The ransomware story has become a pretext for a Trump attack against North Korea.
From The New York Times:
Intelligence officials and private security experts say that new digital clues point to North Korean-linked hackers as likely suspects in the sweeping ransomware attacks that have crippled computer systems around the world.
The Times also cites officials, researchers, and security experts at Symantec to make the case. Symantec says the latest attack was similar to the Sony Pictures Entertainment attack. Kaspersky Lab also says the North Koreans are responsible.
In December 2013 other experts said “they have solid evidence that a former employee helped hack Sony Pictures Entertainment’s computer system—and that it was not masterminded by North Korean cyberterrorists.”
“When the FBI made this announcement [that North Korea was responsible], just a few days after the attack was made public, it raised eyebrows in the community because it’s hard to do that kind of an attribution that quickly—it’s almost unheard of,” said Kurt Stammberger, senior vice president at Norse.
For some reason that didn’t make it into the Times story.
President Trump has ordered his homeland security adviser, Thomas P. Bossert, who has a background in cyberissues, to coordinate the government’s response to the spread of the malware and help organize the search for who was responsible, an administration official said Sunday.
The search is for public consumption. The intelligence community has already made the case North Korea is responsible and the script was passed on to The New York Times and The Washington Post. Like the fairy tale Trump is in bed with the Russians, this story will be accepted at face value and used as a pretext to bomb North Korea’s alleged nuclear sites and other military targets.
Russell Brandom, writing for The Verge, was more objective.
WannaCry behaves like standard criminal ransomware, and before this latest finding, there was no reason to suspect a nation state was behind it. This kind of early code analysis is necessarily speculative, and it’s entirely plausible that the WannaCry authors lifted the relevant code from a North Korean sample just like they lifted the EternalBlue code from the NSA. Even if all of Kaspersky’s assumptions are true, it could be the result of an internal data breach rather than a government operation.
Finally, it must be asked if North Korea wants to be attacked and if Kim Jung-un has a death wish. We are told the North Koreans have developed nuclear weapons and ICBMs. If this is true, why wouldn’t they apply this technological expertise to a ransomware attack and cover their tracks? Would they be so stupid as to leave fingerprints that were discovered in three days?