Signs point to North Korean role in global cyber attack

Cybersecurity firms have found clues that last weekend’s global “ransomware” attack, which infected more than 300,000 computers in 150 countries, could be linked to North Korea.

The security companies Sympantec and Kaspersky Lab said on May 15 that portions of the “WannaCry” ransomware used in the attacks have the same code as malware previously distributed by Lazarus, a group behind the 2014 Sony hack blamed on North Korea.

“This is the best clue we have seen to date as to the origins of WannaCry,” Kaspersky researchers said.

But it’s possible the code was simply copied from the Lazarus malware without any other direct connection, the companies said.

Symantec said the similarities between WannaCry and Lazarus tools “so far only represent weak connections. We are continuing to investigate for stronger connections.”

Israeli security firm Intezer Labs said it agreed that North Korea might be behind the attack.

Vital Systems Paralyzed

The WannaCry virus over the weekend paralyzed vital computer systems around the world that run factories, banks, government agencies, and transport systems in some 150 countries.

The virus mainly hit computers running older versions of Microsoft Windows software that had not been recently updated.

But by May 15, the fast-spreading extortion scheme was waning. The only new outbreaks reported were in China, where traffic police and schools said they had been targeted, but there were no major disruptions.

The link to North Korea found by the security firms will be closely followed by law-enforcement agencies around the world, including Washington.

U.S. President Donald Trump’s homeland security adviser said on May 15 that both foreign nations and cybercriminals were possible culprits.

Symantec and Kaspersky said they need to study the code more and asked for others to help with the analysis. Hackers reuse code from other operations at times, so even copied lines fall well short of proof.

U.S. and European security officials told the Reuters news agency that it was still too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

The Lazarus hackers, acting for impoverished North Korea, have been more brazen in pursuit of financial gain than some other hackers, and have been blamed for the theft of $81 million from a Bangladesh bank.

‘Highly Destabilizing’

Moreover, North Korea might have motives to launch such a large-scale, global attack as its economy is crumbling under some of the stiffest-ever UN economic sanctions imposed over its repeated testing of nuclear bombs and ballistic missiles.

The United Nations Security Council on May 15 condemned Pyongyang’s latest missile test the previous day, and vowed to take further measures, including possible new sanctions, in response to its “highly destabilizing behavior and flagrant and provocative defiance” of existing prohibitions against such tests.

Whoever is responsible, the perpetrators of the massive weekend attacks have raised very little money thus far — less than $70,000 from users looking to regain access to their computers, according to Trump’s homeland security adviser Tom Bossert.

Some private sector cybersecurity experts do not believe the motive of the attacks was primarily to make money, given the apparently meager revenues that were raised by the unprecedented large operation. They said that wreaking havoc likely was the primary goal.

The countries most affected by WannaCry were Russia, Taiwan, Ukraine, and India, according to Czech security firm Avast.

Bossert denied charges by Russian President Vladimir Putin and others that the attacks originated in the United States, and came from a hacking tool developed by the U.S. National Security Agency (NSA) that was later leaked online.

“This was not a tool developed by the NSA to hold ransom data. This was a tool developed by culpable parties, potentially criminals or foreign nation-states, that were put together in such a way as to deliver phishing e-mails, put it into embedded documents, and cause infection, encryption, and locking,” Bossert said.

British media were hailing as a hero a 22-year-old computer security expert who appeared to have helped stop the attack from spreading by discovering a “kill switch” — an Internet address which halted the virus when activated.

With reporting by AP, AFP, and Reuters

TOP ARTICLES
Enlisted pilots could fly in combat for the first time since WWII

A number of reasons for pilot shortage include quality-of-life issues, recruitment by private airlines, and the strain of three decades of combat.

Everything you need to know about the Merchant Marine

The United States Merchant Marine is not a military service, but without it, the Army, Navy, Air Force, Coast Guard, and Marine Corps couldn't go anywhere.

That time 'Fighting Dick' fought 'Fightin' Dick' at Antietam

Rarely will a moniker be used for two military leader at the same time. Even more rare is if the two meet on opposite ends of the battlefield.

6 ways you can tell a troop isn't an infantryman

Enter any base you may wonder which one of the troops fight in combat vs. those who ship off to support the war effort Well; we've got you covered. 

British Paratroopers and Gurkhas got into a huge battle royale in Kenya

A force-on-force exercise is under investigation for "descending into chaos" as some of the UK's best troops fought each other with fists and clubs.

This insane anti-aircraft gun chased the Israelis out of the sky

With four radar-guided 23mm cannon, the ZSU-23-4 Shilka could hit an aircraft almost two miles away hard with up to 1,000 rounds a minute.

7 military nicknames that are definitely not compliments

If you've got a nickname, you're either high enough rank to have earned one, you're a pilot, or you did something dumb enough to earn one of these.

8 Things your civilian resume needs to have right now

Checklists make life easier. This checklist will help you avoid some common pitfalls veterans make when trying to land that first job when they get out.

Why so many in the military are getting STDs

Cases of sexually transmitted diseases areon the rise across the U.S., but it's three to six times more common among troops. Let's talk about why.

This is why Yemen is a constant war zone

The situation in Yemen is more dire than previously understood, with a child dying every 10 minutes from hunger after Saudi Arabia enforced a blockade.