Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Links WannaCry To North Korea (washingtonpost.com)

Posted by BeauHD on from the finger-pointing dept.

An anonymous reader quotes a report from The Washington Post: The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300,000 people in some 150 countries last month, according to U.S. intelligence officials. The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets that point with "moderate confidence" to North Korea's spy agency, the Reconnaissance General Bureau, according to an individual familiar with the report. The assessment states that "cyber actors" suspected to be "sponsored by" the RGB were behind two versions of WannaCry, a worm that was built around an NSA hacking tool that had been obtained and posted online last year by an anonymous group calling itself the Shadow Brokers. Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other Western spy agencies. It states that the hackers behind WannaCry are also called "the Lazarus Group," a name used by private-sector researchers.

40 of 99 comments (clear)

  1. Oh by Anonymous Coward · · Score: 5, Insightful

    How convenient

    1. Re:Oh by TFlan91 · · Score: 3, Funny

      Looks like NK needs some democracy

    2. Re:Oh by AmiMoJo · · Score: 1

      NK has gained nothing from this. Maybe a small amount of cash that they can't do much with anyway.

      NK is now the default option to blame when you don't have a clue - they deny everything anyway so no-one will take their denial as proof that you are wrong.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. It's only bad when they do it, not us!!! by Anonymous Coward · · Score: 5, Insightful

    Honestly such hypocrisy and double standards - the nsa hacks get leaked all the time and used for evil but when its another government doing it everyone must get up in arms about it! But as the dumbo in chief always says, its #fakesnews don't believe it folks!

    1. Re: It's only bad when they do it, not us!!! by Anonymous Coward · · Score: 1

      I'm sorry, but the NSA doesn't infect healthcare networks with ransomware and demand bitcoin payments. They surely do their fair share of offensive cyber operations, but not like criminals looking to score a buck.

    2. Re:It's only bad when they do it, not us!!! by phantomfive · · Score: 1

      It's ironic because the NSA actually made these weapons.
      Also, whoever did wannaCry was seriously amateur. I'm not impressed with the NSA "secret analysis." The NSA is known to be liars for propaganda purposes.

      --
      "First they came for the slanderers and i said nothing."
  3. Funny! by helsinki92 · · Score: 5, Funny

    Pot, meet Kettle. NSA finds the exploit and North Korea weaponizes it and sends it into the wild.

  4. Bullshit by Anonymous Coward · · Score: 5, Insightful

    I don't beleive anything three letter agencies say any more about this stuff. It's already leaked that they have stockpiled these sorts of voilnerabilities and it was also shown in Wikileaks that they can and do impersonate other countries.

    How do we know this isn't the Military Industrial complex trying to secure more lucrative sales?

    1. Re:Bullshit by Anonymous Coward · · Score: 5, Funny

      How do we know you're not a paid shill employed by foreign nations to help undermine public trust in American agencies?

    2. Re:Bullshit by Anonymous Coward · · Score: 1

      I don't beleive anything three letter agencies say any more about this stuff. It's already leaked that they have stockpiled these sorts of voilnerabilities and it was also shown in Wikileaks that they can and do impersonate other countries.

      How do we know this isn't the Military Industrial complex trying to secure more lucrative sales?

      North Korea is constantly threatening with physical tests using actual missiles. Somehow I don't see how a virtual threat is necessary in order to bolster budget justification to mitigate the risks related to that country and its regime. With threats splashing down closer and closer each year, the justification tends to be rather blatant.

      Besides, I don't think it was them. If their missile program is any indication, they don't have hackers smart enough to execute a virtual attack even with borrowed code.

    3. Re:Bullshit by Kiaser+Zohsay · · Score: 4, Interesting

      The only TLA that applies here is "CYA". I guess they think it's less embarrassing for another state actor to weaponize their leaked vulnerabilities than for some script kiddies scamming for bitcoin to do it.

      --
      I am not your blowing wind, I am the lightning.
    4. Re:Bullshit by DarenN · · Score: 2, Interesting

      Pyonyang has been financing itself for years by cyber attacks on large banks - they have quite sophisticated hacking abilities. They've also been under sustained cyber attack themselves (if a NK missile goes walkabout on test firing there's a fair chance it was compromised although it's not definite because they do have other quality issues) so I assume that they are reasonably sophisticated in cyber defense.

