Slashdot Mirror

← Back to Stories (view on slashdot.org)

WannaCry Ransomware Shares Code With North Korean Malware, Says Researchers (cyberscoop.com)

Posted by BeauHD on from the mysterious-ties dept.

New submitter unarmed8 quotes a report from CyberScoop: The ransomware known as WannaCry that spread rapidly to 300,000 machines in 150 countries over the past few days shares code with malware written by a group of North Korean hackers known as the Lazarus Group. While the shared code is important, experts warned that it's far from proof about who created and launched the ransomware attacks. Neel Mehta, a security researcher at Google, first pointed out the shared code on Monday on Twitter. The link was quickly echoed by numerous other experts. "From a technical point of view those two functions and their references are identical," said Matt Suiche, founder of United Arab Emirates-based cybersecurity firm Comaeio. "From an attribution point of view a ransomware would subscribe to the narrative of Lazarus Group, which is stealing money like we saw with multiple financial institutions with fraudulent SWIFT transactions -- having a nation-state powered ransomware leveraging crypto currency would be a first."

106 comments

  1. Mongers gonna monger... by Anonymous Coward · · Score: -1

    Got to create some more support for bombing North Korea right?

    Even though there's zero chance NK was actually involved in this amateur hour ransomware the relevant news sites will pick it up as "North Korea in cyber attack against the West. OMG!" thus pushing the warmongering agenda further along, softening up the credulous and easily led...

    1. Re:Mongers gonna monger... by EzInKy · · Score: 1

      Open to ideas here....how do you propose the world deal with North Korea?

      --
      Time is what keeps everything from happening all at once.
    2. Re:Mongers gonna monger... by Anonymous Coward · · Score: 0

      Well we can start by not pinning them with shit they clearly didn't do.

      'ZOMG! The cybercrimez!' isn't helping.

      They do enough real shit for a serious response without this nonsense.

    3. Re:Mongers gonna monger... by Anonymous Coward · · Score: 0

      I love how when forced to choose between supporting Kim Jong Un or their own country, libs immediately flock to Un.

    4. Re: Mongers gonna monger... by ian_billyboy_morris · · Score: 1

      Well, Un is probably less likely to give away highly classified intelligence to the Russians than Trump, that is one thing in his favour.

    5. Re: Mongers gonna monger... by Anonymous Coward · · Score: 0

      Don't confuse concern over the number of civilians that would die in a war in both halves of Korea for regard for Un.

    6. Re:Mongers gonna monger... by Highdude702 · · Score: 1

      I think it was a joint effort by NK and Russia! Kim Jung Putin! Stinky bastard from what I hear.

    7. Re: Mongers gonna monger... by Highdude702 · · Score: 1

      So you think a communist won't share with another communist to help their common cause?

    8. Re: Mongers gonna monger... by someone1234 · · Score: 1

      Trump's leak was not out of malice, it was out of stupidity.

      --
      Patents Drive Free Software as Hurricanes Drive Construction Industry
    9. Re: Mongers gonna monger... by Anonymous Coward · · Score: 1

      The president is the highest classification authority. If he declares something unclassified, it is. It's entity within that authority to share what he wants. As much as I do t like Trump, this is normal.

    10. Re: Mongers gonna monger... by Anonymous Coward · · Score: 0

      You think Kim and Putin are communists? Really?!

    11. Re: Mongers gonna monger... by Highdude702 · · Score: 1

      I was just stating that were the common enemy for Russia and NK, therefor I would almost garuntee they would trade secrets if it could in any way hurt us.

    12. Re: Mongers gonna monger... by Anonymous Coward · · Score: 0

      Tell that to Nixon. Could have save him big time!

    13. Re: Mongers gonna monger... by GLMDesigns · · Score: 3, Insightful

      Really? Don't you think that Hillary would have played just well with the Russians? All Putin would have to do is put a few dollars in the Clinton Foundation and bingo.

      There is no evidence of a hack or of any collusion between Trump and Russia - especially collusion that would be counter to US interests.

      Ooo. An international company (Exxon-Mobil) had business dealings with Russia. Wow. Proof of collusion. Yeah Right.
      Ooo. An international real estate company had business negotiations with Russians. Wow. Lock them the f**k up.

      Keep this stuff up guys and you'll see the end of the Democratic Party.

      --
      If you're scared of your govt then you need to further restrict its powers
      Vote 3rd Party in 2016 and beyond
    14. Re:Mongers gonna monger... by Anonymous Coward · · Score: 0

      I propose we wait for the solid fueled ICBM to get ready, then watch as the US attacks them and Washington D.C. gets nuked.

    15. Re: Mongers gonna monger... by Anonymous Coward · · Score: 0

      I was just stating that were the common enemy for Russia and NK, therefor I would almost garuntee they would trade secrets if it could in any way hurt us.

      What about Turkey and other terrorist havens among the many NATO countries which are not geographically located near the North Atlantic Ocean?

    16. Re: Mongers gonna monger... by Anonymous Coward · · Score: 0

      Belgium, Canada, Denmark, France, Iceland, Italy, Luxembourg, Netherlands, Norway, Portugal, United Kingdom, United States, Greece, Turkey, Germany, Spain, Czech Republic, Hungary, Poland, Bulgaria, Estonia, Latvia, Lithuania, Romania, Slovakia, Slovenia, Albania, Croatia

      Apart from the previously mentioned Turkey, which one of these would you call a terrorist haven? personally I'd put the US at the top of a list, being a terrorist in Albania wouldn't be great I think, the Albanian mob would probably take them for everything they have.

