Aractus

Blog of Daniel Baxter, now secure! :)

Free SSL from Let's Encrypt!

US accuses NK of unleashing WannaCry

And it’s probably bullshit.

Here’s the first reason to think this was not North Korea… it made the hackers barely any money. In total only around 360 people or so paid the ransom. The hackers were not prepared to receive large numbers of payments as there was no way for them to immediately identify a payment made to a specific infection. Nevertheless they did provide decryption for those who paid the ransom. They didn’t even steal any data – which is something that often happens with Ransomware. They put a lot of effort into making their malicious program look nice and work well, and barely any effort into exploiting it for financial gain. Sure 360 people or so paid the ransom, but the ransom wasn’t very much and all the data remained on the victim’s computers, none was ever stolen or permanently destroyed which is the kind of mischief we’d expect a State actor like North Korea to get up to. After all the stealing of information was clearly a motivation behind the infamous Sony Hack.

Remember, when the outbreak happened back in May, every self-proclaimed “security expert” appearing on TV or cited in the papers was saying it was spread through a malicious email campaign, with no evidence whatsoever to backup their claims. I rightly called it for what it was, and pointed out that the malware had the ability to spread itself directly to any vulnerable computer connected to the internet with some obvious caveats (for example there would need to be port-forwarding from the router), and that once just one PC on a network was infected that all other vulnerable computers on the same network could be infected. This is why it was so insidious to large organisations, but seemed to affect ordinary households much less. If you had a vulnerable computer connected to the internet in May, your router probably blocked connection requests on port 445 and that would have been the only thing that saved you from infection! Oh and it’s also why security experts who examined it say there was no email campaign associated with WannaCry.

There’s also another point to make. The ransom note was translated into 28 languages. The Korean version is apparently not very good and likely machine translated, and the Chinese is much better. Of course if it was a State-sponsored actor then you might expect them to obfuscate their origin by getting a native Chinese speaker to write the note, and that wouldn’t be hard for NK to find. However the sloppy Korean note suggests that it wasn’t written by a native Korean speaker.

WannaCry was a huge public attack, that has resulted it people being more mindful of cybersecurity. This fact completely contradicts the usual intentions of a State-sponsored actor who generally want their attacks to be carried out quietly in secret so they can inflict as much harm as possible. This is what we see from NSA-backed attacks for example. And they want to be able to use their exploits for as long as possible.

Now I’m not saying that we know that NK was not involved. Just that it may have been China, or Russia, or South Korea, or maybe not even a State actor at all. And unless we see the respected independent non-state sponsored security firms lining up to blame NK I would remain extremely sceptical of any such claim. Do you see any of the major independent security companies backing this statement? No you don’t. What we can say, and this I think is the insulting thing about the USA’s claim that is parroted by Australia, Canada, New Zealand, Japan, South Korea, and the UK, is that the US Government and its State agency the NSA are squarely responsible for the outbreak. They’re the ones that developed the exploit and weaponized it. The ShadowBrokers are also a squarely guilty party, as they were not in any way interested in the “responsible reporting” of the security vulnerabilities. Responsible reporting means making security companies aware of the problem so they address it before it becomes widespread public knowledge. The NSA should have done that, instead they developed or bought exploits to weaponize.

Why aren’t journalists consulting the experts?

Symantec issued a statement on their blog back in May: “Despite the links to Lazarus, the WannaCry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign.” Kaspersky’s assessment was similar. So far only Microsoft’s Brad Smith squarely accused NK, but I’d hardly count him as an unbiased source of information. This surely begs the question – why are the media too lazy to get statements on the US government’s claim from the top security firms?

Why have the US only now come to blame NK? The only real difference in facts between May and now is that the hackers withdrew their bitcoin in August (and appear to have left later ransoms received in the wallets). The rest of the facts and evidence was there for them to analyse, and it’s not like the evidence is overly complicated or difficult to examine. Certainly not to the point that it would take seven months to do.

Hold the US to account

The pathetic thing about all this is the unwillingness of any sovereign nations to hold the US to account for this. Not only that but they minimise their role even further by using incorrect terminology and calling their cyber-weapons “tools”. Heck, the hackers couldn’t even be bothered to create their own exploit based on the NSA’s weapon: for the “EternalBlue” cyberweapon the hackers simply copied the NSA’s code and used it as-is!! To put that in context, that’s like saying Person A invents the firearm, and then instead of making their own version based on Person A’s firearm, Person B just copies it exactly and makes the exact same gun. So even saying that WannaCry was “based on” the NSA’s code and cyberweapons is somewhat inaccurate, it contains the exact NSA code the way that the NSA wrote it. The US claims they want to hold NK to account for it, of course without actual proof of wrongdoing, yet think they don’t want to admit any guilt. See here’s the thing, the US even arms terrorists and drug cartels with conventional weapons, and escapes being held to account. But on the other hand, if you decided to do that as an individual you could be charged with anything from inciting violence to treason and gaoled forever.

By the way, the US also invented the nuclear bomb, something North Korea is also arming themselves with. So perhaps it is time we think about holding the US to account for all this?

 

You can leave a response, or trackback from your own site.

One Response to “US accuses NK of unleashing WannaCry”

  1. Paul says:

    Great article. Came here from WHT whereI am stripeysfriend. My own country (I left the US 40 years ago for Japan) has no moral authority to accuse N Korea of arming terrorists. Agree!

Leave a Reply