US Blames North Korea for WannaCry
North Korea Waging Cyber Warfare Against West
The United States is determined to hold North Korea accountable for the “WannaCry” malware attack that struck more than 150 countries last May, crippling hospitals, banks and locking up files and databases, demanding ransom for their release.
“We’re going to shame them for it,” Homeland Security Adviser Tom Bossert told reporters during a White House briefing Tuesday, December 19, while admitting there is little that can be done to bring specific perpetrators to justice.
“We do not make this allegation lightly, we do so with evidence and we do so with partners,” Bossert said, noting that many other governments and private companies agreed with the assessment.
“The United Kingdom, Australia, Canada, New Zealand and Japan have seen our analysis and the join us in denouncing North Korea for WannaCry. Commercial partners have also acted. Microsoft traced the attack to the cyber affiliates of the North Korean government, and others in the security community have contributed their analysis.”
Experts say “WannaCry” exploited a vulnerability in some versions of Microsoft’s Windows operating system that had not been updated with security patches.
Bossert, who serves as President Donald Trump’s assistant for homeland security and counterterrorism, lamented that there is not much more that can be done to restrict North Korea’s behavior, considering the Pyongyang regime already faces severe sanctions in many areas.
“The administration has used just about every lever you can use short of starving the North Korean people to death to change their behavior,” he said. “So we don’t have a lot of room left here to apply pressure to change their behavior. It’s nevertheless important to call them out, let them know it’s them and we know it’s them.”
Microsoft and Facebook Foiled Latest North Korean Cyber Attack
The official applauded the work of Microsoft, Facebook and what he called “other corporate partners” for acting on their own, without government coordination, to disrupt another North Korean hacking attempt last week.
“Microsoft and Facebook and other major tech companies acted to disable a number of North Korean cyber exploits and disrupt their operations as the North Koreans were still infecting computers across the globe. They shut down accounts the North Korean regime attackers used to launch attacks and patched systems,” Bossert said.
Frank Cilluffo, director of the Center for Cyber and Homeland Security at George Washington University, says private firms will have to be at the forefront of efforts to stop foreign cyber attacks in the future.
“Not even the biggest of these companies went into business thinking they had to defend themselves against foreign intelligence services,” Cilluffo told VOA. “So what you saw with Microsoft with respect to North Korea, you’re seeing a lot more activity in terms of botnet takedowns and malware cleanups that the private sector is working on with governments not only in the U.S. but overseas as well.”
“Business as usual just ain’t going to cut it,” Cilluffo said.
Another Battle in the North Korean Cyber War
North Korea had long been suspected of being behind the “WannaCry” attack, which hit entities including the U.S.-based shipping company FedEx, Spanish telecommunications firm Telefonica, and Britain’s National Health Service, which forced hospitals to cancel surgeries and divert ambulances to other facilities. The program demanded a ransom to unlock access to files stored on infected machines.
The attack was eventually stopped by a British hacker who discovered a “kill switch” in the code that disabled the virus.
North Korea has been blamed for launching several cyberattacks in recent years, including the well-publicized 2014 attack on Sony Pictures Entertainment in retaliation for the company’s production of the satirical film The Interview, which depicts an assassination plot against North Korean leader Kim Jong Un.
UK Suspected North Korea in October
On 27 October, British Security Minister Ben Wallace said that Britain believed “quite strongly” that North Korea was responsible for a global cyberattack earlier this year.
The cyberattack, which occurred in May, disrupted government services and businesses across the UK, including one-third of hospitals.
“North Korea was the state that we believe was involved in this worldwide attack on our systems,” Wallace said in an interview with the BBC. He added the British government was “as sure as possible.”
A report released by Britain’s National Audit Office (NAO) said WannaCry was a relatively simple attack that Britain’s National Health Service (NHS) could have prevented if it had adhered to basic information technology best practices.
NHS digital security head Dan Taylor described the event as “an international attack on an unprecedented scale” and said the agency has “learned a lot.”
Minister Wallace said Britain must act quickly to strengthen its cybersecurity program.
“It’s a salient lesson for us all that all of us, from individuals to governments to large organizations, have a role to play in maintaining the security of our networks,” Wallace said.