  2. Usually I'm a pacifist..... by beheaderaswp · · Score: 0

    Usually I'm as pacifist.. though in this situation I've reconsidered.

    No matter whether it's North Korea, Russia, or whomever.... Whoever is trying the "death by a million cuts" strategy against my country... be warned:

    Yamamoto was right. We'll take it for a little while, settle our internal issues, and turn your countries into a mini mall.

    You've been warned.

    --
    Another consultant who stuck it out.

    "We are the Priests, of the Temples of Syrinx..."
    1. Re:Usually I'm a pacifist..... by Anonymous Coward · · Score: 0

      Nobody is using any strategy against your country, so calm down.

      WannaCry was just a bunch of independent assholes ineffectually trying to make money...

    2. Re:Usually I'm a pacifist..... by Anonymous Coward · · Score: 0

      I'm sure the malware authors are quaking in their boots after that warning.

    3. Re:Usually I'm a pacifist..... by ShanghaiBill · · Score: 1

      Look at the bright side. Ransomware is malware done right. In the olden days, malware led to botnets that afflicted everyone, and little of negative consequences were borne by those with the insecure systems causing the problems. But with ransomware, the full cost falls directly into the lap of those doing the least to keep their systems secure, giving them a direct financial incentive to change their ways.

    4. Re:Usually I'm a pacifist..... by Anonymous Coward · · Score: 0

      Usually I'm as pacifist.. though in this situation I've reconsidered.

      No matter whether it's North Korea, Russia, or whomever.... Whoever is trying the "death by a million cuts" strategy against my country... be warned:

      Yamamoto was right. We'll take it for a little while, settle our internal issues, and turn your countries into a mini mall.

      You've been warned.

      HUR DUR, Mah country, Humericah Fuck Yeah!!! HUUURR!!

    5. Re: Usually I'm a pacifist..... by Anonymous Coward · · Score: 0

      Your evidence for this is where? Cite your resources

    6. Re: Usually I'm a pacifist..... by Anonymous Coward · · Score: 0

      Because, sure, North Korea would go full bore on nuclear, chemical, and biological weapons and delivery systems... and yeah they'd churn out propaganda art piece after propaganda art piece of the country flattening its enemies' capitols with nuclear weapons while having grade-school play time involving stabbing mockups of the "american bastards"... and yeah, they'd forge hundred-dollar bills in bulk... and yeah, they'd make and smuggle crystal meth.... and yeah, they'd run concentration camps... and yeah, they'd trade CBW and missiles to anyone who can pay.... and yeah, they'd run hacking campaigns against anyone who insults the Kims... and yeah, they'd assassinate Kim Jong Un's half brother overseas... and yeah, they'd have fishing boats repeatedly kidnap people off of Japanese beaches.... and yeah, they'd send commandos across the border to try to assassinate the South Korean prime minister... and yeah, they'd bomb Korea Air 858... and yeah, they'd carry out a huge SWIFT heist....

      But they'd never stoop to malware! That's just too low.

    7. Re:Usually I'm a pacifist..... by Rei · · Score: 1

      Right now, while there was a lot of movement initially, I'm not seeing much to suggest imminent US action. The Carl Vinson is there, but no other carriers. The Reagan was just headed out for sea trials, but it's needing to go back for some additional repairs. The Nimitz is still on the west coast. Really for something as complicated as North Korea you'd want at least five carrier strike groups (think GW1), particularly if the ROK doesn't let you launch attacks from their territory (which Moon Jae-in almost certainly wouldn't). Japan would help to the best of its capabilities and constitutional limits, and last I saw France was deploying a Mistral... but there's just not that much firepower there yet, versus how many targets you've got in the DPRK. At least they have THAAD in place (plus Aegis BMD from the coasts, and PAC-3s for the lower-altitude threats)... but the longer they wait the more they're going to need to expand THAAD. And if they wait too long, even THAAD will start to have trouble hitting the increasingly high-energy trajectory launches.

      Also, if the US goal was to be "do a limited strike, but make it clear that if the DPRK attacks the ROK that the consequences for it will become much worse", you're going to want something to back up that threat. Like, say, mobilizations of ground troops. Forward-deployed armour en masse waiting to be landed. Etc. None of these sorts of things seem to be in progress. The "much worse" threat could simply be "the ROK will retaliate" or "we'll bomb more" or "we'll focus on regime change rather than just disarmament"... but that's not nearly as effective of a deterrent as the threat of a full invasion.

      Perhaps this is a "stick" they're saving for later if China can't or won't manage to get the DPRK to stop this behavior. Or perhaps they're just doing like every other president has before and decided "I don't want to be the one responsible for starting a war on the Korean peninsula, I'll just pass this off to my successor". But as things stand, I'm not seeing any real movement toward military action against the DPRK. Just some showboating, and having some "counterstrike" capability in the area.

      --
      FSB hits! FSB hits! Your democracy dies. Do you want your possessions identified?
    8. Re: Usually I'm a pacifist..... by Anonymous Coward · · Score: 0

      It's not too low, but it is too small and too pointless.