      --
      Rational thought is the only true freedom
    5. Re:Bullshit by Coisiche · · Score: 3, Insightful

      Well except for all those Bitcoins they just made out of WannaCry (allegedly).

    6. Re:Bullshit by DontBeAMoran · · Score: 4, Funny

      I don't believe anything three letter agencies say any more.

      Damn right! Just last week I got a letter telling me my car could have an "accident" in the near future because of "faulty parts". Well, fuck you KIA.

      --
      #DeleteFacebook
    7. Re:Bullshit by DontBeAMoran · · Score: 1

      Besides, I don't think it was them. If their missile program is any indication, they don't have hackers smart enough to execute a virtual attack even with borrowed code.

      Even if they had hackers, would they have computers for them?

      --
      #DeleteFacebook
    8. Re:Bullshit by Anonymous Coward · · Score: 1

      > If their missile program is any indication

      Their missile programme actually failed because CIA managed to infect them with a variant of the Tilde (Stuxnet) malware platform previously used against Iran's nuclear effort. For years the communists' rocket test data sets were metodically falsified and confused by the malware before Kaspersky found it. (That's why Senate got angry about Kaspersky last month.) Anyhow, it will take years for DPRK to start everything about big rocketry from sketch! This was disclosed in NY Times, I think, a few months ago. God bless America!

    9. Re:Bullshit by TheCastro1689 · · Score: 1

      They make their own Super Notes which perfectly like American money.

    10. Re:Bullshit by rabidMacBigot() · · Score: 1

      Even if they had hackers, would they have computers for them?

      They actually have their own Linux distro: https://en.wikipedia.org/wiki/...

  5. Don't believe it by campuscodi · · Score: 5, Interesting

    Recored Future is disputing WaPo's findings: https://www.recordedfuture.com...
    Furthermore, the US seems to be on a PR campaign to blame NK. Yesterday, FBI&DHS put out a report claiming that big bad NK was building a botnet. They put out 8-year-old IOCs: https://www.us-cert.gov/ncas/a...
    Someone's pushing an agenda here...

    1. Re:Don't believe it by AHuxley · · Score: 2

      Recall Marble and the language samples? It had Korean. (4/3/2017)
      https://arstechnica.com/securi...

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:Don't believe it by Anonymous Coward · · Score: 2, Insightful

      The 'agenda' is news media needing something to print.

      - look, studies come & go. Conversations about X and blaming Y happen all the time. ALL the time. But now in the immediate digital news age, if something get's released it is suddenly considered 'real and important'. In the general day-to-day stuff this is 'just another report' and even if factual, is hardly an agenda in itself. I found my wife's secret cookie stash... do I pursue it or is it just a tiny blip on the larger radar screen? I'll do something about it when & only when... I'm not allowed to have cookies myself :P

  6. This dynamic will soon change by Anonymous Coward · · Score: 4, Funny

    Dennis Rodman just gave the North Koreans a copy of The Art Of The Deal.

    1. Re:This dynamic will soon change by phantomfive · · Score: 1

      And Putin offered asylum to Comey.
      History is repeating itself as farce.

      --
      "First they came for the slanderers and i said nothing."
  7. Wow by Anonymous Coward · · Score: 1

    And there I was, thinking that maybe Bezos' money would bring back The Washington Post out of trash journalism and regain some credibility.

    How wrong I was.

  8. You know who else is linked to WannaCry? by zedaroca · · Score: 5, Insightful

    They are, the NSA, they gave away the vulnerability. They didn't warn M$ when they found the vulnerability. They didn't warn M$ as soon as their weapon was stolen.

    Of course there is no reason to believe any official statements made by them, but the least they should do in this case is to shut up.

    1. Re:You know who else is linked to WannaCry? by zedaroca · · Score: 1

      *I realize there was no official statement.

    2. Re:You know who else is linked to WannaCry? by zedaroca · · Score: 4, Informative

      “NSA identified a risk and communicated it to Microsoft, who put out an immediate patch,” Mike McNerney, a former Defense Department cybersecurity official, told the Post.

