US Names North Korea Cyber Attacker in ‘WannaCry’ Attack

December 19, 2017 Updated: December 19, 2017

The United States is calling out North Korea for the WannaCry malware attack that infected 230,000 computers in 150 countries—an attack made more disturbing because the attack was aimed at inflicting maximum damage, rather than making money.

However, the attack may have marked a turning point in how the U.S. government deals with threats and is a “defining moment” in the battle against cyber attacks, said a White House official.

The malware demanded victims pay a bitcoin ransom to regain access to data it locked away on their computer. But those that paid never regained access, news of which quickly spread across the infected community and kept monies from flowing to North Korea.

“This was a careless and reckless attack,” President Donald Trump’s homeland security and counterterrorism assistant Thomas P. Bossert.

The attack revealed several problems, not the least of which was the previous U.S. government tendency to uncover cyber threats and then keep them secret so they could use those same exploits for their own offensive efforts.  

Trump changed that policy, marking a new transparent process that is winning support from industry and the American Civil Liberties Union.

Epoch Times Photo
North Korean children learn to use the computer in a primary school on April 2, 2011, in Pyongyang, North Korea. The North Korean regime has placed a strong emphasis on developing cyber capabilities. (Feng Li/Getty Images)

That change is part of a broader effort to improve the overall security and stability of the internet, a challenge that requires cooperation between government and industry and demands businesses take more responsibility for the security of their products and systems.

One of the goals is to “increase the cost to hackers,” said Bossert.

Wannacry is a textbook example of what needs fixing. The vulnerability was uncovered by the United States under the Obama administration but the NSA kept the exploit secret for its own offensive work rather than report it to Microsoft.

Fortunately, security researcher Marcus Hutchins uncovered a kill switch in the program and activated it, thereby rendering much of the virus inactive. Bossert said that kind of luck can’t be counted on in the future.

“I call today and the President calls today on the private sector to increase its accountability in the cyber realm by taking actions that deny North Korea and the bad actors the ability to launch reckless and destructive cyber acts,” he said.

The United States escaped the worst of WannaCry, an outcome that Jeanette Manfra, the chief cybersecurity official for the Department of Homeland Security, credited to a determined U.S. effort to deal with cybersecurity.

Epoch Times Photo
A screenshot shows a WannaCry ransomware demand, provided by cybersecurity firm Symantec, in Mountain View, Calif., on May 15, 2017. (Courtesy of Symantec/Handout via REUTERS)

“In many ways, WannaCry was a defining moment and an inspiring one. It demonstrated the tireless commitment of our industry partners, a moment that showed how the government and private sector got it right.”

Investments in cybersecurity paid off, she said, but the overall problem shows no signs of abating. 

Nation states and hackers are increasing both the sophistication and quantity of attacks. The perpetrators are a familiar mix of rogue regimes, terrorist groups, and criminal organizations.

“These are the same adversaries we have faced in the past, they are just now operating in a different space.” Manfra said.

The scale of the problem tips the odds against the defenders by a wide margin. And too often, security is a “bolted on after-market” patch, said Manfra.

Cybersecurity is too often overlooked and old government policies made it harder for companies to find and fix vulnerabilities. (Shutterstock)

Cyber-attackers can roll out their attack over and over again, hitting computer after computer until they find someone that has left their system out of date or falls for a common ploy.

“We can take small tangible actions to make the cyber ecosystem safer,” said Manfra, “Our goal is a cyber environment where a given threat, such as a malicious email, can only be used once before it is blocked by all other potential victims.”