      This kinds of ass-tastic ransomware that's scored, at last count $26k in Bitcoins, has all the hallmarks of a bunch of bedroom based script kiddies. There is zero reason for this malware to be North Korean state sponsored.

    9. Re: Usually I'm a pacifist..... by Anonymous Coward · · Score: 0

      $60k at present. But most people usually wait until near the end of the ransom period to pay.

    10. Re: Usually I'm a pacifist..... by Anonymous Coward · · Score: 0

      Found the paid shill.

    11. Re:Usually I'm a pacifist..... by phantomfive · · Score: 1

      Also, if the US goal was to be "do a limited strike, but make it clear that if the DPRK attacks the ROK that the consequences for it will become much worse"

      That's about the worst idea possible. If you're going to attack North Korea, you need to disable their military capability otherwise millions of innocent people will die.

      --
      "First they came for the slanderers and i said nothing."
    12. Re: Usually I'm a pacifist..... by sound+vision · · Score: 1

      The immediate cost goes to that guy, but not the full cost.

    13. Re: Usually I'm a pacifist..... by Anonymous Coward · · Score: 0

      Found the paid shill.

      Oooh, ooh, how do I get paid as a shill? I want that job!

    14. Re: Usually I'm a pacifist..... by Paradise+Pete · · Score: 1

      Your evidence for this is where? Cite your resources

      Wouldn't that be the simplest and default explanation? Anything more conspiratorial would be where the evidence would be required.

    15. Re:Usually I'm a pacifist..... by Highdude702 · · Score: 1

      Aww you mad cause we wouldn't let you in? It's ok there's always Canada. They're like our little annoying brother. I'm sure they would have you.

    16. Re:Usually I'm a pacifist..... by someone1234 · · Score: 1

      I doubt these spam emails (one of the attack vectors) are written by people, or on a machine owned by malware's author. This is usually done by botnets.

      --
      Patents Drive Free Software as Hurricanes Drive Construction Industry
    17. Re:Usually I'm a pacifist..... by Rei · · Score: 3, Informative

      you need to disable their military capability otherwise millions of innocent people will die.

      In a worst case situation only, and overwhelmingly on the DPRK side.

      Contrary to hype (which the media loves, and does before every major conflict), the DPRK does not have the ability to flatten Seoul. For example, you've apparently seen the meme that takes estimates of the total number of artillery pieces the DPRK has, multiplies by how fast an artillery piece can fire, multiplies by an hour or more, pretends that cities go down under artillery fire faster than they actually do, and then arrives at "Seoul leveled, millions dead".

      In practice, the DPRK only has 400-500 artillery pieces that can actually hit Seoul - the "Koksan" family - and some long-range MLRS systems. The Koksans are lumbering, awkward, slow-firing systems. MLRS systems take even longer to reload. Even if you discount the terrible reliability of DPRK hardware, they can't just sit there and fire. Because unlike the DPRK, the ROK has counter-battery radar and a high level of accuracy. You have to move after firing, or you only get 1-2 shots off. And unless you're shooting at the enemy's forces, you're inviting them to overrun you. Furthermore, only a minority of long-range systems are near Seoul - they have a whole DMZ to defend/threaten. And beyond that, only a fraction of their artillery is at the DMZ.

      With the Yeonpyeong attack they fired about 10 tonnes of artillery at the island, killing four and injuring 19. The DPRK might be able to get 20-30 times that launched at Seoul in a first wave. So multiply. Now, they do benefit from higher population densities in what they're firing at. On the other hand, working against that:

      1) The target density isn't as extreme as you might picture. The vast majority the area of even the most populous districts are roads, greenery, water, and single family houses.
      2) They're having to shoot from much further than when they shot at Yeonpyeong, with less accurate systems. That was pre-planned and with their best troops, not whatever arbitrary troops and hardware happen to be firing.
      3) If this was in response to a US bombing, the ROK would know about it in advance, and you would expect people to be in the shelters (the ROK uses the Seoul subway system as a shelter).
      4) Cities just don't go down that fast under artillery fire. Even sustained (aka, no need to move) fire. Look at Grozny, or Homs, or any other example in modern warfare, and the months to years it took to flatten districts of them.

      The DPRK certainly could also use CBW, but in terms of scale of destruction vs. how much effort has to go into them, they're not very efficient. They mainly function as terror weapons. The exception is contageous biowarfare, but there's no evidence that the DPRK has been developing it (it's believed they've weaponized anthrax, however); contageous biowarfare would likely blowback and hit them harder than the ROK, as the ROK has a much better communications and medical system.

      Now, talking about Seoul alone is unfair - there's also varying suburbs / border towns; Paju, the largest, is over 400k people and 10km from the nearest point on the DMZ. But the suburbs and border towns just don't have the population or population density or total population of Seoul, and you're talking "millions"; you need to literally do the media hyperbole of "flattening Seoul" to get those numbers. DPRK artillery is scattered across the whole DMZ, most of which is unpopulated. And most of it is ancient (even more obsolete than Saddam's hardware was in GW1), and it's questionable how well it all works. The DPRK prefers to build new hardware while not scrapping old hardware to boost their numbers game, rather than scrapping old systems and replacing them.

      Now, that's the artillery threat. The ballistic threat is a different beast. But it has its own problems.

      1) Their missiles have historically been highly unreliable. One model last I checked had an 88% f

      --
      FSB hits! FSB hits! Your democracy dies. Do you want your possessions identified?
    18. Re:Usually I'm a pacifist..... by phantomfive · · Score: 1

      That's some really great info. Do you mind if I ask where you got it?

