Security researchers not convinced North Korea behind ransomware attack

Trump officials say unequivocally that North Korea started this. Is this a WMD-esque ruse to start a war?

By Nicole Karlis

Senior Writer

Published December 21, 2017 5:59AM (EST)

 (Getty/stevanovicigor)
(Getty/stevanovicigor)

North Korea-U.S. relations have been tense for quite some time, but on December 18 they turned a little tenser. After months of investigation, the Trump Administration publicly announced that the North Korean Lazarus Group is to blame for the WannaCry Hack that affected banks, hospitals and other businesses, costing billions of dollars, around the world in May.

Thomas P. Bossert, President Donald Trump’s homeland security adviser, made the powerful claim, after much speculation, in an editorial on Dec. 18 in the Wall Street Journal.

“We do not make this allegation lightly,” he wrote. “It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”

Bossert continued to say that North Korea has “acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious.” WannaCry, he says, “was indiscriminately reckless.”

The ransomware attack affected over 29 countries and was reportedly launched using a Windows exploit. It specifically targeted computers using a Microsoft Windows operating system, and it demanded ransom payments in the form of the cryptocurrency Bitcoin.

Lord Ahmad of Wimbledon, the United Kingdom’s Foreign Office Minister, issued a statement too, pointing a finger at North Korea — but was slightly less condemnatory than Bossert in his allegation.

"The UK’s National Cyber Security Centre assesses it is highly likely that North Korean actors known as the Lazarus Group were behind the WannaCry ransomware campaign – one of the most significant to hit the UK in terms of scale and disruption," he said.

But security researchers aren't as convinced. Earlier this year, Kaspersky Lab confirmed similarities in codes that suggested a link between the ransomware attack and North Korea's Lazarus Group. However, in a comment to Salon, the Lab said, “Attribution of threat actors on the internet is a difficult, if not an impossible task, and at Kaspersky Lab, our policy is to focus on the technical analysis of cyber threats and the sharing of Indicators of Compromise (IOCs) to help protect our customers.”

So what evidence is there in favor of this being North Korean in origin? Kaspersky Lab told Salon that there were “artifacts pointing to a possible origin of the Lazarus cyber espionage group during their investigation into the threat actor’s activity – one short server connection was coming from a very rare IP address range in North Korea."

According to Kaspersky Lab, this "short server connection from a rare IP address range" is not conclusive, and could mean several things:

  1. The attackers connected from that IP address in North Korea.
  2. This was someone else’s carefully planned false flag operation.
  3. Someone in North Korea accidentally visited the command and control URL.

It’s unclear in Bossert’s Wall Street Journal editorial what the so-called “evidence” is. Likewise, the Wall Street Journal is not an unbiased source: the Journal is infamous for being uncritical of the GOP agenda.

Rather than detailing the evidence in his Journal editorial, Bossert goes on to praise Trump, saying: “Change has started at the White House. President Trump has made his expectations clear. He has ordered the modernization of government information-technology to enhance the security of the systems we run on behalf of the American people.”

Those with a good historical memory might feel pangs of the George W. Bush administration's weapons of mass destruction debacle. In that instance, the administration used shoddy evidence — later disproven — that Saddam Hussein was pursuing acquiring weapons of mass destruction as a pretense for going to war with Iraq. In the Bush Administration's narrative, Bush and company were heroes for uncovering the plot and drawing swords.

Is this the beginning of the White House positioning Trump as the hero in an imminent U.S.-North Korea war?


By Nicole Karlis

Nicole Karlis is a senior writer at Salon, specializing in health and science. Tweet her @nicolekarlis.

MORE FROM Nicole Karlis


Related Topics ------------------------------------------

Bitcoin Cyberattack Cybersecurity Kaspersky Labs North Korea Ransomware Wannacry