Remember when North Korea “hackers” breached several firewall layers at Sony, exposing gigabytes of confidential data, only for it to eventually emerge that it was all the work of a disgruntled Sony employee?
Apparently not, because the same plot line is being re-run all over again.
Two of the world’s largest anti-virus companies said they are “looking into clues” that suggest a North Korea-linked group may be behind last week’s cyberattack. According to Reuters, Symantec and Kaspersky are investigating whether hackers from the Lazarus Group were responsible for infecting an estimated 300,000 machines in 150 countries. The two companies have said that “some code in an earlier version of the WannaCry ransomware had also appeared in programs used by the Lazarus Group, which researchers from many companies said is run by North Korea.”
While we reserve judgment at the amusing possibility that North Korea could have brought a substantial portion of the world’s computer infrastructure to a halt until there is some actual evidence, it is worth noting that said inquiries emerged shortly after the White House said that paying ransom money to unlock files encrypted by the global cyberattack does not work. It was not clear how North Korean hackers planned to convert bitcoin into any practical currency in a nation whose major banks have been barred from SWIFT.
In any case, speaking to reporters on Monday afternoon, Homeland security adviser Tom Bossett told reporters he is not aware of a case where transferring $300 in Bitcoin – the amount demanded from victims of last week’s attack – has “led to any data recovery”. The Trump administration estimated that less than $70,000 has been paid to the criminals behind the ransomware so far.
During the White House briefing, Bossert also said no federal systems in the US had been affected by the malicious software, known as WannaCry. He told reporters that he had spoken with his British counterparts, who said they now had a “feeling of control” after the attack struck 47 NHS organisations.
Meanwhile, security experts have been monitoring the Bitcoin accounts used to collect the ransom payments, because although account holders can remain anonymous, clues can often emerge when the money is converted back into real-world currency. Earlier today, in its latest update on the cyberattack, Europol said it was the “largest ransomware attack observed in history”.
The traditional scapegoat for – well – pretty much anything these days, Russia, denied it had anything to do with the cyberattack, with President Vladimir Putin describing it as payback for the US intelligence services. His remarks echoed what Microsoft’s chief legal officer Brad Smith said on Sunday night when he slammed the NSA for developing the original code used in the attack, which was later leaked in a document dump. Microsoft said the attack was a “wake-up call” and identified “nation-state action and organised criminal action” as “the two most serious forms of cybersecurity threats in the world today”. The company also said it had released a security update back in March to protect Windows system computers against such attacks, but said many computers “remained unpatched globally”.
Adding insult to (apparently North Korean injury), Putin said during a trip to Beijing: “A genie let out of a bottle of this kind, especially created by secret services, can then cause damage to its authors and creators.”
As for North Korea being the scapegoat, we admit we were wrong: we were certain the Kremlin would be blamed again, in line with what was leaked over the weekend.
For now, however, if the narrative around North Korea launching the worst malware cyberattack against the world is repeated often – and loud – enough, it will quickly become fact, even if no actual evidence is presented. If so, watch out for literal fireworks as all those whose who were impacted by the worm demand Kim’s blood, either literally or figuratively.
As for reality, and North Korea’s true level of technical sophistication, well…
* * *