      --
      "First they came for the slanderers and i said nothing."
  3. I thought this ransomware came from NSA by mea2214 · · Score: 4, Insightful

    Now it comes from North Korea? Who wrote this movie? It makes no sense.

    1. Re:I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      Even the weed isn't helping. Maybe some acid will shed some light on things, if the producers haven't already ate it all.

    2. Re:I thought this ransomware came from NSA by AHuxley · · Score: 3, Insightful

      The CIA and NSA can ensure that the code the US uses can hide its origins around the world.
      The code litter later found by experts, the staging server ip range, time zone, language will point to a list of nations.
      "Latest WikiLeaks dump exposes CIA methods to mask malware" (Mar 31, 2017)
      http://www.pcworld.com/article...
      Marble Framework, "... anti-forensic tools support other languages such as Chinese, Russian, Korean, Arabic and Farsi. “This would permit a forensic attribution double game,”"
      So a lot of code exists on file that is full of code litter that must be from different nations.

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:I thought this ransomware came from NSA by CaptainDork · · Score: 1

      This.

      You and I can grab code -- any code -- and insert a benign, "Kilroy Was Here," at will.

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      The thing about WikiLeaks and others who release hacked information is that the information being leaked cannot be verified. When someone dumps thousands of documents online the natural assumption is that "secrets" are being published so all this information must be true. How hard would it be to release 1000 cherry picked documents covering a wide range of subjects and inserting a few totally manufactured documents into the release that help reinforce the political message being put forward by the leakers and those who publish the documents. WikiLeaks and the group of Guardianistas who released the Snowden are political action group who make no secret of that fact. Those with similar political leanings make it even easier to accepting that all of the released information is 100% accurate. Add the timing of the released documents also help ensure the information surfaces to maximize media coverage over long period of times. WikiLeaks was originally pitched as a service that would help make sure the person supplying the information could remain anonymous. So far I don't think WikiLeaks has accomplished this particular service goal. What has happened instead is that a 3rd party has taken control of the information and everyone is suppose to trust that they are any better than the group the information was stolen from.

      Now every major media outlet in the world only provides opinions and reactionary headlines to capture the largest number of clicks. Headlines that have no supporting details in the actual article. The only facts published are attributed to anonymous sources who are not authorized to talk to the press with the reports and editors hiding behind shield laws. Everyone is supposed to assume that these reported facts came written on stone tablets and even questioning them will result in being struck dead by a bolt of lighting. So whether it is leaked information or reported news articles there is really no way to ascertain who is telling the truth about anything so people just pick sides and start arguing with one another until the next news cycle comes around and the arguments start all over again. It is a very dangerous time and it appears WW 3 has started and people are to distracted to see it coming. Both WW1 and WW2 started with propaganda wars and disinformation campaigns by the main players. The difference today is that the propaganda can be spread across the world in seconds without end. There are going to be a lot of Americans thanking the government for building the most powerful military on the planet because we are going to need it.

    5. Re:I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      Now it comes from North Korea? Who wrote this movie? It makes no sense.

      Uh, were you expecting to find NSAs PGP signature in their offensive toolkit?

      Give me a break. Tends to make total sense they would obfuscate the code to make it look like it came from [pain-in-the-ass-country]

    6. Re:I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      Never mind, it is probably the same "researcher" who earlier retracted his "finding" about a new strain.
      Instead of following f@#$ng clueless "technology" and "security" reporters in jumping from one sensational statement to the other, those in power should regulate how media reports these types of incidents so they don't get blown out of proportion. Oh wait... Those in power are just as fu23$ng clueless as the media. Never mind... Coming up next: police arrested a 17-year old in in connection with the wannacry pandemic. News at 11.

    7. Re:I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      Who thumbed up this illiterate mea2214 guy? Why though?

    8. Re: I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      They didn't obfuscate anything ... ghyd

    9. Re:I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      It's a case of classic misdirection.

    10. Re:I thought this ransomware came from NSA by Excelcia · · Score: 2

      The NSA wrote the attack vector code. That is, by all accounts, high quality code. The other code, the stuff that takes the attack vector and glues it into a worm and ransomeware encryptor, that was written by what is alleged now to be North Koreans.

      It's akin to someone stealing a nuclear warhead from the United States and then gluing it to a 1970 volkswagen bug with a simple radio control steering mechanism.

    11. Re:I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      I thought this ransomware came from NSA
      Now it comes from North Korea? Who wrote this movie? It makes no sense.

      Why would you possibly think that?
      There have literally been thousands of news articles in the past four days detailing over and over how the SMB self-propagating code was from the NSA, and this code was recently dumped to the public.

      What could possibly make you think it "makes no sense" that someone could take something out in the public and not possibly use it in their own stuff?

      Go visit StackExchange or github or something one day, this stuff isn't complicated.

    12. Re:I thought this ransomware came from NSA by Fire_Wraith · · Score: 1

      The thing about software is that it's not static assuming you have the source code. You can tinker with it, add to or change it, and make it do different things. You can add features. You can drop some ransomware code on top of the existing delivery mechanism, and tell it to phone home to Pyongyang instead of the NSA or whereever.