      It became public that they were stolen in August, when did they warn Microsoft? The "immediate patch" came in march, 8 months after everybody knowing about it.

  9. I trust the NSA implicitly by JoeyRox · · Score: 5, Interesting

    Why would a government agency spying on me have a reason to lie?

  10. Let me guess... by Anonymous Coward · · Score: 4, Insightful

    Oh wait, is Russia no longer the flavor of the month now that they realize the bogus claims won't stick?

    Guess it's time to shoo up a new boogey man.

  11. What would expect from Jeff Bezos by oh_my_080980980 · · Score: 1

    Washington Post, whose Amazon inked a deal with the CIA to bring their operations into the cloud. Lots of free press....

  12. BS. Microsoft knew about WannaCry 6 months prior by Anonymous Coward · · Score: 1

    Bullshit. The patches from Microsoft that fixed WannaCry were completely done and digitally signed several months before they released them, i.e. they had prior knowledge about it, most likely because NSA told them that the patches were going to be needed, and then served up a gag-order or something to the few people at Microsoft required to do this.

  13. so use potcoin and lose your rights by Joe_Dragon · · Score: 1

    dennis rodman is backed by them and now he is in NK doing stuff.

  14. I don't believe it by DaMattster · · Score: 1

    This sounds a lot like the government saying that Saddam Hussein had weapons of mass destruction when he did not. This was used to justify a war that maimed an unknown number of men and women mentally and physically. Don't you believe it.

  15. NSA should do fake leaks for stuff like this by trawg · · Score: 1

    If they want people to even pretend to take anything they have to say seriously I feel like their only option is to make a report and fake "leak" it so it feels like we got something out of them that they didn't want. I certainly don't trust this agency to tell me anything and I can't imagine many other technical people do either.

    But if I read it in on the Intercept from a leaked PDF that sends someone to jail I might!

  16. Not sure I can trust anyone but myself anymore by Rick+Schumann · · Score: 2

    As much as I think North Korea is a cancer on the face of the world, and that Kim Jong Un needs to suffer a tragic and fatal 'accident', I don't trust the CIA, NSA, or any other U.S. intelligence agency as far as I could throw them, so who knows if anything is actually true or not.

    1. Re:Not sure I can trust anyone but myself anymore by ausekilis · · Score: 1

      I'd trust anyone who could drive at 3, and win yacht races at 9. Or anyone that could write 1,500 books in 3 years while attending University. He truly is history in the making.

      His family is all sorts of incredible. There's pro-golfers that - in their first game - scored 15 points on an 18-hole course. Who wouldn't trust someone like that?

  17. I don't buy it... by PortHaven · · Score: 1

    North Korea is so backwatered technology wise. And before you start touting the "bomb", realize the "bomb" is 1950's technology.

    If you can believe, N. Korea only has 28 websites in the entire nation. Then you cannot believe they're capable of everything we conveniently blame on them.
    http://www.npr.org/sections/th...

  18. Re:If the NSA said the sky was blue by PortHaven · · Score: 1

    And likely find the sky to be black or red, but nearly any color besides blue.

    Granted, I hear NASA is trying to change the color of the sky.

  19. I do! by Picodon · · Score: 1

    They can make nuclear bombs and chemical weapons (among other things) so, regarding military technology, they’re clearly more advanced than many other countries.

    Additionally, if there is something that’s comparatively inexpensive, and does not require procuring tightly-watched materials, it’s cyber-hacking. So it’s clearly the ideal tool for a small nation with limited means, and it’s only logical that they would invest heavily into it. Not only for geopolitical purposes, but even for cash, which they try to get by any means, including criminal operations (well, they probably justify those as “moral” when conducted against the “enemy”).

    Overall, I find it entirely logical and even likely that they would jump on any actionable information released by Wikileaks (and others) and quickly exploit it. They are fascist and poor, but that does not make them dummies.

  20. Not really... by PortHaven · · Score: 1

    All of that "bomb" tech is 50-60 years old. Most other countries don't engage in the development of such as it would result in too great of economic loss for them to do so. As most other nations are not like N. Korea, already isolated and out of the international markets.