Signs point to North Korean role in global cyber attack

Cybersecurity firms have found clues that last weekend’s global “ransomware” attack, which infected more than 300,000 computers in 150 countries, could be linked to North Korea.

The security companies Sympantec and Kaspersky Lab said on May 15 that portions of the “WannaCry” ransomware used in the attacks have the same code as malware previously distributed by Lazarus, a group behind the 2014 Sony hack blamed on North Korea.

“This is the best clue we have seen to date as to the origins of WannaCry,” Kaspersky researchers said.

But it’s possible the code was simply copied from the Lazarus malware without any other direct connection, the companies said.

Symantec said the similarities between WannaCry and Lazarus tools “so far only represent weak connections. We are continuing to investigate for stronger connections.”

Israeli security firm Intezer Labs said it agreed that North Korea might be behind the attack.

Vital Systems Paralyzed

The WannaCry virus over the weekend paralyzed vital computer systems around the world that run factories, banks, government agencies, and transport systems in some 150 countries.

The virus mainly hit computers running older versions of Microsoft Windows software that had not been recently updated.

But by May 15, the fast-spreading extortion scheme was waning. The only new outbreaks reported were in China, where traffic police and schools said they had been targeted, but there were no major disruptions.

The link to North Korea found by the security firms will be closely followed by law-enforcement agencies around the world, including Washington.

U.S. President Donald Trump’s homeland security adviser said on May 15 that both foreign nations and cybercriminals were possible culprits.

Symantec and Kaspersky said they need to study the code more and asked for others to help with the analysis. Hackers reuse code from other operations at times, so even copied lines fall well short of proof.

U.S. and European security officials told the Reuters news agency that it was still too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

The Lazarus hackers, acting for impoverished North Korea, have been more brazen in pursuit of financial gain than some other hackers, and have been blamed for the theft of $81 million from a Bangladesh bank.

‘Highly Destabilizing’

Moreover, North Korea might have motives to launch such a large-scale, global attack as its economy is crumbling under some of the stiffest-ever UN economic sanctions imposed over its repeated testing of nuclear bombs and ballistic missiles.

The United Nations Security Council on May 15 condemned Pyongyang’s latest missile test the previous day, and vowed to take further measures, including possible new sanctions, in response to its “highly destabilizing behavior and flagrant and provocative defiance” of existing prohibitions against such tests.

Whoever is responsible, the perpetrators of the massive weekend attacks have raised very little money thus far — less than $70,000 from users looking to regain access to their computers, according to Trump’s homeland security adviser Tom Bossert.

Some private sector cybersecurity experts do not believe the motive of the attacks was primarily to make money, given the apparently meager revenues that were raised by the unprecedented large operation. They said that wreaking havoc likely was the primary goal.

The countries most affected by WannaCry were Russia, Taiwan, Ukraine, and India, according to Czech security firm Avast.

Bossert denied charges by Russian President Vladimir Putin and others that the attacks originated in the United States, and came from a hacking tool developed by the U.S. National Security Agency (NSA) that was later leaked online.

“This was not a tool developed by the NSA to hold ransom data. This was a tool developed by culpable parties, potentially criminals or foreign nation-states, that were put together in such a way as to deliver phishing e-mails, put it into embedded documents, and cause infection, encryption, and locking,” Bossert said.

British media were hailing as a hero a 22-year-old computer security expert who appeared to have helped stop the attack from spreading by discovering a “kill switch” — an Internet address which halted the virus when activated.

With reporting by AP, AFP, and Reuters

TOP ARTICLES
The 13 funniest memes for the week of Sept. 22

Kim Jong Un has an H-Bomb. These good ol' fashioned military memes will make your last few moments less excruciating. Memes are proven to cool hydrogen burns.

How Taco Bell influenced a rapper to become a Marine

In this episode of the Mandatory Fun podcast, we speak with The Marine Rapper a.k.a. TMR about how he went from wrapping tacos to rapping music lyrics.

These are the best military photos for the week of September 23

The military has very talented photographers in the ranks, and they’re always capturing what life as a service member is like during training and at war. Here are the best military photos of the week.

The US just sent 2,200 of these Fort Bragg paratroopers to Afghanistan

Approximately 2,200 82nd Airborne Division paratroopers began quietly deploying this month, part of a long-discussed troop surge to Afghanistan.

The Marines just took a look at this Civil War battlefield to learn military lessons for the future

The battle, which involved 18,456 mounted troops and was the largest cavalry clash in North America, also remains largely unknown by today's students of military history.

The Air Force is finally getting with the program and planning for urban fights

Air Force Chief of Staff David Goldfein has added urban warfare to his list of top focus areas, predicting that much of the world will live in megacities.

How we found out it's not so easy to fly a Reaper drone

Let's just say computer flight simulator games don't provide enough experience to make a good landing.

Here's what the Marines of 'Full Metal Jacket' are doing today

The Marines killed the enemy together, laughed together, and shared a Da Nang hooker together. But what happened to them after the war? You're about to find out.

Army ditches search for 7.62 battle rifle — for now

Less than two months after the Army issued a request from industry to provide up to 50,000 7.62 battle rifles, sources say the service has pulled the plug on the program.

Navy chief says crew fatigue may have contributed to recent spate of ship collisions

US Navy is blaming high pace of operations, budget uncertainty, and naval leaders who put their mission over safety after multiple deadly incidents at sea.

THE MIGHTY SURVEY GIVE-AWAY

We want to hear your thoughts. Complete our survey for a chance to win 1 of 5 gaming consoles

COMPLETE SURVEY TO WIN