White House Homeland Security adviser Tom Bossert and the Department of Homeland Security’s Jeanette Manfra held a press conference today where it was claimed that North Korea was”directly responsible for the WannaCry ransomware attack that hit companies around the world in May 2017, most notably impacting the UK’s National Health Service.
After a lot of guff about public-private partnerships being key to fighting cybercrime (I was reminded of Microsoft’s displeasure at how the NSA hoarded the vulnerability that was used in the WannaCry attack and then allowed it to leak into the public domain), the press conference moved onto the most interesting bit:
How does the United States know that it was North Korea that masterminded the WannaCry attack?
Unfortunately, Bossert says that North Korea was determined to be the culprit after studying “classified, sensitive information” which “can’t be shared unfortunately.” It was a similar story when North Korea was blamed for the Sony Pictures hack of December 2014.
What the US authorities are prepared to say is that they uncovered “technical links to previously identified North Korean cyber tools, tradecraft, operational infrastructure.” Bossert concludes that he is comfortable that the attack was “directed by the government of North Korea,” but admits that the way the hackers operate is “a little mysterious.”
The reality is that it’s very hard to determine whose fingers were on the keyboard. And even if you do manage to determine with a high level of probability which group of hackers, in North Korea or elsewhere, launched the WannaCry attack – it’s also extremely difficult to determine who might have ordered or paid the hackers to carry out the attack.
I think in the current hostile climate between USA and North Korea it’s probably sensible to exercise a little skepticism about the White House’s announcement. We should ask why the announcement is being made, and why now.
Timing is everything. Especially when you consider that the UK government pointed the finger of blame at North Korea months ago.
Do I think North Korea was behind the WannaCry attack? I really have no idea.
My gut instinct is that if they are involved, it’s likely that they got foreign hackers to do the dirty work. But if that’s the case, should we be expecting the United States to share more information about who was involved, and maybe take action to bring them to justice?
What I can say with some certainty is that if North Korea launched Wannacry in an attempt to make themselves a large pot of money, it should be considered an utter failure.
Anyway, now the United States believes it has got to the bottom of the WannaCry attack, let’s see them put similar efforts into identifying who might have hacked the Democratic National Convention (DNC) in the run-up to last year’s presidential election.
Hopefully Donald Trump is no longer clinging on to his belief that the DNC hacked itself.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.