President Donald Trump’s homeland security adviser, Tom Bossert, claimed that North Korean hackers were behind this year’s massive, global WannaCry ransomware attack on Monday evening in a Wall Street Journal editorial.
Beginning in May 2017, the WannaCry malware spread rapidly across computer systems across the globe, allegedly aided by leaked National Security Agency technology. The software locked users’ computer systems and demanded ransoms in Bitcoin, generating an embarrassingly small amount of actual cryptocurrency ransom but leaving a digital paper trail a mile wide. The attack was eventually slowed down due to an amateurish mistake in WannaCry’s code that exposed its kill switch, though updated versions of the malware are still circulating.
Security firms tentatively concluded WannaCry’s creators were “fluent in Chinese” based on notes in the code, and specifically the form common in the region surrounding Southern China. In late October, Britain narrowed that down a little further and just flat-out said it was North Korea. Now Bossert’s doing the same:
The attack spread indiscriminately across the world in May. It encrypted and rendered useless hundreds of thousands of computers in hospitals, schools, businesses and homes. While victims received ransom demands, paying did not unlock their computers. It was cowardly, costly and careless. The attack was widespread and cost billions, and North Korea is directly responsible.
North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious. WannaCry was indiscriminately reckless.
Bossert concluded, “Mr. Trump has already pulled many levers of pressure to address North Korea’s unacceptable nuclear and missile developments, and we will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise.”
Though Bossert wrote that the U.S. did “not make this allegation lightly,” he didn’t cite any specific findings in the editorial beyond general allusions to NSA research, the U.K.’s determination and research by Microsoft. Other reports have suggested the attackers may have been the Lazarus Group, an allegedly North Korea-linked hacking organization also believed responsible for an attack on Sony Pictures and bank account heists in Bangladesh. North Korea’s totalitarian government is notorious for wrangling up spare change via organized crime and it’s probably fair to say it would love to get its hands on some bitcoin, which is currently hovering in the area of $20,000 a pop.
It’s also possible that some as-of-yet unknown party has gone to great lengths to frame the North Koreans or that numerous security researchers have simply read the clues wrong, though frankly at this point that seems a bit speculative.
At the same time, Trump’s administration is beating the drum for harsher retaliation against North Korea for continuing to test nuclear weapons and launching increasingly powerful missiles—and using increasingly cavalier and aggressive language while doing so. In other words, an already very bad situation is continuing to get incrementally worse. WannaCry is unlikely to be the straw that breaks the camel’s back, but there’s already a lot of straw on there, you know?