      And you don't need to look at who committed the changes in your repository to necessarily know who did it. Programming tends to have a characteristic style, much like handwriting, and few are entirely alike. Different programmers will write the same function a different way. Some of it might just be the variable names they choose, or it might be how they lay out the code. You may also see organizational techniques, such as if certain practices are mandated. There's lots of other ways, really. Go look at any project of suitably large size with multiple disparate coders contributing, and you'll see what I mean by comparing their code.

      This isn't to say that TFA's conclusions are right, as I haven't looked at any of it, but it's entirely conceivable that someone in North Korea took the leaked NSA code and wrote new parts to change and reuse it.

    13. Re: I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      no, the nsa didnt write the ransomware but the ransomware authors used leaked exploits to make it more dangerous. had read on a d8fferent forum, bleepingcomputer i think where someon claimed to have id'd this same btc address having been used on almost a half dozen other wares that never quite made it to the big leagues..oh well, 7th times a charm.

    14. Re: I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      So your great idea is "censor the media!"
      No wonder people ignore you.

    15. Re:I thought this ransomware came from NSA by hcs_$reboot · · Score: 1

      Makes sense, assuming the NSA got initially the code from NK.

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    16. Re:I thought this ransomware came from NSA by hcs_$reboot · · Score: 1

      Who wrote this movie? It makes no sense.

      Did someone see Adam Sandler work on a script recently?

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    17. Re:I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      I guess the North Koreans took the NSA exploit and deployed it as WannaCry.

    18. Re:I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      If wikileaks was lying, someone would point to the false document.

      Donna Brazille tried exactly that. Assange promptly produces the DKIM signature proving it was really hers.

      Wikileaks goes through documents immensely. They would risk everything if they were caught in a mistake, and lose everything if they were caught in a lie. So they never lie, and thus far, have never made a mistake.

    19. Re:I thought this ransomware came from NSA by tinkerton · · Score: 1

      Also Trump is really working for the North Koreans. His interest in normalization of ties with Russia is just a diversion.

    20. Re: I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      The ww2 propaganda never stopped in the US.

    21. Re:I thought this ransomware came from NSA by Anonymous Coward · · Score: 0

      All these spooks buy and steal shit off each other all the time though.

      If you ever looked through CIA leaks, there are numerous references to exploits bought from GCHQ, for example.

    22. Re:I thought this ransomware came from NSA by houghi · · Score: 1

      Not sure who wrote it, but it is now clear why it was stolen from Disney.

      --
      Don't fight for your country, if your country does not fight for you.
    23. Re: I thought this ransomware came from NSA by guruevi · · Score: 1

      It's a great way to deflect and just shows you how stupid the media thinks the plebes are. The malware was written by the NSA most likely in cooperation with Microsoft and therefore their responsibility.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    24. Re:I thought this ransomware came from NSA by mjwx · · Score: 1

      Now it comes from North Korea? Who wrote this movie? It makes no sense.

      No, if you read the article, it contains code also found in known North Korean malware... which means both users just got the code off of whatever the black hat version of Stack Exchange is.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  4. gotta blame somebody by Anonymous Coward · · Score: 0

    who leaves unregistered domain fir kill switch hidden under the hood? certainly, state actors are better then that.

    1. Re:gotta blame somebody by Anonymous Coward · · Score: 0

      Depends on the quality of the hacking team. I'd expect better from the US, Russia, China, Israel, etc. But North Korea, though? They're mainly script kiddies and phishers.

  5. Entirely plausible. by Gravis+Zero · · Score: 1

    One thing N. Korea lacks is resources/money to buy stuff (from China and Russia). They are the most prolific counterfeiter of $100... and then the $100 bill was changed. It seems entirely plausible that they are trying to replace their counterfeiting with cybercrime.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re: Entirely plausible. by Anonymous Coward · · Score: 0

      plus cyber crime is hard to attribute without a third party leak so plausible deniability is easy to hold onto. this may well lead to more push to deanonymize the net, make trusted and untrusted highways to lock out known proxy traffic. basically an hdcp like protocol that can trace back to a machine instead of a proxy.

    2. Re:Entirely plausible. by Anonymous Coward · · Score: 0

      Yeah the $60k they've extorted is going to make a massive difference to the North Korean coffers....

      They might be able to buy some new decals from Alibaba for their rockets...

  6. the propaganda narrative needs work. by nimbius · · Score: 4, Insightful

    Either North Korea is an impoverished dictatorship that could never, ever launch a successful ICBM and routinely runs out of energy and food, or its an underground powerhouse releasing some of the deadliest malware to date and rivals the US and Russia in technical prowess.

    Theres also the unresolved dependency that this exploit came from the NSA. Nice try.

    --
    Good people go to bed earlier.
    1. Re:the propaganda narrative needs work. by Anonymous Coward · · Score: -1

      You give the NSA credit, but it was Microsoft that made the decision to fire their QA, security experts, and more senior developers because they were considered too expensive. Several of my friends that had been there over twenty years and several of my new coworkers that we hired were laid-off from Microsoft. Security problems don't affect the bottom line so the new president of Microsoft Brad Smith, that is a lawyer and still the chief legal officer, just doesn't grok the big picture. He isn't a tech guy so you can't completely blame him. It is the fault of the board for putting a guy in charge that doesn't understand technology.

