Cybersecurity

U.S.-North Korea tensions ratchet up over WannaCry attack

Tensions between the Trump administration and North Korea ratcheted up further on Tuesday after the U.S. publicly blamed Pyongyang for a global cyberattack that crippled Britain’s National Health Service and damaged systems at government agencies in other countries.

The decision to call out North Korea for the WannaCry cyberattack is significant because the U.S. has only on rare occasions called out other nations for orchestrating cyberattacks.

“We do not make this allegation lightly,” White House homeland security adviser Tom Bossert told reporters Tuesday. “North Korea has acted especially badly, largely unchecked for more than a decade.”

{mosads}The public denouncement is a sign of the Trump administration’s effort to increase pressure on North Korea, though experts say it is likely to fall short of having any effect unless officials can unite other countries in imposing further sanctions on the country.

“The only way to do that is to squeeze the revenue streams that generate hard cash for Kim and his government,” said Jim Lewis, a former State Department official and cybersecurity expert at the Center for Strategic and International Studies, referring to North Korean leader Kim Jong Un.

“These people are not going to be embarrassed, but if we find some way to punish them, then I think it will increase tensions,” Lewis said.

The announcement comes about a month after the Trump administration imposed additional sanctions on North Korea over its nuclear program, which followed a fresh round of sanctions approved by the United Nations in September.

President Trump has taken a hard line on North Korea, threatening to “totally destroy” it in his first U.N. speech and hurling insults at Kim, calling him “Little Rocket Man.”

In late November, Pyongyang claimed a successful test of an intercontinental ballistic missile, further ramping up tensions with the West.

The last time that the United States publicly blamed a foreign government for a cyberattack came when the Obama administration said Russia had launched a cyber and influence campaign targeting the 2016 U.S. presidential election.

“It’s a big deal to come out and name a country. North Korea is sort of low budget, because we’ve already called them so many bad names,” Lewis said. “But it’s a big step.”

The unprecedented WannaCry attack wreaked havoc in June, spreading to more than 300,000 computers in more than 150 countries. Machines in China and Russia were among those hardest hit.

The attack is believed to have used a hacking tool, allegedly from the National Security Agency, that was made public by the hacker group “Shadow Brokers” earlier this year.

The tool leveraged a vulnerability in Microsoft Windows. While Microsoft had released a patch for the flaw weeks before the exploit was released, many machines worldwide remained unpatched, leaving them vulnerable to the malware.

Many cybersecurity experts believe that the attack, while disguised as ransomware, was not intended for financial gain. The virus locked victims out of their machines and demanded payments, though succumbing to those demands did not return the data.

“It was meant to cause havoc and destruction,” Bossert said Tuesday.

Long before Tuesday’s announcement, security researchers quickly linked the attacks to the Lazarus Group through hacking tools used in earlier versions of WannaCry, code used in other Lazarus projects and internet addresses.

Lazarus, widely believed to be North Korean, is best known in the United States for a destructive attack against Sony Pictures in 2014 to punish the film studio for a movie mocking North Korea and Kim. At the time, U.S. intelligence publicly attributed the attack to Pyongyang.

The group recently appears to have organized several high-profile digital bank heists, including stealing $81 million from the central bank of Bangladesh.

In June, The Washington Post asserted that the NSA had linked WannaCry to North Korea. The agency never confirmed that report.

In October, a United Kingdom official publicly accused North Korea of spearheading the attack.

Bossert said Tuesday that the North Korean government directed the cyberattack, which was carried out by “intermediaries.” He said the United Kingdom, Australia, Canada, New Zealand and Japan have all endorsed the U.S. assessment of the attack.

Bossert acknowledged Tuesday that the administration has few tools left to pressure Pyongyang.

“We don’t have a lot of room left here to apply pressure to change their behavior, but nevertheless, it’s important to call them out and let them know this is them and we know it’s them,” he said.

“I think at this point North Korea has demonstrated that they want to hold the entire world at risk, whether it be through a nuclear missile program or through wanton cyberattacks,” Bossert said.