North Korea was ‘directly responsible’, US has evidence
The US is poised to publicly blame North Korea for carrying out an unprecedented cyber-attack that caused widespread disruption to public services, companies and homes around the world earlier this year.
The regime was “directly responsible” for the Wannacry attack that crippled hospitals, banks and other infrastructure in May, a senior White House official said. The malware infected more than 300,000 computers in 150 countries.
“The attack was widespread and cost billions, and North Korea is directly responsible,” Tom Bossert, homeland security adviser to Donald Trump, wrote in an op-ed piece for the Wall Street Journal.
Bossert said those responsible for carrying out cyberattacks against the US would be held accountable, but he did not mention specific actions Washington was considering taking against Pyongyang.
News reports quoted a senior Trump administration official as saying that the US had surmised “with a very high level of confidence” that the Lazarus Group, a hacking organisation that works on behalf of the North Korean government, was behind the Wannacry ransomware attack.
Ransomware is a particularly nasty type of malware that blocks access to a computer or its data and demands money to release it.
The public shaming of North Korea, which has not been confirmed by the White House, is designed to hold the regime accountable for its actions and “erode and under- cut their ability to launch attacks,” the official told Reuters on condition of anonymity.
Bossert said the US would “publicly attribute” Wannacry to North Korea, describing the attack as “cowardly, costly and careless”.
“We do not make this allegation lightly,” he wrote. “It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”
Bossert added: “North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious.”
He called on governments and businesses to work together to reduce the risks of cyber-attacks and for harsher punishments for the groups and individuals behind them. “Malicious hackers belong in prison, and totalitarian governments should pay a price for their actions,” he said.
While North Korea is believed to run a sophisticated cyber warfare operation that has traditionally targeted South Korea, the regime has repeatedly denied that it was behind Wannacry.
The malware infected computer systems at NHS hospitals in Britain, forcing thousands of patients to reschedule appointments. Fedex was among the hardest hit on Wannacry’s list of corporate targets, with the firm saying it was expecting a $300m hit to profits as a result of the attack.
The Lazarus Group is also thought to be behind the 2014 cyber-attack against Sony Pictures, which resulted in the leak of several unreleased films and caused massive disruption to the company’s email and other parts of its internal computer network.
That attack forced Sony to cancel the release of The Interview, a comedy about two reporters who are hired by the CIA to assassinate the North Korean, leader, Kim Jong-un.
Meanwhile, Cybersecu- rity experts have warned businesses against meeting hackers’ demands for money in the wake of the “unprecedented” attack on hundreds of thousands of computer systems around the world.
Ransomware is a type of malicious software that blocks access to a computer or its data and demands money to release it. The worm used in Friday’s attack, dubbed Wannacry or Wanacrypt0r, encrypted more than 200,000 computers in more than 150 countries for ransoms of $300 to $600 to restore access.
The full damage of the attack and its economic cost was still unclear, but Europol’s director, Rob Wainwright, said its global reach was precedented, and more victims were likely to become known in the coming days.
The extent of the WannaCry attack prompted questions about what to do in the event of a ransomware infection, with many experts advising against paying the ransom, saying not only could it fail to release the data, it could expose victims to further risk.
Peter Coroneos, the former chief executive of the Internet Industry Association and an expert on cyber policy, said whether or not to agree to ransomware demands presented practical and ethical dilemmas.
“As a matter of principle, the answer should always be no … based on the simple dynamics of perpetuating bad conduct.
“However, as a matter of practicality and necessity, the situation is somewhat more complex.”