    2. Re:the propaganda narrative needs work. by ScentCone · · Score: 2

      Yeah, that explains why they never patched this. Oh, I mean, other than when they did, a couple months ago. And why they still recommend that people use old stuff, like XP. I mean, other than telling them not to for years now.

      --
      Don't disappoint your bird dog. Go to the range.
    3. Re:the propaganda narrative needs work. by Anonymous Coward · · Score: 0

      The exploit is not the payload derp.

    4. Re:the propaganda narrative needs work. by xlsior · · Score: 3, Insightful

      Theres also the unresolved dependency that this exploit came from the NSA. Nice try.

      That's not mutually exclusive.

      The exploit for the security hole that it uses to spread presumably came from the leaked NSA code, but that doesn't mean that the rest of the virus did. Theoretically anyone could have bolted the exploit code as an attack vector onto their existing program/virus framework, which means that the final product -could- have a lot in commmon with other malware that's been seen before.

    5. Re:the propaganda narrative needs work. by Rei · · Score: 3, Informative

      It's weird how people generally give North Korea either too much or too little credit, often at the same time.

      First off, North Korea is not at present starving its people. The North Korean economy has been growing at a rather good clip. They're trying to make Pyongyang into a model city with a lot of impressive architecture projects. While they're generally rushed and substandard construction, they're visually quite impressive (the DPRK actually has some good architects and artists - one of their biggest sources of foreign currency is giant statues built for African dictators - I kid you not). There's now nearly 3 million cell phones in the DPRK. They can't connect out of the country, but the country is modernizing (while still trying - and progressively getting worse at - keeping its people isolated). DVD and Blu-Ray players are not that rare, particularly in cities, and the government is increasingly giving up on trying to stop media smuggled in from China. They don't mind US and European movies / TV sneaking in that much anymore, but South Korean media still bugs them a lot (because their propaganda tries to portray the South as impoverished and oppressed by the US, a country that they need to "save").

      DPRK military technology, including missile technology, is a piecemeal mix of foreign tech (either imported legitimately, or acquired illegally and smuggled) and legitimate homegrown engineering. Some of their solutions are rather "hacks", but they work. For example, one of their missiles that kept flying out of control... later pictures of it showed a ton of big grid fins on the back, making it like a shuttlecock. Then it worked. Sure, that's added drag and it's going to make it light up radar screens like a Christmas tree, but they want to advance their technology as fast as possible. They're following a natural rocketry progression. Their latest rockets, for example, appear to now use a common bulkhead approach to reduce mass rather than two separate tanks. They're working with better materials. Their Q&A and local manufacturing quality is low. But it'll get the job done. They expect failures. When they shelled Yeonpyeong, only half of the shells even hit the island, a quarter of those that hit it didn't explode, and most of their shots were aimed based on obsolete maps, or just aimed poorly. But they simply put out enough firepower to overcome that. And that's undoubtedly going to be the same strategy that they pursue with missiles - "so what if a lot of them explode on the pad, in the air, go way off course.... we'll just make enough that some of them will get through."

      You know, in a way, the DPRK is sort playing a high-stakes game of Kerbal Space Program.

      --
      FSB hits! FSB hits! Your democracy dies. Do you want your possessions identified?
    6. Re:the propaganda narrative needs work. by Fire_Wraith · · Score: 3, Informative

      It's entirely believable that the country is impoverished, starving, short on energy and food, and at the same time is developing nukes, icbms, and has a cyber hacking unit. This is the sort of thing that's possible when you have a totalitarian dictatorship that decides the latter things are more important than the former. What do you expect the average North Korean to do about it? Protest or complain, so they can get themselves and three generations of their family thrown into a permanent prison camp?
      (Citation: http://www.cbsnews.com/news/no... )

      The elites live well, mostly in the capital city of Pyongyang, but the rest of the country is in terrible shape, because the resources and money that might otherwise be used to help alleviate those terrible conditions instead goes to weapons, missiles, nukes, etc. This is why the only lights in North Korea at night are pretty much the ones in Pyongyang, as seen here: http://news.nationalgeographic...

    7. Re:the propaganda narrative needs work. by xvan · · Score: 1

      South Korean media still bugs them a lot (because their propaganda tries to portray the South as impoverished and oppressed by the US, a country that they need to "save"

      Well, they had their president puppeted by a mentalist, they might actually need some sort of saving.

    8. Re:the propaganda narrative needs work. by Anonymous Coward · · Score: 0

      > old stuff, like XP.

      Or like Vista. We still run Vista on more than half of our Windows desktops since we have so many legacy programs that won't run on 7 or newer. Yes, XP mode on 7 is nice and works, but we failed at deploying it since we have so many call center employees that just didn't grok it. It sucks that Microsoft is so terrible at backwards compatibility.

    9. Re:the propaganda narrative needs work. by Anonymous Coward · · Score: 0

      We have 29 apps that our IT department has to officially support. 26 of them will not run on Windows 10 without problems which is why we're buying offlease XP machines. Managing ten year-old used desktops really sucks. I wish Microsoft would get their act together and hire back some of the older and more expensive developers that they laid-off. I live in Redmond, WA about 200 yards from Microsoft Redwest so most of my friends and neighbors at one time or another worked for Microsoft and are no longer working there. Most of our apps will run under DOSBox, but I really, really don't want to go that route since I would be the only one here that could support running DOSBox under Linux. WINE also works well, but it has the same problem of having to support Linux. I'm stuck between a rock and a hard place.

