The US has officially blamed North Korea for the “WannaCry” cyberattacks that disabled hundreds of thousands of computers across more than 150 countries back in May.
The announcement marks an acknowledgment of the sophistication of Pyongyang’s cyber capabilities — and serves as a reminder that the hermit kingdom’s threats to the world extend well beyond its rapidly advancing nuclear program.
“The attack was widespread and cost billions, and North Korea is directly responsible,” White House Homeland Security Adviser Tom Bossert wrote in a Wall Street Journal op-ed Monday evening. “It was cowardly, costly and careless.”
The WannaCry cyberattacks used ransomware — where hackers use malware to scrambles a victim’s files and then demand money to unscramble them — to infect businesses, banks, hospitals, and schools the world over. One of the biggest strikes occurred in Britain, causing havoc in the UK’s health care system, where it interfered with surgeries and emergency services. The British government joined the US in laying the blame on North Korea on Tuesday.
Bossert said the US has evidence that Pyongyang ordered the attack, though he declined to provide details on what that evidence was.
Alexander Klimburg, a cybersecurity expert at the Atlantic Council think tank and author of The Darkening Web, told me the likeliest culprit was a well-known and powerful hacking network known as the Lazarus Group. He said that while the exact identities of the Lazarus Group hackers are the subject of ongoing debate, the overwhelming opinion in the information security community at the moment is that they are “a majority North Korean group — special forces and operatives,” and are largely based in northern China.
The Lazarus Group is behind some of the most high-profile cyberattacks across the world in recent years. Experts and analysts believe they were behind the $81 million cyber heist of the Bangladesh Central Bank in 2016 and the leak of confidential data from Sony Pictures in 2014 right before it released The Interview, a comedy about two Americans who assassinate North Korean leader Kim Jong Un.
Dmitri Alperovitch, the chief technology officer of the cybersecurity firm CrowdStrike, told me that North Korea is a “very capable actor,” and that his firm has tracked the country’s cyber activities going back to the mid-2000s. That activity started with espionage, he said, and has evolved enormously since then.
The WannaCry attack was really dangerous
The WannaCry ransomware exploited a vulnerability in old Windows software and used it to freeze computers and then allow hackers to demand somewhere between $300 and $600 in bitcoin (digital currency) from victims to unlock their computers.
Here’s what the message looked like:
“WannaCry was pretty sophisticated, and it moved very quickly,” Klimburg said.
He also stressed that networks like the one used by the UK’s health care system would have been protected if the Windows operating systems on its computers were up to date and it had adequate security measures in place. He said WannaCry’s rapid spread was the result of a “perfect storm.”
During a press briefing on Tuesday, Bossert said that even though ransomware is generally designed to extract money from victims, the fact that WannaCry malware didn’t actually unlock after victims paid the ransom means it wasn’t really about making money.
“This was a reckless attack; it was meant to cause havoc and destruction. The money was an ancillary side benefit, and I don’t think they got a lot of it,” Bossert said.
North Korea’s advanced hacking operations certainly don’t always seek to merely cause chaos. In 2016, North Korean intelligence services stole 235 gigabytes of classified US and South Korean military plans — including a plan to assassinate North Korea’s dictator Kim Jong Un and other top government officials.
North Korea is a small and impoverished country, but it invests enormous resources in developing its cyber capabilities.
These days, the biggest threat coming from North Korea is tied to its nuclear and ballistic missile development. There is a growing risk of the US entering a nuclear conflict with North Korea as the two countries continue to provoke each other with constant talk of war.
But Pyongyang’s cyber capabilities are nothing to sneeze at — and as the WannaCry attack proved, they can imperil the lives of potentially millions without firing a single bullet.