Signs point to North Korean role in global cyber attack

Cybersecurity firms have found clues that last weekend’s global “ransomware” attack, which infected more than 300,000 computers in 150 countries, could be linked to North Korea.

The security companies Sympantec and Kaspersky Lab said on May 15 that portions of the “WannaCry” ransomware used in the attacks have the same code as malware previously distributed by Lazarus, a group behind the 2014 Sony hack blamed on North Korea.

“This is the best clue we have seen to date as to the origins of WannaCry,” Kaspersky researchers said.

But it’s possible the code was simply copied from the Lazarus malware without any other direct connection, the companies said.

Symantec said the similarities between WannaCry and Lazarus tools “so far only represent weak connections. We are continuing to investigate for stronger connections.”

Israeli security firm Intezer Labs said it agreed that North Korea might be behind the attack.

Vital Systems Paralyzed

The WannaCry virus over the weekend paralyzed vital computer systems around the world that run factories, banks, government agencies, and transport systems in some 150 countries.

The virus mainly hit computers running older versions of Microsoft Windows software that had not been recently updated.

But by May 15, the fast-spreading extortion scheme was waning. The only new outbreaks reported were in China, where traffic police and schools said they had been targeted, but there were no major disruptions.

The link to North Korea found by the security firms will be closely followed by law-enforcement agencies around the world, including Washington.

U.S. President Donald Trump’s homeland security adviser said on May 15 that both foreign nations and cybercriminals were possible culprits.

Symantec and Kaspersky said they need to study the code more and asked for others to help with the analysis. Hackers reuse code from other operations at times, so even copied lines fall well short of proof.

U.S. and European security officials told the Reuters news agency that it was still too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

The Lazarus hackers, acting for impoverished North Korea, have been more brazen in pursuit of financial gain than some other hackers, and have been blamed for the theft of $81 million from a Bangladesh bank.

‘Highly Destabilizing’

Moreover, North Korea might have motives to launch such a large-scale, global attack as its economy is crumbling under some of the stiffest-ever UN economic sanctions imposed over its repeated testing of nuclear bombs and ballistic missiles.

The United Nations Security Council on May 15 condemned Pyongyang’s latest missile test the previous day, and vowed to take further measures, including possible new sanctions, in response to its “highly destabilizing behavior and flagrant and provocative defiance” of existing prohibitions against such tests.

Whoever is responsible, the perpetrators of the massive weekend attacks have raised very little money thus far — less than $70,000 from users looking to regain access to their computers, according to Trump’s homeland security adviser Tom Bossert.

Some private sector cybersecurity experts do not believe the motive of the attacks was primarily to make money, given the apparently meager revenues that were raised by the unprecedented large operation. They said that wreaking havoc likely was the primary goal.

The countries most affected by WannaCry were Russia, Taiwan, Ukraine, and India, according to Czech security firm Avast.

Bossert denied charges by Russian President Vladimir Putin and others that the attacks originated in the United States, and came from a hacking tool developed by the U.S. National Security Agency (NSA) that was later leaked online.

“This was not a tool developed by the NSA to hold ransom data. This was a tool developed by culpable parties, potentially criminals or foreign nation-states, that were put together in such a way as to deliver phishing e-mails, put it into embedded documents, and cause infection, encryption, and locking,” Bossert said.

British media were hailing as a hero a 22-year-old computer security expert who appeared to have helped stop the attack from spreading by discovering a “kill switch” — an Internet address which halted the virus when activated.

With reporting by AP, AFP, and Reuters

TOP ARTICLES
This is how a dress code change won us Guadalcanal

At a critical stage in the War of the Pacific, Vice Admiral William "Bull" Halsey returned to action ripping open his dress shirt like a sailor Hulk.

This is how missing or captured troops get promoted

According to the Department of Defense, prisoners of war and those under missing status continue to be considered for promotion along with their contemporaries.

6 reasons Charleston might be America's most gung-ho military city

From Charles Towne Landing to the Medal of Honor Museum, go grab a pint where George Washington drank and read about the military legacy of South Carolina's Atlantic jewel.

This is how long South Korea thinks it will take to conquer the North

South Korea says they are developing new plans to defend against advancing North Korean threats after a data breach left their outdated plans vulnerable.

This stunning video shows how well 100-year-old ammo works today

While original 1911 pistols surely still function today, turns out so does the ammo from that era.

This could be the Army's next rifle — and it's totally awesome

Textron debuted its newest rifle, the Intermediate Case-Telescoped Carbine, at AUSA. It's lighter and more deadly than the current M4.

16 jokes Germans could die for telling under the Nazi regime

The Nazi Party was well short of a majority when it came to power. So it's easy to believe that not everyone was a big fan of Hitler or his ideas.

These really smart people say bigger is better when it comes to building aircraft carriers

In an effort to reduce its fiscal footprint, the Navy is looking at making smaller ships. But these defense researchers say it's a terrible idea.

Now that ISIS is on the ropes, these guys have turned the guns on each other

Two US allies, which were armed and trained by US forces, have turned their weapons on each other, and there isn't much the US can do about it.

This is the definitive history of the world's most advanced fighter jet

The new F-22A Raptor fighter jet is the most advance fighter jet in the world, and it dominates on every level imaginable.