This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/technology/2017/dec/19/wannacry-cyberattack-us-says-it-has-evidence-north-korea-was-directly-responsible

The article has changed 7 times. There is an RSS feed of changes available.

Version 0 Version 1
WannaCry cyberattack: US says it has evidence North Korea was 'directly responsible' UK and US blame WannaCry cyber-attack on North Korea
(about 13 hours later)
The US is poised to publicly blame North Korea for carrying out an unprecedented cyber-attack that caused widespread disruption to public services, companies and homes around the world earlier this year. The Foreign Office has joined the US in publicly blaming North Korea for launching the WannaCry cyber-attack that caused widespread disruption to public services, companies and homes around the world in May.
The regime was “directly responsible” for the WannaCry attack that crippled hospitals, banks and other infrastructure in May, a senior White House official said. The malware infected more than 300,000 computers in 150 countries. The Foreign Office minister Nazir Ahmed said it was “highly likely” that state-sponsored actors were behind the ransomware campaign that crippled hospitals, banks and other infrastructure.
“The attack was widespread and cost billions, and North Korea is directly responsible,” Tom Bossert, homeland security adviser to Donald Trump, wrote in an op-ed piece for the Wall Street Journal. “We condemn these actions and commit ourselves to working with all responsible states to combat destructive criminal use of cyberspace. The indiscriminate use of the WannaCry ransomware demonstrates North Korean actors using their cyber programme to circumvent sanctions,” Lord Ahmed said.
Bossert said those responsible for carrying out cyber-attacks against the US would be held accountable, but he did not mention specific actions Washington was considering taking against Pyongyang. After Ahmed’s intervention, the social media giant Facebook said that it had recently deleted accounts associated with the Lazarus Group, a hacking entity associated with North Korea that both British and American officials said were responsible for the attack.
News reports quoted a senior Trump administration official as saying that the US had surmised “with a very high level of confidence” that the Lazarus Group, a hacking organisation that works on behalf of the North Korean government, was behind the WannaCry ransomware attack. In a statement, Facebook said that it had acted with Microsoft “and other members of the security community” to disrupt the group’s activities. It said: “Our companies have a history of sharing threat information and working together to protect our users and the web as a whole.”
Ransomware is a particularly nasty type of malware that blocks access to a computer or its data and demands money to release it. Earlier a senior White House official said the North Korean regime was “directly responsible” for the attack, which affected more than 300,000 computers in 150 countries.
The public shaming of North Korea, which has not been confirmed by the White House, is designed to hold the regime accountable for its actions and “erode and undercut their ability to launch attacks,” the official told Reuters on condition of anonymity. “The attack was widespread and cost billions, and North Korea is directly responsible,” Tom Bossert, the homeland security adviser to Donald Trump, wrote in an op-ed piece for the Wall Street Journal.
Bossert said the US would “publicly attribute” WannaCry to North Korea, describing the attack as “cowardly, costly and careless”. Ahmed said Britain would respond to attacks such as WannaCry. “International law applies online as it does offline,” he said. “The United Kingdom is determined to identify, pursue and respond to malicious cyber activity regardless of where it originates, imposing costs on those who wish to attack us in cyberspace. We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace.”
A Foreign Office spokesperson said: “The decision to publicly attribute this incident sends a clear message that the UK and its allies will not tolerate malicious cyber activity.”
Ahmed’s statement came on the same day that defence secretary Gavin Williamson hardened Britain’s rhetoric on North Korea, saying that the UK must “step up” to deal with Pyongyang as it develops missiles that could strike London.
“This is not just a problem for the United States. This is a global problem. Britain has to step up in terms of dealing with it,” he told the Evening Standard.
“There are threats emerging right around the world. Britain is a global player, it’s a world player. We will never hesitate to deal with aggression and threats.”
In the US, Bossert said those responsible for carrying out cyber-attacks would be held accountable, but he did not mention specific action Washington was considering taking against Pyongyang.
News reports quoted a senior Trump administration official as saying the US had surmised “with a very high level of confidence” that the Lazarus Group, a hacking organisation that works on behalf of the North Korean government, was behind the WannaCry attack.
The official said the public shaming of North Korea was designed to hold the North Korean regime accountable for its actions and “erode and undercut their ability to launch attacks”.
The White House has not confirmed the attribution of blame. Bossert said the US would “publicly attribute” WannaCry to North Korea. He described the attack as “cowardly, costly and careless”.
“We do not make this allegation lightly,” he wrote. “It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”“We do not make this allegation lightly,” he wrote. “It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”
Bossert added: “North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious.” Bossert added: “North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behaviour is growing more egregious.”
He called on governments and businesses to work together to reduce the risks of cyber-attacks and for harsher punishments for the groups and individuals behind them. “Malicious hackers belong in prison, and totalitarian governments should pay a price for their actions,” he said.He called on governments and businesses to work together to reduce the risks of cyber-attacks and for harsher punishments for the groups and individuals behind them. “Malicious hackers belong in prison, and totalitarian governments should pay a price for their actions,” he said.
While North Korea is believed to run a sophisticated cyber warfare operation that has traditionally targeted South Korea, the regime has repeatedly denied that it was behind WannaCry. While North Korea is believed to run a sophisticated cyberwarfare operation that has traditionally targeted South Korea, the regime has repeatedly denied that it was behind WannaCry.
The malware infected computer systems at NHS hospitals in Britain, forcing thousands of patients to reschedule appointments. FedEx was among the hardest hit on WannaCry’s list of corporate targets, with the firm saying it was expecting a $300m hit to profits as a result of the attack. Both British and American security services had privately concluded the Lazarus Group was behind the attack over the summer. In June, less than a month after the attack, the National Cybersecurity Centre completed its investigation and decided North Korea was the most likely perpetrator, according to a source.
The Lazarus Group is also thought to be behind the 2014 cyber-attack against Sony Pictures, which resulted in the leak of several unreleased films and caused massive disruption to the company’s email and other parts of its internal computer network. Ransomware is a particularly nasty type of malware that blocks access to a computer or its data and demands money to release it.
That attack forced Sony to cancel the release of The Interview, a comedy about two reporters who are hired by the CIA to assassinate the North Korean, leader, Kim Jong-un. WannaCry was notable for being one of the first examples of ransomware that was also a worm, meaning it could move automatically from computer to computer. That enabled its rapid spread throughout the world, infecting hundreds of thousands of machines in a matter of hours, before it was stopped thanks to the accidental discovery of a “killswitch” hidden in its code.
The malware infected computer systems at NHS hospitals in Britain, forcing thousands of patients to reschedule appointments. FedEx was among the hardest hit on WannaCry’s list of corporate targets: the firm said it was expecting a $300m hit to profits as a result of the attack.
The Lazarus Group is also thought to have been behind the 2014 cyber-attack against Sony Pictures, which resulted in the leak of several unreleased films and caused disruption to the company’s email and other parts of its internal computer network.
That attack forced Sony to cancel the release of The Interview, a comedy about two reporters who are hired by the CIA to assassinate the North Korean leader, Kim Jong-un.