Slashdot Mirror
WannaCry Ransomware Shares Code With North Korean Malware, Says Researchers (cyberscoop.com)
New submitter unarmed8 quotes a report from CyberScoop: The ransomware known as WannaCry that spread rapidly to 300,000 machines in 150 countries over the past few days shares code with malware written by a group of North Korean hackers known as the Lazarus Group. While the shared code is important, experts warned that it's far from proof about who created and launched the ransomware attacks. Neel Mehta, a security researcher at Google, first pointed out the shared code on Monday on Twitter. The link was quickly echoed by numerous other experts. "From a technical point of view those two functions and their references are identical," said Matt Suiche, founder of United Arab Emirates-based cybersecurity firm Comaeio. "From an attribution point of view a ransomware would subscribe to the narrative of Lazarus Group, which is stealing money like we saw with multiple financial institutions with fraudulent SWIFT transactions -- having a nation-state powered ransomware leveraging crypto currency would be a first."
Now it comes from North Korea? Who wrote this movie? It makes no sense.
Look at the bright side. Ransomware is malware done right. In the olden days, malware led to botnets that afflicted everyone, and little of negative consequences were borne by those with the insecure systems causing the problems. But with ransomware, the full cost falls directly into the lap of those doing the least to keep their systems secure, giving them a direct financial incentive to change their ways.
One thing N. Korea lacks is resources/money to buy stuff (from China and Russia). They are the most prolific counterfeiter of $100... and then the $100 bill was changed. It seems entirely plausible that they are trying to replace their counterfeiting with cybercrime.
Anons need not reply. Questions end with a question mark.
Either North Korea is an impoverished dictatorship that could never, ever launch a successful ICBM and routinely runs out of energy and food, or its an underground powerhouse releasing some of the deadliest malware to date and rivals the US and Russia in technical prowess.
Theres also the unresolved dependency that this exploit came from the NSA. Nice try.
Good people go to bed earlier.
Malware authors steal from each other all the time. Sometimes you see a patchwork of different styles and skill-levels and constructs that make not any sense, except if a later attacker did not really understand the code he was modifying. Still interesting though.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Right now, while there was a lot of movement initially, I'm not seeing much to suggest imminent US action. The Carl Vinson is there, but no other carriers. The Reagan was just headed out for sea trials, but it's needing to go back for some additional repairs. The Nimitz is still on the west coast. Really for something as complicated as North Korea you'd want at least five carrier strike groups (think GW1), particularly if the ROK doesn't let you launch attacks from their territory (which Moon Jae-in almost certainly wouldn't). Japan would help to the best of its capabilities and constitutional limits, and last I saw France was deploying a Mistral... but there's just not that much firepower there yet, versus how many targets you've got in the DPRK. At least they have THAAD in place (plus Aegis BMD from the coasts, and PAC-3s for the lower-altitude threats)... but the longer they wait the more they're going to need to expand THAAD. And if they wait too long, even THAAD will start to have trouble hitting the increasingly high-energy trajectory launches.
Also, if the US goal was to be "do a limited strike, but make it clear that if the DPRK attacks the ROK that the consequences for it will become much worse", you're going to want something to back up that threat. Like, say, mobilizations of ground troops. Forward-deployed armour en masse waiting to be landed. Etc. None of these sorts of things seem to be in progress. The "much worse" threat could simply be "the ROK will retaliate" or "we'll bomb more" or "we'll focus on regime change rather than just disarmament"... but that's not nearly as effective of a deterrent as the threat of a full invasion.
Perhaps this is a "stick" they're saving for later if China can't or won't manage to get the DPRK to stop this behavior. Or perhaps they're just doing like every other president has before and decided "I don't want to be the one responsible for starting a war on the Korean peninsula, I'll just pass this off to my successor". But as things stand, I'm not seeing any real movement toward military action against the DPRK. Just some showboating, and having some "counterstrike" capability in the area.
FSB hits! FSB hits! Your democracy dies. Do you want your possessions identified?
NK has earned itself megatons of bad publicity by keeping South Korea at the edge of war for two generations, by kidnapping people at random off Asian beaches, and most recently by taking American hostages.
But now, with war threatening and their starvation problem not getting any better, NK may think it is doing us a favor by destroying Windows. It would be as if the last remnants of ISIS were to come up with a cure for Ebola.
Open to ideas here....how do you propose the world deal with North Korea?
Time is what keeps everything from happening all at once.
Also, if the US goal was to be "do a limited strike, but make it clear that if the DPRK attacks the ROK that the consequences for it will become much worse"
That's about the worst idea possible. If you're going to attack North Korea, you need to disable their military capability otherwise millions of innocent people will die.
"First they came for the slanderers and i said nothing."
Except that the Lazarus group isn't North Koreans, it's a group of South Koreans who are amused by the media giving the credit to North Korea.
Well, Un is probably less likely to give away highly classified intelligence to the Russians than Trump, that is one thing in his favour.
North Korea doesn't even have Internet access. How can they even have hackers?
They have. We are currently investigated among all the twelve PC owners in NK.
Slashdot, fix the reply notifications... You won't get away with it...
The immediate cost goes to that guy, but not the full cost.
Who says that everyone based in North Korea is working for the government? We don't assume every US hacker works for the CIA, do we? Especially in countries such as NK, China, Russia, I would first assume that they are simple criminals, or maybe people trying to make a fortune and then get the hell out of there (which takes a lot of money. I just moved to another country, just within Europe, and it cost me a fortune).
