Trump administration formally blames North Korea for WannaCry. Now what?

Enlarge/ WASHINGTON, DC – DECEMBER 19: Tom Bossert, White House homeland security advisor, and Jeanette Manfra, chief of cybersecurity for the Department of Homeland Security, brief reporters on the WannaCry cyberattack earlier this year, at the White House on December 19, 2017 in Washington, DC. The widespread attack, which plagued multiple industries in at least 150 countries and cost billions of dollars, was blamed squarely on North Korea by Bossert. (Photo by Mark Wilson/Getty Images)Mark Wilson/Getty Images

The Trump administration has now officially blamed North Korea for the creation and spread of WannaCry, the cryptographic worm built on exploits stolen from the National Security Agency, that struck computers around the globe in May. White House National Security Advisor Tom Bossert made the assertion public in an op-ed published late Monday in The Wall Street Journal and in a press conference this morning. But there's little the US can actually do to North Korea in response.

"We do not make this allegation lightly," Bossert said. "It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government."

The attribution is not a surprise. Security industry researchers and analysts for other governments (including the United Kingdom's GCHQ and Canada's Communications Security Establishment) have pointed the finger at North Korea as the most likely source of the attack for months. But Bossert told reporters that the White House wanted to be extremely careful before making a public attribution.

"It took a while, but we did it in a thoughtful manner, and now we believe we have the evidence to support it," Bossert said this morning. "What we've done is combined a series of behaviors… analysts looked at not just the code, but the tradecraft and the behaviors involved."

Bossert called WannaCry, which affected more than 200,000 victims in more than 150 countries, a "wanton" and "indiscriminately reckless" act. "While victims received ransom demands, paying did not unlock their computers. It was cowardly, costly and careless. The attack was widespread and cost billions, and North Korea is directly responsible," he said.

A stroke of luck?

Bossert asserted that the damage from WannaCry, which did not specifically target the US, was reduced in the US because "the targets in the United States were harder, so they were suffering less," he said. Other countries, like Russia, China, and the UK—where hospitals' systems were taken offline by the attack—were not as lucky.

That assertion overlooked the fact that the US was largely not affected by WannaCry because the worm's "kill switch" was discovered accidentally by a UK-based malware researcher before it could be widely triggered in the United States. Ironically, that researcher, Marcus Hutchins, was arrested by the FBI—and is now living in the US while on bail awaiting trial on unrelated charges.

Just what this attribution means as far as policy goes is not clear. "Stopping malicious behavior like this starts with accountability," Bossert said. "It also requires governments and businesses to cooperate to mitigate cyber risk and increase the cost to hackers. The US must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the Internet."

In the briefing, Bossert specifically thanked Facebook and Microsoft for assisting in taking action against the hackers. "Facebook took down accounts that stopped the operational execution of ongoing cyber attacks," he said, and "Microsoft acted to patch existing attacks." The two companies moved to disrupt an ongoing malware operation by the Lazarus Group, the threat group attributed to be associated with North Korea, two weeks ago.

In response to a question from a reporter, Bossert said that government cooperation would obviously include cooperation with "countries bordering North Korea"—meaning mostly China—to help to deny North Korea's agents the ability to run cyber-attacks from outside of their country. But as far as direct measures against North Korea go, the US' options are very limited.

"Mr. Trump has already pulled many levers of pressure to address North Korea’s unacceptable nuclear and missile developments, and we will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise," Bossert said.

With sanctions already in place and North Korea's extremely limited exposure to a response in kind all but ruling out a "cyber" response, there are few points of leverage for the US government to extract any change in behavior from the North Korean government.

"We hope that they decide to stop behaving badly online," Bossert told reporters. "At some point they'll realize the president's resolve."

That resolve, Bossert noted, extends to dealing with other state actors who conduct malicious operations online. He cited the continued sanctions against Russia for hacking during the 2016 US presidential election as proof of that resolve. He cited the government ban on Kaspersky security software, prosecution against Russian and Chinese hackers, and charges against Iranian hackers tied to the breach of HBO as well. "There will almost certainly be more indictments to come," he said.

Original Article

[contf] [contfnew]

Ars Technica

[contfnewc] [contfnewc]

The post Trump administration formally blames North Korea for WannaCry. Now what? appeared first on News Wire Now.

Show More

Related Articles

Back to top button