Homeland Security Adviser Pins Wannacry Attack On North Korea In Wall Street Journal Op-Ed
from the so-that's-the-way-we're-doing-things-now dept
With politically-expeditious timing, Homeland Security Advisor Tom Bossert has pinned the Wannacry attacks on North Korea. The delivery method for the news was odd as well: a “commentary” piece in the Wall Street Journal’s op-ed pages.
Cybersecurity isn’t easy, but simple principles still apply. Accountability is one, cooperation another. They are the cornerstones of security and resilience in any society. In furtherance of both, and after careful investigation, the U.S. today publicly attributes the massive “WannaCry” cyberattack to North Korea.
The attack spread indiscriminately across the world in May. It encrypted and rendered useless hundreds of thousands of computers in hospitals, schools, businesses and homes. While victims received ransom demands, paying did not unlock their computers. It was cowardly, costly and careless. The attack was widespread and cost billions, and North Korea is directly responsible.
We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.
While it’s nice to hear this is “based on evidence” and that a “careful investigation” was performed, the op-ed piece still raises questions. Attribution is always difficult, but there seems to be info missing.
Wannacry was ransomware, but nowhere in Bossert’s piece is there any indication North Korea turned a profit. The article says Wanncry “cost” billions, but it doesn’t say anything about North Korea suddenly being awash in illicitly-obtained cash.
Also glossed over in Bossert’s tough-talking attribution announcement/cybersecurity muscle flexing is the original source of the Wannacry ransomware: purloined NSA exploits. There are all kinds of problems with Bossert’s announcement, as Marcy Wheeler points out:
The guy who — well after it was broadly known to be wrong — officially claimed WannaCry was spread by phishing is now offering this as his evidence that North Korea is the culprit:
We do not make this allegation lightly. It is based on evidence.
A representative of the government whose tools created this attack, said this without irony.
The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet.
And the guy whose boss has, twice in the last week, made googly eyes at Vladimir Putin said this as if he could do so credibly.
As we make the internet safer, we will continue to hold accountable those who harm or threaten us, whether they act alone or on behalf of criminal organizations or hostile nations.
None of this necessarily adds up to the US government pinning the attacks on the wrong entity, but given the pedigree of the mouthpiece and the administration’s desire to minimize reports of Russian government-directed cyberattacks, pinning this on the President’s favorite Twitter punching bag (MSM notwithstanding) seems more convenient than accurate.
Even if it’s 100% accurate, there had to have been better ways to deliver this news than with a threat of actual, physical war appended. Bossert’s piece — after glossing over the NSA’s inadvertent contribution to the worldwide ransomware attack and throwing some shade at the previous administration — wraps everything up with this:
As for North Korea, it continues to threaten America, Europe and the rest of the world—and not just with its nuclear aspirations. It is increasingly using cyberattacks to fund its reckless behavior and cause disruption across the world. Mr. Trump has already pulled many levers of pressure to address North Korea’s unacceptable nuclear and missile developments, and we will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise.
Using cyberattacks as an excuse for IRL attacks is a scary idea. The Trump Administration seems willing to draw down on North Korea at any moment, which isn’t good news for anyone anywhere in the world. And it follows the newly-minted tradition established by the Obama Administration: mixing and matching war metaphors to treat cyberattacks like Pearl Harbor.
Filed Under: attribution, north korea, ransomeware, tom bossert, wannacry
Comments on “Homeland Security Adviser Pins Wannacry Attack On North Korea In Wall Street Journal Op-Ed”
And so the generic public demonizing begins. When will we see anti-North Korea posters resembling those of the Japanese from WWII start to appear in public spaces? Gotta drum up that anti-NK sentiment for public approval to drop a bomb on ’em.
Re: Re:
Posters? Please. That shit is last century. We spread propaganda through Internet memes these days.
And now I wonder when we’ll see the first anti-NK Loss.jpg edit.
Anybody taking bets on the true source being disgruntled NSA employee or contractor trying to build an early retirement fund?
Isn't this...
Isn’t this the same government that tried to pin the Sony attack on NK for the movie “The Interview”, when it was obviously the work of disgruntled/laid off sys admins from Sony?
Almost like they have a deep-seated need to blame NK for everything and anything.
Re: Isn't this...
Well a certain orange Cheeto has taken the number one bad guy, Russia, off the blame game list.
Does it even matter where the Wannacry attacks came from?
They exploits used in Wannacry were preserved by the CIA (meaning they weren’t published and fixed) so that the CIA could use them.
When one country hijacks and uses another country’s illegal weapon we still blame the origin country for creating the illegal weapon in the first place.
Then we concern ourselves with what the hijacking country did.
Trust us. We’ve never invaded a country based on flimsy evidence before.
Re: Re:
No, only non-existent evidence.
1. Things are so bad, we need to continue ratcheting up tensions with North Korea simply to fuel a distraction.
2. This generates another handy occasion to have a go at “industry” for “security” to prod them to do what authoritarians in government want (work with them under the table, hand over data, compromise products, make questionable new “security efforts”, backdoor encryption, etc.) instead of suggesting they ever write better code, make less insanely insecure products, or exercise ancient, basic security measures in their networked systems.
And a good time was had by all.
Seems the present administration is eager to start a war with anyone, including their own constituents. Talk about a loose cannon.
Re: Re:
While I really hesitate to defend your Mr. Trump, to be fair to him, the United States has been starting wars for almost its entire history, often with fairly dubious reason.
Re: Re: Re:
The US wasn’t really in the habit of starting wars until the Spanish-American war.
Re: Re: Re:
It’s the same people, different prez
There’s more than one meaning of "cost," you know. Especially in the context of an attack or natural disaster that inflicts damage.
OP-ED
OPINIONATED EDITORIAL..
Which of these 2 words, has NO MEANING??
OPINION
EDITORIAL
*yawns*
Ever since they went out of their way to present the world with evidence of Iraq’s WMD’s, whereas they knew it were lies…
I guess I’m not the only one not even bothering to read what their evidence is this time around.
Re: Re:
Donald Rumsfeld sold Saddam Hussein tons of anthrax to use against Iran. That is a weapon of mass destruction.. tons of anthrax. The US new they had it now you can go research this yourself.
Re: Re: Re:
and they used it all?
where was it?
yeah, they did find some old crap and destroyed it while damaging their health in doing so …. and now the VA says too fucking bad – you’re on your own. Big orange turd says they knew what they were getting in to.
They way we treat our vets is disgusting.
Tom Bossert says...
“These aren’t the hacks you’re looking for, move along.”
Act of war now go nuke the scumbag. putin get out of our way.
What happened to the “guy sitting on their bed who weighs 400 pounds.”
IRL vs Online
I dunno, I could totally get behind someone feeding those Card Services scammers a Hellfire missile or two from a drone.