North Korea Attacks With More Than Just Missiles

In a briefing Tuesday morning, White House homeland security adviser Tom Bossert told reporters that North Korea was identified as the culprit behind the WannaCry cyberattack in May of this year that disabled computers in at least 150 countries and caused damage in the neighborhood of billions of dollars.

“[WannaCry] encrypted and rendered useless hundreds of thousands of computers … while victims received ransom demands, paying did not unlock their computers,” Bossert wrote in an op-ed for the Wall Street Journal Monday. “It was cowardly, costly, and careless.”

Bossert stressed in the briefing Tuesday that there is a shared responsibility between public agencies/government officials and private companies to ensure the security of any nation’s computer network. He said government and industry, including those of other countries, must work together to prevent North Korean-like regimes from attempting to hold the world hostage using computer network infrastructure.

“I am calling on all companies to commit to our collective defense,” Bossert said.

WannaCry was a massive attack that had the hallmark of a “ransomware” attack — where the goal is to extort money from network administrators and individual users to stop the attack — but Bossert said that not enough money was exchanged in the attack to justify the effort; so the administration believes it was coordinated “as a reckless attack to cause destruction,” Bossert said.

According to CBS, WannaCry was one of the worst cyberattacks the world has yet seen.

Global financial and economic losses from the WannaCry attack that crippled computers in at least 150 countries in May was estimated to be in the billions, making it one of the most damaging incidents involving so-called ransomware.

Cyber risk modeling firm Cyence estimates the potential costs from the hack at $4 billion, while other groups predict losses would be in the hundreds of millions. The attack is likely to make 2017 the worst year for ransomware scams, in which hackers seize control of a company’s or organization’s computers and threaten to destroy data unless payment is made.

Bossert acknowledged Tuesday that North Korea has very smart programmers, and said it was a shame their government was “leading them in the wrong direction.”

He also said that a programmer working to stop the attack noticed a vulnerability — or a “killswitch” — in the malware, took a risk, and killed it before the malicious code could do any more damage.

As to how it was determined to be the work of North Korea, Bossert said that decision was not made lightly but was ultimately based on evidence after looking at how the malware was assembled from disparate, pre-existing code.

“[North Korea] used their tradecraft and revealed their hand,” Bossert said.