    10. Re: the propaganda narrative needs work. by Anonymous Coward · · Score: 0

      they have schools and foreign professors teaching technology. their wepons program is supported by china, at least. cultivate the few and suppess the many

    11. Re: the propaganda narrative needs work. by Anonymous Coward · · Score: 0

      Better run

    12. Re: the propaganda narrative needs work. by ian_billyboy_morris · · Score: 1

      Dosbox runs under Windows too doesn't it?

    13. Re: the propaganda narrative needs work. by Anonymous Coward · · Score: 0

      Producing ICBMs requires expertise, parts, and manufacturing process that are not easily obtainable. Feeding their population would require them to actually care to divert resources. Fuel is the subject of embargoes.

      By contrast, creating malware around a well documented exploit is a walk in the park. I personally think this is more likely a non-state actor who didn't expect their ransom ware would spread on such a large scale. That the decryption keys are delivered manually is not compatible with an intentionally large-scale effort.

    14. Re: the propaganda narrative needs work. by Anonymous Coward · · Score: 0

      Not in his imaginary scenario.

    15. Re:the propaganda narrative needs work. by houghi · · Score: 1

      I think you confuse ICBM with IBM.

      --
      Don't fight for your country, if your country does not fight for you.
    16. Re:the propaganda narrative needs work. by AmiMoJo · · Score: 1

      If the NSA can have their code stolen, why can't North Korea have its malware appropriated to form part of this ransomware too?

      I suppose the whole ransom thing could be a false flag to divert attention from the real source, but it seems unlikely. Why use such a powerful weapon now? The timing doesn't seem to benefit anyone. If anything it is distracting people from NK's missile tests.

      It reeks of people slightly above script kiddie level bolting together some stolen exploits to older ransomware code, releasing it and then completely fucking up the ??? stage that leads to profit. They are going to jail for a long time, for less money than they could earn in a year writing databases in some office.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    17. Re:the propaganda narrative needs work. by dj245 · · Score: 2

      Their Q&A and local manufacturing quality is low. But it'll get the job done. They expect failures. When they shelled Yeonpyeong, only half of the shells even hit the island, a quarter of those that hit it didn't explode, and most of their shots were aimed based on obsolete maps, or just aimed poorly. But they simply put out enough firepower to overcome that. And that's undoubtedly going to be the same strategy that they pursue with missiles - "so what if a lot of them explode on the pad, in the air, go way off course.... we'll just make enough that some of them will get through."

      You know, in a way, the DPRK is sort playing a high-stakes game of Kerbal Space Program.

      Rocket science isn't easy, and they are certainly handicapped by being embargoed both in information and physical goods. The assumption that their manufacturing quality is low may not be correct. I was surprised to find on my trip to the DPRK in 2014 that several of the factories that we visited, including a foundry, were ISO 9001 certified. Anybody will tell you that ISO 9001 certification is no guarantee of quality, but the tools of high quality manufacturing (CAD, computer design and simulation, CNC, management systems) are widely available and there is no reason to believe that the DPRK wouldn't use them. Casting and forging Inconel isn't particularly difficult, any material engineer with the right books can work it out. You can even get Inconel powder and make parts with additive machining [3d printing] without much fuss.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    18. Re:the propaganda narrative needs work. by dj245 · · Score: 1

      The elites live well, mostly in the capital city of Pyongyang, but the rest of the country is in terrible shape, because the resources and money that might otherwise be used to help alleviate those terrible conditions instead goes to weapons, missiles, nukes, etc. This is why the only lights in North Korea at night are pretty much the ones in Pyongyang, as seen here: http://news.nationalgeographic...

      Is light pollution desirable? You could say the same thing about Philippines, Cambodia, Laos, Indonesia or any number of other poor asian countries. The big cities are lit up, and the countryside is mostly dark. All of these countries have significant inequality. Several of these countries are actively committing or allowing various forms of genocide. Singling out North Korea as "the bad one" seems a bit strange to me.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    19. Re: the propaganda narrative needs work. by Anonymous Coward · · Score: 0

      GP here. I did not know that. Downloading it now to test. Thank you!

    20. Re:the propaganda narrative needs work. by radarskiy · · Score: 1

      Clearly, it is not possible that there are no self-taught rocket scientists yet many self-taught programmers.

    21. Re:the propaganda narrative needs work. by Anonymous Coward · · Score: 0

      We have 29 apps that our IT department has to officially support. 26 of them will not run on Windows 10 without problems which is why we're buying offlease XP machines. Managing ten year-old used desktops really sucks. I wish Microsoft would get their act together and hire back some of the older and more expensive developers that they laid-off.

      Why would they do that? Your org cheapened out and moved important stuff to a Windows-only platform ages ago when quite a lot of the Linux community was urging a cross-platform approach. If your org was too cheap to do it properly, why do you expect MS to take on that expense, especially when it is not in their interests to do so?

      "But Ubuntu/Gnome/KDE is too hard for our employees to use" - Harder than getting XP machines?

      "Our devs can't develop for anything but Windows" - But your admins can magic XP machines into existence?

      "But everyone uses MS" - And they do so at the same great cost that you are experiencing; some more, some less.

      If you choose MS and they eventually deprecate the platform, you have no one to blame but yourself. Stop blaming MS - they told you upfront how it was going to be. You agreed to it.

