The global ransomware attack known as Wannacry or Wannacrypt spread rapidly and caused havoc over the weekend, striking outdated and vulnerable Windows systems that forced businesses, organizations, and even Britain’s National Health Service to come to a halt. Windows released a patch for the older systems and several hackers claimed to be working in the background to counter the efforts of the cyber thieves.
The source of the attack was initially traced to Russia, but new details seem to indicate that some of the code used in the attack is similar to the code used in the high-profile North Korea cyberattacks in recent years. According to the New York Times, Symantec discovered the similarities between the ransomware attack this weekend, the Sony Hack in 2014, and the recent rise in hacks against banks around the world — all which have been linked to North Korea:
The computer code used in the ransomware bore some striking similarities to the code used in those three attacks. That code has not been widely used, and has been seen only in attacks by North Korean-linked hackers. Researchers at Google and Kaspersky, a Moscow-based cybersecurity firm, confirmed the coding similarities.
The news would add a new layer of difficulty to the already growing tensions with North Korea if it turned out to be correct. But at this point, the attack cannot be fully verified to be an operation by the dictatorship:
Those clues alone are not definitive, however. Hackers often borrow and retrofit one another’s attack methods, and government agencies are known to plant “false flags” in their code to throw off forensic investigators.
“At this time, all we have is a temporal link,” said Eric Chien, an investigator at Symantec who was among the first to identify the Stuxnet worm, the American- and Israeli-led attacks on Iran’s nuclear program, and North Korea’s effort to steal millions from the Bangladeshi bank. “We want to see more coding similarities,’’ he said, “to give us more confidence.’’
At this point, the only true blame can be placed on the government and the NSA for the alleged creation of the tools that made the attack possible. While outside players are behind the attack, critics like Microsoft are citing the exploits created behind closed government doors as a gift bag for nations and criminals to utilize if they leak out. It will be interesting to see where the investigation goes as more data is analyzed.
(Via The New York Times)