Stolen NSA tools used in international cyberattack

Russia was hit hardest by last week's cyberattack — and they say they're not happy about it

By Matthew Rozsa
May 15, 2017 6:25PM (UTC)
main article image
Mission control at Cyber Storm V in Washington, Tuesday, March 8, 2016. More than 1,100 cybersecurity professionals across the country and from Wyoming, Missouri, Mississippi, Georgia, Maine, Nevada, Oklahoma and Oregon, are participating in the Homeland Security Department's simulation to test their ability to deal with a cyberattack, said Touhill, the agency’s deputy assistant secretary for Cybersecurity Operations and Programs at DHS. (AP Photo/Tami Abdollah) (AP)

An international cyberattack that occurred during the weekend is believed to have been perpetrated with tools that were stolen from the National Security Agency.

The so-called "ransomware" attack impacted more than 200,000 computers in more than 150 countries by freezing hard drives and servers until a ransom was paid, according to a report by The Week. The main victim was the Russian cybersecurity firm Kaspersky Lab, which has caused consternation among many Russian officials.


As Frants Klintsevich, a high-ranking official in the Russian Senate's defense committee, told the state-run news agency Tass, "Humanity is dealing here with cyberterrorism. It's an alarming signal, and not just a signal but a direct threat to the normal functioning of society, and important life-support systems."

Russian officials are divided as to whether the United States government was responsible for the attack. Some claim that it was retaliation for the alleged Russian meddling in the 2016 presidential election (which the Russian government denies), while others argue that the United States wouldn't engage in actions that would so clearly be considered an act of war.

Either way, the perpetrator of the attacks is believed to have used NSA tools that were stolen from the American agency. Most of the damage inflicted by the cyberattacks occurred in Europe and Asia.


"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," said Europol in a statement. "The Joint Cybercrime Action Taskforce (JCAT), at EC3 is a group of specialist international cyber investigators and is specially designed to assist in such investigations and will play an important role in supporting the investigation."

Matthew Rozsa

Matthew Rozsa is a staff writer for Salon. He holds an MA in History from Rutgers University-Newark and is ABD in his PhD program in History at Lehigh University. His work has appeared in Mic, Quartz and MSNBC.

MORE FROM Matthew Rozsa

Related Topics ------------------------------------------

Cyberattack National Security Agency Nsa Partner Video Russia United States