  7. Are they really in it for the money? by Anonymous Coward · · Score: 0

    Ransomware decrypts Taiwanese netizen's computer due to his low income...
    http://www.taiwannews.com.tw/en/news/3161826

  8. Not conclusive by gweihir · · Score: 1

    Malware authors steal from each other all the time. Sometimes you see a patchwork of different styles and skill-levels and constructs that make not any sense, except if a later attacker did not really understand the code he was modifying. Still interesting though.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  9. Could it be a North Korean peace feeler? by Applehu+Akbar · · Score: 1

    NK has earned itself megatons of bad publicity by keeping South Korea at the edge of war for two generations, by kidnapping people at random off Asian beaches, and most recently by taking American hostages.

    But now, with war threatening and their starvation problem not getting any better, NK may think it is doing us a favor by destroying Windows. It would be as if the last remnants of ISIS were to come up with a cure for Ebola.

  10. Except that the Lazarus group isn't North Koreans by thisisauniqueid · · Score: 2

    Except that the Lazarus group isn't North Koreans, it's a group of South Koreans who are amused by the media giving the credit to North Korea.

  11. North Korean Hackers? by Anonymous Coward · · Score: 0

    Isn't that a misnomer? I mean come'on, the whole country of North Korea doesn't even have Internet access. How can they even have hackers?

    1. Re:North Korean Hackers? by hcs_$reboot · · Score: 1

      North Korea doesn't even have Internet access. How can they even have hackers?

      They have. We are currently investigated among all the twelve PC owners in NK.

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    2. Re:North Korean Hackers? by Anonymous Coward · · Score: 0

      They only hack during the day, because NK turns the electricity off at night.

  12. "state actors" by Tom · · Score: 1

    Who says that everyone based in North Korea is working for the government? We don't assume every US hacker works for the CIA, do we? Especially in countries such as NK, China, Russia, I would first assume that they are simple criminals, or maybe people trying to make a fortune and then get the hell out of there (which takes a lot of money. I just moved to another country, just within Europe, and it cost me a fortune).

    Judging from the country I know a little about - Russia - I'm sure you can find ties to the government, the police, maybe the secret service. But that's not necessarily because the whole operation is a government operation. It could very well be simple corruption. The criminals and the police are closer to each other than us ordinary people are to either of them. That's true for western countries as well, but not to the same degree.

    --
    Assorted stuff I do sometimes: Lemuria.org
    1. Re:"state actors" by Anonymous Coward · · Score: 0

      every hacker in the world "works for" whoever they need to tell you they work for at the moment.
      today, they need a reason to attack NK
      hence,the hackers are from NK

  13. Not really! by Anonymous Coward · · Score: 1

    Let me guess, if this ransomware spread happened 15 years ago should we have blamed it on Iraq? So that we can bomb it later ... Common guys! Stop spreading ugly propaganda news.

  14. Well it certainly shares some code from by Anonymous Coward · · Score: 0

    The No Such Agency people.

  15. WMDs by Anonymous Coward · · Score: 1

    Gosh, how convenient. The US government has been looking for an excuse to have a go at North Korea, and now some ransonware appears to have a tenuous link to the country.

    Kind of like the same way Iraq was harbouring Weapons of Mass Destruction. We'd best nip this in the bud as soon as possible.

  16. North Korea haven't got the expertise by Anonymous Coward · · Score: 0

    stop trying to blame them for everything. There is no proof, just wild speculation and dishonest accusations by the U.S. It's not working.

  17. This surprises you "OpenSORES" goofs? by Anonymous Coward · · Score: 0

    See my subject: You'll always have issues as you STEAL others' code & ones like SQLite bugs too I noted https://it.slashdot.org/comments.pl?sid=10606043&cid=54411855/ - In this case?

    * You can't even apply DIRECT ATTRIBUTION as to who wrote what here...

    APK

    P.S.=> OpenSORES also "backfired" on JOOgle via Chrome EFast malware - Which is WHY I won't reveal the code I write, RIGHT there (dumb move of Google that was - but OH YEAH - that's right - >b?Google DIDN'T EVEN WRITE CHROME iirc (they picked it up off someone who DID actually write it))... apk

    1. Re: This surprises you "OpenSORES" goofs? by Anonymous Coward · · Score: 0

      In Soviet Whereverthefuckyourefromistan, the Ingrischen is in you.

  18. yay for north korea by Anonymous Coward · · Score: 0

    north korea and cryptocurrency deserve each other, good riddance to both.

  19. fabrication and false attribution by Anonymous Coward · · Score: 0

    The three letter agencies can make software or traffic "appear" to come from where ever they want.

    Snowden proved this, he exposed their tricks of spoofing addresses and embedding foreign language clues in the code.

  20. Pot is legal in NK by Anonymous Coward · · Score: 0

    If the NK leader made more of a deal about this, I don't think he would find it too hard to get pen testers to go and work for him for a while. Sure people would be tentative at first, but once proven, and I suppose you don't have to go over there, work remotely.

    Actually, he could probably get all those with an interest in nuclear but don't work for their government because of drug screening to hop on over to NK.

    He could offer off shore banking as well, he would need a big team of software developers.

    An off shore company in NK would be excellent, you could sell all your digital wares through NK, bank there and pay no tax.

    With all of this going on, North Korea wouldn't want to launch a nuclear attack. For world peace let's make Korea great again.