makes them better at fulfilling their actual role.

Of course, discovering vulnerabilities, refusing to disclose them, and then leaking them is a big loss for everyone.

Re:

[gnick]

I assume they decided they could make America safer by using exploits than by patching bugs.

Re:

[sjames]

I'm pretty sure none of their roles include leaking their bag of tricks to blackhats so they can be sold on the dark web. That was a collossal screw up that nobody seems to have been held accountable for. Perhaps we should sew their names into their mittens?

Go NSA!

[stooo]

NSA!
Go NSA!
Go NSA!
Go NSA!
Go NSA!
Go NSA!

Re:

[sabbede]

So whoever released their tools gets a pass?

Re:

[burtosis]

So whoever released their tools gets a pass?

Maybe the NSA should have shown them more respect than a toddler and his gloves on a school bus.

Re:

[burtosis]

Hold everyone accountable. The NSA deserves no pass. Nor do the criminals who used the exploits. But the NSA created them instead of letting vendors patch, undoubtedly used them criminally, then negligently lost them where they were used against America. The criminal hackers were likely to do the same activities, the NDA just made thier lives easier. I'd put more blame on the NSA.

Re:

[thegarbz]

Yes, because weapons have always been known to fall into the wrong hands and that goes double for those based on exploits. Security by obscurity and all that.

Re:

[Train0987]

To be fair we have no idea what the NSA has been able to prevent by these practices. As is always the case with secret services we only ever hear about the failures that become publicly known (usually for political reasons).

Re:

[thegarbz]

Nothing fair or unfair about it. The NSA had a remit to protect the nation, and they've failed at it spectacularly.

Re:

[Train0987]

"failed at it spectacularly"

You have no way of knowing that. Hyperbole doesn't help anything.

Re:

[thegarbz]

You have no way of knowing that.

Their offensive weapons they developed are being used not only against their own people with great success but against their own government.

I have heard of having your head in the sand, but to come up with that statement I think you mistook sand for concrete and then let it set.

Re:GG NSA

[drinkypoo]

To be fair we have no idea what the NSA has been able to prevent by these practices.

And therefore we have to assume that it was or at least could have been nothing, because that's the responsible thing to do in the absence of evidence.

Re:

[Train0987]

Instead of faulting the NSA maybe a bit of blame should be directed to the contractor who stole these tools and then leaked them to the world so he could get some attention and a pat on the back from the /. crowd?

Re:

[drinkypoo]

Instead of faulting the NSA maybe a bit of blame should be directed to the contractor who stole these tools

The problem is that these are NSA contractors. Working for the NSA is such a filthy job that they have to contract out work because they can't hire enough full-time employees, and they're so bad at vetting contractors that they repeatedly hire people who will release their secret information. Keeping that data secure is part of their job, and they failed at that job first by creating a work environment that leads to having to hire contractors, and then by being bad at hiring contractors.

One Billion dollars. . . .

[Salgak1]

. . . or we re-name all the streets "Peachttree". . .

Oops, too late. . . (grin)

Re:

[Anonymous Coward]

. . . or we re-name all the streets "Peachttree". . .

Oops, too late. . . (grin)

No, only every other block.

Seriously.

Ever been to Atlanta? Travel two or three miles straight on the same damn road, make no turns. And the fucking road changes names four or five times.

But yeah, half of the names will be "Peachtree Something" - "Peachtree Blossom", "Twin Peachtree", "Buzzard's Perch Peachtree", "Peachtree Peachpit", "Peachtree on Cowpie Hill", "Dead Peachtree", "Peachtree with a Rotting Cat Carcass", "Peachtree with a Dead Parrot Nailed in Place"....

Re:

[sabbede]

I have offices on Peachtree Road and Street. It's the same damn road!

This is what I hear

[jellomizer]

The government didn’t want to invest into a modern/proper IT infrastructure.
I am sure such changes were brought up, but was probably rejected due to not solving an immediate problem at hand, or gone with the lowest cost budget because they didn’t want to hear the tech talk.

Re:

[Train0987]

You do realize that local governments are funded by taxpayers, right? There's nothing stopping you from writing them a check directly...

Re:

[Anonymous Coward]

You do realize that local governments are funded by taxpayers, right? There's nothing stopping you from writing them a check directly...

You realize thats not the point they were trying to make. The point is, the squeaky wheel gets the grease. Or in this case the lack of a properly secured infrastructure wasnt a big deal until it was. Time and again Sys Admins bring up security related issues that should be addressed. Its not taken seriously until theres a breach. Most of the time its not even a funding issue. Money exists, its just allocated poorly because Director/Mangement staff dont see any obvious return or value in it.

Atlanta resident

[prisoner-of-enigma]

As a longtime resident of Atlanta (almost 30 years), I can say the incompetence and corruption of the Atlanta city government is well known around here. The higher up people are mostly political cronies who have no idea what they're doing.

