USA blames North Korea for WannaCry ransomware outbreak

No, they can’t show us the evidence.


White House Homeland Security adviser Tom Bossert and the Department of Homeland Security's Jeanette Manfra held a press conference today where it was claimed that North Korea was"directly responsible for the WannaCry ransomware attack that hit companies around the world in May 2017, most notably impacting the UK's National Health Service.

After a lot of guff about public-private partnerships being key to fighting cybercrime (I was reminded of Microsoft's displeasure at how the NSA hoarded the vulnerability that was used in the WannaCry attack and then allowed it to leak into the public domain), the press conference moved onto the most interesting bit:

How does the United States know that it was North Korea that masterminded the WannaCry attack?

Unfortunately, Bossert says that North Korea was determined to be the culprit after studying "classified, sensitive information" which "can't be shared unfortunately." It was a similar story when North Korea was blamed for the Sony Pictures hack of December 2014.

What the US authorities are prepared to say is that they uncovered "technical links to previously identified North Korean cyber tools, tradecraft, operational infrastructure." Bossert concludes that he is comfortable that the attack was "directed by the government of North Korea," but admits that the way the hackers operate is "a little mysterious."

USA blames North Korea for WannaCry ransomware outbreak

The reality is that it's very hard to determine whose fingers were on the keyboard. And even if you do manage to determine with a high level of probability which group of hackers, in North Korea or elsewhere, launched the WannaCry attack - it's also extremely difficult to determine who might have ordered or paid the hackers to carry out the attack.

I think in the current hostile climate between USA and North Korea it's probably sensible to exercise a little skepticism about the White House's announcement. We should ask why the announcement is being made, and why now.

Timing is everything. Especially when you consider that the UK government pointed the finger of blame at North Korea months ago.

Do I think North Korea was behind the WannaCry attack? I really have no idea.

My gut instinct is that if they are involved, it's likely that they got foreign hackers to do the dirty work. But if that's the case, should we be expecting the United States to share more information about who was involved, and maybe take action to bring them to justice?

What I can say with some certainty is that if North Korea launched Wannacry in an attempt to make themselves a large pot of money, it should be considered an utter failure.

Anyway, now the United States believes it has got to the bottom of the WannaCry attack, let's see them put similar efforts into identifying who might have hacked the Democratic National Convention (DNC) in the run-up to last year's presidential election.

Hopefully Donald Trump is no longer clinging on to his belief that the DNC hacked itself.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episodes:

, , ,

2 Responses

  1. coyote

    December 19, 2017 at 11:33 pm #

    'around the world in Nay 2017,'

    I presume you mean 'May' ? I wasn't even aware of this malware as I've been out of the loop in every sense for so long (In fact I still am).

    • Graham Cluley in reply to coyote.

      December 20, 2017 at 10:56 pm #

      Oops. Thanks for that.

      In the words of Frankie Howerd, "Nae, nae and thrice nae."

Leave a Reply