Should we believe the White House when it says North Korea is behind WannaCry?

iStock
iStock

Has the White House found the culprit of the massive ransomware attack in May, or is this fake news?

Share

The White House has officially accused North Korea of being behind the global WannaCry ransomware attack which crippled organisations including the National Health Service (NHS) back in May.

On Monday, President Donald Trump’s homeland security adviser, Tom Bossert, claimed that North Korean hackers were behind the cyberattack in a Wall Street Journal editorial.

Read next: WannaCry ransomware timeline: From the NSA to the NHS

In extremely Trumpian language, Bossert asserted: "North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behaviour is growing more egregious. WannaCry was indiscriminately reckless."

British Security Minister Ben Wallace also attributed WannaCry to the North Korean government during a BBC radio interview in October. North Korea called this "groundless speculation", and a "wicked attempt" to tighten sanctions on the country.

Researchers claim to have discovered some lines of code which point toward North Korea, more specifically the Chinese hacking organisation Lazarus Group, which has links to the communist country.

So, how much of a pinch of salt should we take these claims with, especially as nobody has offered any conclusive proof?

Independent security analyst Graham Cluley told Computerworld UK: "I think in the current hostile climate between USA and North Korea it's not unhelpful to retain some scepticism about why this claim might have been made, and what may have motivated the claim to be made at the present time."

"Was it really North Korea? Really very hard to say. The powers that be aren't sharing their intelligence, and it's very easy to get attribution wrong.

"One thing's for certain - if N. Korea launched WannaCry in an attempt to make themselves a large pot of money, it should be considered an utter failure."

Tim Erlin, VP of product management and strategy at security software vendor Tripwire also suggests a healthy dose of scepticism when it comes to these claims.

"Accurate attribution for cyber attacks is almost always a difficult task, and it’s doubly so when the evidence leading to the conclusion can’t be shared. With global public trust in the US government at a low point, it’s not surprising that there’s scepticism," he said.

Erin suggests that national security assertions like this one regarding North Korea requires more than just their word. "We need to find a way to develop trusted output. The mantra of ‘trust us’ doesn’t cut it here," he said.

As the former CTO of America's Central Intelligence Agency, Bob Flores, told our sister website Techworld last year, it's "always reasonable to cast doubt on assertions" when it comes to attributing cyberattacks.

"Assertions are one thing, and proof is something else entirely," Flores said. "Just as it's very easy to exploit things that are out there today, it's also very easy to spoof. It's very easy for me to launch an attack that makes it look like I'm from North Korea."

"And so you can look at a bunch of things and say, well, the preponderance of evidence says ‘this is coming from North Korea' – OK, but that's not proof. Whether it's North Korea or the Russian Business Network or China or whoever, it doesn't really matter."

"You have to say: OK, well let's say it was North Korea – what was the point? Are they trying to say look what we're capable of? That's a real scenario... but does that mean they would ever do it again? I think we have seen from the Sony attack, that some of the information that got breached in the attack has shown up in the wild, in a price per credential kind of way, so somebody is making money off of that."

"You have to follow the money, and figure out who is making that money."

Promoted