Not to impugn the character of the rank-and-file IT workers. No doubt they're doing the best they can with what little the city gives them to work with. If an investigation were launched -- and it never will be -- I have little doubt it would find IT has been screaming for funds to get proper security and backups implemented and those screams have been ignored. Why spend money on IT security when you can spend it on a worthless streetcar system nobody uses [myajc.com]? Or perhaps an entertainment venue in the middle of a crime-ridden area [atlantadowntown.com] nobody wanted to go to? Or how about a mini-golf "fun park" nobody wanted to visit in downtown Atlanta?

All these fiascos were paid for in whole or in part by Atlanta taxpayers and always seemed to get built and run by people really friendly with Atlanta politicians. Nah, no corruption to see here folks. Move along and keep electing the same morons [youtube.com] every time the elections come along.

Re:Atlanta resident

[rmdingler]

Municipal legislators are ever more inept, and often more corrupt than even State or Federal governors, since as the government gets smaller and more localized there are fewer checks and balances.

We gripe about the ineptitude of our local representatives everywhere in the world, and yet, we barely find the time to vote or serve.

Corruption and ineptitude are interchangeably to blame, but complacency is the fertilizer.

Re:

[drinkypoo]

We gripe about the ineptitude of our local representatives everywhere in the world, and yet, we barely find the time to vote or serve.

Voting I will do. But run for office? That's unpossible. I'm a regular person who has done regular stuff, so regular people won't vote for me. They will only vote for someone whose life is completely unlike theirs.

Re:

[AmiMoJo]

It's pretty much the same in every line of work. Businesses try to mitigate this by creating systems, ways of doing things that avoid the problems. In software development we have all kinds of methodologies to avoid making poor decisions and create reasonably good designs, and we still fail quite often.

In politics there are fewer such systems, especially at local level. And most of the people doing those jobs have zero training. In fact the only qualification they need to get the job is winning a popular vo

Re:

[Anonymous Coward]

I just learned you have lots of African Americas in power in that city. What you call corruption, I call reparations. Yes, they should be honest about taking money via theft, but then nothing would happen. So, you gotta let the untouchables do as they please, and YOU must pay for it. Itâ(TM)s their birthright and your obligation to pay for it.

Never live in a city run by blacks. Lol, just donâ(TM)t

You're both ignorant and stupid. Atlanta is black majority (54%) city.
It's mostly black people whose money is being stolen and wasted.
We don't see it as reparations when they're stealing from black people.

Re: Atlanta resident

[Ogive17]

Why give IT department a pass? Doesn't matter if your bosses are inept, that should not stop someone from doing their job.

Re:

[prisoner-of-enigma]

Why give IT department a pass? Doesn't matter if your bosses are inept, that should not stop someone from doing their job.

There's this thing called "budget" you would know about if you'd ever been in a management position. It puts together a budget to pay for all the things it says it needs like hardware, software, services, and headcount. We're not talking about some operation in your basement; Atlanta has thousands and thousands of computers and users, a huge network, and all the complexity that goes along with it. Managing something like that requires either very expensive tools or a lot of very competent people (the lat

Re:

[swb]

I would bet in Atlanta the IT department is a bunch of people hired for their race or connections. I've seen this in several government IT offices in places way better managed than Atlanta.

The relatively high wages of IT and the "good career prospects" make it a tempting spot to place associates of politically influential leaders. The backwater nature of most small government unit IT contributes, too, as higher ups tend to see them as safe jobs to give away because they're generally not unionized and the

Re:

[dyslexicbunny]

Ugh. The streetcar system was such a stupid proposal and development. And if Atlanta actually had public transit that went places, you never would have needed such a useless piece of crap. And the Peach pass lanes on I-85?

The biggest problem with transportation in Georgia is the politicians and how they poisoned the well with the 400 toll. No one wants to give them more money because they know it will never go away.

Why haven't they hired professionals yet?

[ITRambo]

Damn, Atlanta. You seem to never learn. How about hiring some proven professional network admins that actually setup an optimized server and network security?

Re:

[v1]

I feel no pity for those that get hit repeatedly by this sort of thing. "Fool me once, shame on you. Fool me twice, shame on ME!"

Re:

[AHuxley]

When the crpyto works then the NSA cant get in.
So US security stays with plain text and Windows.
Then the NSA can watch what is moving around the web in real time and the USA is totally safe.

I live in the Atlanta suburbs and my favorite part

[sabbede]

is how the new Mayor's name is a command. "Keisha, lance bottoms." She should have been a nurse.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[ArchieBunker]

Having a mayor named Keisha would really instill me with confidence. But then again you have to look at the demographics of the city.

Sue the NSA

[surfcow]

No joke.
The NSA created the tools.
The NSA allowed them to be stolen by hackers and used.
The NSA should be held responsible for the damage they do.

I do hope Atlanta sues them, makes their case to the press.
Or forces them to help break the encryption and put out the fire.