Monday, September 25, 2023
Courthouse News Service
Monday, September 25, 2023 | Back issues
Courthouse News Service Courthouse News Service

White House Doubles Down on North Korea for May Hack

One day after publicly blaming North Korea for a May 2017 ransomware attack, the Trump administration called on companies and other countries Tuesday to work together to fight cyber threats.

WASHINGTON (CN) - One day after publicly blaming North Korea for a May 2017 ransomware attack, the Trump administration called on companies and other countries Tuesday to work together to fight cyber threats.

"Our goal is a cyber environment where a given threat, such as a malicious email, can only be used once before it is blocked by all other potential victims," Jeanette Manfra, assistant secretary of homeland security for cybersecurity and communication, told reporters Tuesday. "We need to get the advantage to the defender. We make it way too easy for attackers by operating independently."

Manfra said the Department of Homeland Security will become more proactive when it comes to cyberattacks, but that thwarting cybercriminals will also require the cooperation between companies and nations.

The government tied North Korea to the so-called WannaCry attacks, which this past May infected more than 230,000 computers in 150 countries, including the United Kingdom's National Health Service.

WannaCry encrypted the files on infected computers and then demanded owners make a Bitcoin payment to restore them, though the payments did not unlock the computers. A British programmer stopped the spread of the attack by discovering a "kill switch," but the Justice Department later filed charges against him for his work on a separate malware system that targeted bank accounts.

Manfra spoke to reporters Tuesday alongside Thomas Bossert, assistant to the president for homeland security and counterterrorism, whose op-ed attributingĀ  WannaCry attack to North Korea ran Monday in The Wall Street Journal.

The United Kingdom, New Zealand, Japan and private companies agree with the government's attribution, Bossert said.

Microsoft was also able to trace the attack to North Korean affiliates, and the U.S. government made its determination only after looking over cyber tools North Korea has used in the past, Bossert added.

"The attribution is a step towards holding them more accountable, but it is not the last step," Bossert told reporters Tuesday morning.

BossertĀ  said he hopes the public attribution will help dissuade North Korea from future attacks, but noted there is little room left for the United States to exert pressure on the reclusive regime.

Bossert pushed against criticisms that the United States has been slow in pinning WannaCry on North Korea, saying the damages of getting the attribution wrong out of haste would have outweighed the benefits of a quick identification.

"We had to examine a lot and we had to put it together in a way that allowed us to make a confident attribution," Bossert said.

Critics, including Microsoft President Brad Smith, have pointed out that the National Security Administration knew about the vulnerability in the Microsoft operating system that WannaCry exploited, but held onto the information for its own purposes. A related exploit was stolen from the NSA, with the theft being reported earlier this year.

Bossert told reporters on Tuesday the government still holds onto 10 percent of cyber vulnerabilities it identifies.

Richard Forno, a senior lecturer on computer science and electrical engineering at the University of Maryland, Baltimore County, said the move to publicly tie North Korea to the WannaCry attack is a departure from the way the government typically discusses cyberattacks

"Normally countries are very hesitant to point fingers when it comes to cyberattacks," Forno said. "Whether it's claiming responsibilities or pointing fingers at the perpetrators. So what happened this morning is kind of a new wrinkle in things."

Forno explained this is because it can be difficult to pinpoint whether the markers analysts use to pinpoint an attack are true or whether another country or group has set up their attack to imitate the work of a specific country. That likely means the government's evidence that North Korea was behind the WannaCry attacks is strong, Forno said.

"Attribution in cyberspace is very difficult, which probably explains why we don't see a lot of public attribution on this scale, unless we're really, really, really sure," Forno said.

Categories / Government, International, Technology

Read the Top 8

Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.