from the so-that's-the-way-we're-doing-things-now dept
With politically-expeditious timing, Homeland Security Advisor Tom Bossert has pinned the Wannacry attacks on North Korea. The delivery method for the news was odd as well: a “commentary” piece in the Wall Street Journal’s op-ed pages.
Cybersecurity isn’t easy, but simple principles still apply. Accountability is one, cooperation another. They are the cornerstones of security and resilience in any society. In furtherance of both, and after careful investigation, the U.S. today publicly attributes the massive “WannaCry” cyberattack to North Korea.
The attack spread indiscriminately across the world in May. It encrypted and rendered useless hundreds of thousands of computers in hospitals, schools, businesses and homes. While victims received ransom demands, paying did not unlock their computers. It was cowardly, costly and careless. The attack was widespread and cost billions, and North Korea is directly responsible.
We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.
While it’s nice to hear this is “based on evidence” and that a “careful investigation” was performed, the op-ed piece still raises questions. Attribution is always difficult, but there seems to be info missing.
Wannacry was ransomware, but nowhere in Bossert’s piece is there any indication North Korea turned a profit. The article says Wanncry “cost” billions, but it doesn’t say anything about North Korea suddenly being awash in illicitly-obtained cash.
Also glossed over in Bossert’s tough-talking attribution announcement/cybersecurity muscle flexing is the original source of the Wannacry ransomware: purloined NSA exploits. There are all kinds of problems with Bossert’s announcement, as Marcy Wheeler points out:
The guy who — well after it was broadly known to be wrong — officially claimed WannaCry was spread by phishing is now offering this as his evidence that North Korea is the culprit:
We do not make this allegation lightly. It is based on evidence.
A representative of the government whose tools created this attack, said this without irony.
The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet.
And the guy whose boss has, twice in the last week, made googly eyes at Vladimir Putin said this as if he could do so credibly.
As we make the internet safer, we will continue to hold accountable those who harm or threaten us, whether they act alone or on behalf of criminal organizations or hostile nations.
None of this necessarily adds up to the US government pinning the attacks on the wrong entity, but given the pedigree of the mouthpiece and the administration’s desire to minimize reports of Russian government-directed cyberattacks, pinning this on the President’s favorite Twitter punching bag (MSM notwithstanding) seems more convenient than accurate.
Even if it’s 100% accurate, there had to have been better ways to deliver this news than with a threat of actual, physical war appended. Bossert’s piece — after glossing over the NSA’s inadvertent contribution to the worldwide ransomware attack and throwing some shade at the previous administration — wraps everything up with this:
As for North Korea, it continues to threaten America, Europe and the rest of the world—and not just with its nuclear aspirations. It is increasingly using cyberattacks to fund its reckless behavior and cause disruption across the world. Mr. Trump has already pulled many levers of pressure to address North Korea’s unacceptable nuclear and missile developments, and we will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise.
Using cyberattacks as an excuse for IRL attacks is a scary idea. The Trump Administration seems willing to draw down on North Korea at any moment, which isn’t good news for anyone anywhere in the world. And it follows the newly-minted tradition established by the Obama Administration: mixing and matching war metaphors to treat cyberattacks like Pearl Harbor.