On December 19, in a Wall Street Journal editorial that drew much attention, Homeland Security Advisor Tom Bossert asserted that North Korea was “directly responsible” for the WannaCry cyberattack that struck more than 300,000 computers worldwide. The virus encrypted files on infected computers and demanded payment in return for supposedly providing a decryption key to allow users to regain access to locked files. Bossert charged that North Korea was “using cyberattacks to fund its reckless behavior and cause disruption across the world.” [1]
At a press conference on the same day, Bossert announced that the attribution was made “with evidence,” and that WannaCry “was directed by the government of North Korea,” and carried out by “actors on their behalf, intermediaries.” [i] The evidence that led to the U.S. to that conclusion? Bossert was not saying, perhaps recalling the ridicule that greeted the FBI and Department of Homeland Security’s misbegotten report on the hacking of the Democratic National Committee.
[i] “Press Briefing on the Attribution of the WannaCry Malware Attack to North Korea,” Whitehouse.gov, December 19, 2017.
The centerpiece of the claim of North Korean culpability is the similarity in code between the Contopee malware, which opens backdoor access to an infected computer, and code in an early variant of WannaCry. [3]
Contopee has been linked to the Lazarus group, a cybercrime organization that some believe launched the Sony hack, based on the software tools used in that attack. Since North Korea is widely considered to be behind the cyberattack on Sony, at first glance that would appear to seal the argument.
…click on the above link to read the rest of the article…