Judging from the country I know a little about - Russia - I'm sure you can find ties to the government, the police, maybe the secret service. But that's not necessarily because the whole operation is a government operation. It could very well be simple corruption. The criminals and the police are closer to each other than us ordinary people are to either of them. That's true for western countries as well, but not to the same degree.
Assorted stuff I do sometimes: Lemuria.org
Wouldn't that be the simplest and default explanation? Anything more conspiratorial would be where the evidence would be required.
I think it was a joint effort by NK and Russia! Kim Jung Putin! Stinky bastard from what I hear.
Let me guess, if this ransomware spread happened 15 years ago should we have blamed it on Iraq? So that we can bomb it later ... Common guys! Stop spreading ugly propaganda news.
So you think a communist won't share with another communist to help their common cause?
Aww you mad cause we wouldn't let you in? It's ok there's always Canada. They're like our little annoying brother. I'm sure they would have you.
Trump's leak was not out of malice, it was out of stupidity.
Patents Drive Free Software as Hurricanes Drive Construction Industry
I doubt these spam emails (one of the attack vectors) are written by people, or on a machine owned by malware's author. This is usually done by botnets.
Patents Drive Free Software as Hurricanes Drive Construction Industry
Gosh, how convenient. The US government has been looking for an excuse to have a go at North Korea, and now some ransonware appears to have a tenuous link to the country.
Kind of like the same way Iraq was harbouring Weapons of Mass Destruction. We'd best nip this in the bud as soon as possible.
The president is the highest classification authority. If he declares something unclassified, it is. It's entity within that authority to share what he wants. As much as I do t like Trump, this is normal.
In a worst case situation only, and overwhelmingly on the DPRK side.
Contrary to hype (which the media loves, and does before every major conflict), the DPRK does not have the ability to flatten Seoul. For example, you've apparently seen the meme that takes estimates of the total number of artillery pieces the DPRK has, multiplies by how fast an artillery piece can fire, multiplies by an hour or more, pretends that cities go down under artillery fire faster than they actually do, and then arrives at "Seoul leveled, millions dead".
In practice, the DPRK only has 400-500 artillery pieces that can actually hit Seoul - the "Koksan" family - and some long-range MLRS systems. The Koksans are lumbering, awkward, slow-firing systems. MLRS systems take even longer to reload. Even if you discount the terrible reliability of DPRK hardware, they can't just sit there and fire. Because unlike the DPRK, the ROK has counter-battery radar and a high level of accuracy. You have to move after firing, or you only get 1-2 shots off. And unless you're shooting at the enemy's forces, you're inviting them to overrun you. Furthermore, only a minority of long-range systems are near Seoul - they have a whole DMZ to defend/threaten. And beyond that, only a fraction of their artillery is at the DMZ.
With the Yeonpyeong attack they fired about 10 tonnes of artillery at the island, killing four and injuring 19. The DPRK might be able to get 20-30 times that launched at Seoul in a first wave. So multiply. Now, they do benefit from higher population densities in what they're firing at. On the other hand, working against that:
1) The target density isn't as extreme as you might picture. The vast majority the area of even the most populous districts are roads, greenery, water, and single family houses.
2) They're having to shoot from much further than when they shot at Yeonpyeong, with less accurate systems. That was pre-planned and with their best troops, not whatever arbitrary troops and hardware happen to be firing.
3) If this was in response to a US bombing, the ROK would know about it in advance, and you would expect people to be in the shelters (the ROK uses the Seoul subway system as a shelter).
4) Cities just don't go down that fast under artillery fire. Even sustained (aka, no need to move) fire. Look at Grozny, or Homs, or any other example in modern warfare, and the months to years it took to flatten districts of them.
The DPRK certainly could also use CBW, but in terms of scale of destruction vs. how much effort has to go into them, they're not very efficient. They mainly function as terror weapons. The exception is contageous biowarfare, but there's no evidence that the DPRK has been developing it (it's believed they've weaponized anthrax, however); contageous biowarfare would likely blowback and hit them harder than the ROK, as the ROK has a much better communications and medical system.
Now, talking about Seoul alone is unfair - there's also varying suburbs / border towns; Paju, the largest, is over 400k people and 10km from the nearest point on the DMZ. But the suburbs and border towns just don't have the population or population density or total population of Seoul, and you're talking "millions"; you need to literally do the media hyperbole of "flattening Seoul" to get those numbers. DPRK artillery is scattered across the whole DMZ, most of which is unpopulated. And most of it is ancient (even more obsolete than Saddam's hardware was in GW1), and it's questionable how well it all works. The DPRK prefers to build new hardware while not scrapping old hardware to boost their numbers game, rather than scrapping old systems and replacing them.
Now, that's the artillery threat. The ballistic threat is a different beast. But it has its own problems.
1) Their missiles have historically been highly unreliable. One model last I checked had an 88% f
FSB hits! FSB hits! Your democracy dies. Do you want your possessions identified?
I was just stating that were the common enemy for Russia and NK, therefor I would almost garuntee they would trade secrets if it could in any way hurt us.
Really? Don't you think that Hillary would have played just well with the Russians? All Putin would have to do is put a few dollars in the Clinton Foundation and bingo.
There is no evidence of a hack or of any collusion between Trump and Russia - especially collusion that would be counter to US interests.
Ooo. An international company (Exxon-Mobil) had business dealings with Russia. Wow. Proof of collusion. Yeah Right.
Ooo. An international real estate company had business negotiations with Russians. Wow. Lock them the f**k up.
Keep this stuff up guys and you'll see the end of the Democratic Party.
If you're scared of your govt then you need to further restrict its powers
Vote 3rd Party in 2016 and beyond
That's some really great info. Do you mind if I ask where you got it?
"First they came for the slanderers and i said nothing."