A new front in ‘cyber mischief’
Motive of massive ransomware attack remains unclear
A shadowy or-SAN FRANCISCO ganization suspected in the world’s largest ransomware attack may represent a new front in the escalating tensions between North Korea and the West. Or it may just be about cold, hard cash.
In the days after a virulent form of malware paralyzed computers in 150 countries, cyber security researchers poring over the WannaCry code and earlier, similar viruses noted a resemblance that amounted to a digital trail of breadcrumbs pointing to what’s known as the Lazarus Group, which may have ties to North Korea.
Whether or not it worked on behalf of North Korea, the group wanted to raise money:
“The Lazarus group appears to be a contractor in the area of cyber mischief, but they seem to straddle the worlds of politics and crime.” John Arquilla, Naval Postgraduate School
$300 in bitcoin per frozen computer, according to victims such as the U.K. National Health Service, Spain’s Telefonica and U.S. shipper FedEx. That would fit the profile of a communist country that is cash-strapped, security experts say, even though this ransomware scam has collected only $70,000.
“The Lazarus group appears to be a contractor in the area of cyber mischief, but they seem to straddle the worlds of politics and crime,” says John Arquilla, chair of defense analysis at the Naval Postgraduate School in Monterey, Calif. “I would call them a strategic criminal actor.”
Unlike many hacking groups, the underground organization doesn’t claim responsibility for attacks, does not release communiqués and does not tweet
handful of countries — Russia, China and Iran are others — with “offensively advanced cyber-attacking capabilities,” says Robert Silvers, former assistant secretary for cyber policy at the U.S. Department of Homeland Security under the Obama administration.
Silvers says the only course of action for the United States is to impose economic sanctions, as it did against North Korea in early 2015 after the Sony hack.
“What is alarming is they are willing to use them and not be constrained,” Silvers says. “It’s becoming clear North Korea is turning to the cyberdomain to operate and achieve its political and criminal objectives. It doesn’t seem concerned about being caught; there is a sense of impunity to it.”
The murky underworld of the Dark Web makes it difficult to positively identify cyber criminals, cautions Michael Daniel, president of Cyber Threat Alliance and a former cyber security adviser to President Obama.
“It’s still early and evidence is limited,” Daniel says. “But if I was still in government, I would be asking the intelligence communi- ty to look into the (North Korea) connection.”
The Lazarus Group is not a North Korean enterprise but a hacking and criminal contracting group whose heads are probably in Russia but whose workers are spread across the globe, says Avivah Litan, a senior cyber security analyst with Gartner.
“Everybody uses this rented hacking infrastructure, that’s why attribution to the person who ordered it is so hard to do,” she says.
The Lazarus Group has been hired to accomplish multiple hacks, possibly including the pillaging of Democratic National Committee information and interference in the German election, she says.
“The Lazarus group appears to be a contractor in the area of cyber mischief, but they seem to straddle the worlds of politics and crime,” says John Arquilla, chair of defense analysis at the Naval Postgraduate School in Monterey, Calif. “I would call them a strategic criminal actor.”
The evidence that North Korea hired the Lazarus groups is “highly circumstantial and gossamer thin,” Arquilla says. “It’s a matter of suspicions and implications. We don’t really have CSICybercrimes just yet.”