North Korea identified as perpetrator of 'wannacry' ransomware attack

Last May, thousands of computer networks around the world were attacked with a particularly insidious piece of malware known as "wannacry."  The attackers demanded ransom ranging from a couple of hundred dollars to several thousand dollars or they would delete reams of data.

Now the Trump administration and private computer security firms have fingered North Korea as the originator of the ransomware.


"The attack was widespread and cost billions, and North Korea is directly responsible," Tom Bossert, President Donald Trump's homeland security adviser, wrote in a Wall Street Journal op-ed.

The government's conclusion is "based on evidence" and supported by the United Kingdom and private security research firms, he added.

The attribution represents an aggressive move by the Trump administration to confront a rising digital menace and seek international unity around the need to combat destructive cyberactivity.

"Stopping malicious behavior like this starts with accountability," Bossert wrote. "It also requires governments and businesses to cooperate to mitigate cyber risk and increase the cost to hackers. The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet."

The Obama administration previously blamed Kim Jong Un's regime for launching a crippling 2014 cyberattack on movie studio Sony Pictures in retaliation for a comedy film that mocked Kim.

How sure are we that it was the Kim regime responsible for the hacks?

Although the U.S. has now publicly pointed the finger at North Korea for two separate high-profile cyber incidents, such accusations are still unusual.

The government often declines to comment on who it believes is culpable for major digital attacks. For instance, the U.S. has never formally blamed China for a devastating hack of federal workers' records that compromised millions of secret background check forms, despite widespread belief that Beijing orchestrated the theft.

Intelligence officials have historically cautioned that making such accusations could reveal secret information or free up other countries to call out the U.S. over its digital espionage operations.

But increasingly, officials believe it is valuable to publicly hold foreign governments accountable for certain types of online aggression. It's a trend that started in the Obama administration and has carried over to Trump's presidency.

There will be skepticism in some quarters who believe that the Trump administration is just looking for an excuse to take out the North Korean regime.  But the fact that exposing North Korean cyber-warfare activities risks alerting them to our own capabilities and perhaps even the methods we use to discover how we can track the hacks speaks against some kind of subterfuge by the administration.

Exposing the North Koreans, the Chinese, and the Russians in their efforts to hack our government and businesses is only one part of the equation.  The real question is what to do about it.  The Obama administration responded to the Sony hack by imposing sanctions on the Kim regime.  But that apparently hasn't had any effect on North Korea's cyber-warfare activities.

Many cyber-experts believe that responding in kind to a North Korean attack would be self-defeating.  It could easily lead to escalation to the point where Kim could take out something really vital, like a nuclear power plant or our electrical grid.  So Trump is not likely to order a significant cyber-attack on North Korean networks.

The only practical response is to harden our networks against cyber-attacks.  But in this sort of arms race, offense is usually the best defense.  The attacker has the advantage because those designing network protection must still allow the computers to communicate with one another.  The exception is in standalone networks like what the Pentagon employs.  But even with those networks, there are vulnerabilities.

Someday, a nation-state will go too far and carry out an attack that will seriously harm our economy or infrastructure.  At that point, all bets are off, and a full-fledged war fought in cyberspace could be unleashed.  That would not be good for anyone, but it may be necessary to protect the country in the future.