UK, US govt and pals on WannaCry culprit: It woz the Norks wot done it UK Foreign Office Minister Lord Ahmad of Wimbledon today claimed North Korea was behind the WannaCry ransomware incident. He joins the US government, Canada, Australia, New Zealand, Japan, Microsoft, Google, Kaspersky, Symantec, FireEye, and others, in blaming Kim Jong-un's hackers for unleashing WannaCry on the world. Uncle …
Its a little more obvious when Zeroes bomb your harbor who is responsible than when you're hacked. You pretty much had to take your government's word for it that the IRA was responsible for a given bombing in the past, or that Al Qaeda or ISIS is responsible for one today. Even if they claim responsibility (how hard is it to "plant" a claim of responsibility in ISIS' name, after all?)
I have no idea if the Norks were responsible or not (though ransomware seems like it would fit their MO, given their need for funds that can bypass all the banking sanctions) but even if they released every bit of intelligence that makes them believe the Norks are responsible you could still say "what if it was the Russians | Chinese | Iranians | Americans | Israelis | French | IRA | Welsh | 400 lb hacker sitting on Trump's bed that was actually responsible and they just faked the evidence to make it look like the Norks?"
".....No mention of the impact being severe due to unpatched machines being publicly exposed?....." Yeah, and people that don't have bars on all their windows are totally to blame when their houses get burgled? And if someone gets stabbed by a mugger it must be their own fault for not wearing a full set of plate armour every time they leave the house? What's next, you're going to accuse women that don't go out in a burka of asking to be raped?
"Yeah, and people that don't have bars on all their windows are totally to blame when their houses get burgled?"
No. Having "unpatched machines being publicly exposed" is more analogous to having unprotected sex with every lady (or man) of negotiable affection down at the docks. How long would you expect to last before getting a dose of galloping knob-rot?
"Bollocks. You are excusing criminals."
So you think that a large professional organisation that uses IT has no obligation to take some care of its own system security?
I take it you would be happy to see banks store your money in a cardboard box under the counter?
No problem with leaving your keys in your car overnight?
Better if airports did nothing to check passengers or luggage boarding the plane you are due to fly on?
I believe the problem there, with the NHS, wasn't so much the DPRK ransomware but the fact that the NHS's IT was a bit lacking. It's a bit like building a hospital next to a river and using water from the river as potable, then blaming the factory up the road because of the nasty chemicals in the water, rather than blaming the hospital for using a dodgy water supply.
If the NHS had followed best security practices, there wouldn't have been a problem. It's just easier to blame the big bad NK Bogeyman than it is to blame failure of the UK government.
Or blaming a hospital for starting open-heart surgery in the middle of a hurricane knowing that you didn't pay for the backup generator
Sort-a. You are mistaking "middle of hurricane" with "agents of foreign country blowing up the power supply". Now, if you had a backup generator that would have helped. Or maybe not - it can be blown up too.
The stupid part is elsewhere. The rule of thumb when dealing with lunatics is "if you are not going to act on it, keep your mouth shut". Empty talk only makes them do it again.
In fact, from this perspective, we have LOTS to learn from both Russian and the French. They are significantly more restrained on the talking front and significantly less restrained on the "deploy marines backed up by an aircraft carrier and execute the little shit on the spot" front.
Oh sorry, forgot. We do not have a viable aircraft carrier, do we? We have a leaky tin can which has no planes to fly from it. Oh well, how fortunate. We can continue empty posturing then I guess. It is easier when you have an excuse for not putting your money where your mouth is.
The rule of thumb when dealing with lunatics is "if you are not going to act on it, keep your mouth shut".
I was always told that when dealing with lunatics, you have be a bigger lunatic to keep them in line. Maybe the US and UK have it right... bigger lunatics? The NORKs do have one who's in the running for Lunatic of the Year, however.
"....Russian and the French. They are significantly more restrained on the talking front and significantly less restrained on the "deploy marines backed up by an aircraft carrier and execute the little shit on the spot" front....." Yeah, I think you need to do a lot more reading on actual historical sites and less on IndyMedia. I'm surprised you forgot about the French bombing of the Rainbow Warrior, or is that too old for today's millennial snowflakes? Have you forgotten about the recent French lead on Libya already? You could start improving your historical knowledge by looking up the French history in Algeria and the Soviet adventures in Afghanistan. France is still sticking it's imperial oar in with previous colonies like the Lebanon and Africa states like Mali, and Putin seems to have every interest in returning the Middle East to the days when Arab states were split into those friendly to the West and those in the Soviet sphere.
"What you are doing is a lot like blaming a mugging victim for not knowing karate."
No, more a case of a shop assistant carrying large wads in cash in clear plastic bags, and without any disguise or protection, to the bank every day. Of course they *should* not be robbed, but if they were you could not help but think it was partly due to a rather lax and careless attitude to security.
And then you (or the insurers, assuming they had any) would be asking the shop owner serious questions about their risk assessment and practices...
"Since it impacted the NHS in a big way is it akin to dropping a bomb on a hospital? An attack against civilians?"
The implication of your question, and almost certainly the way the gubmint will paint it, is that it was a carefully orchestrated and targeted attack against our most precious institution, the NHS, for which we will not stand. (Cue patriotic headlines, music, and "boots on the ground").
Of course, no mention will be made of the idea that this was less a "Cyberattack" and more like "ransomware chucked out by an unknown actor in an attempt to get some cash from suckers just like the other myriad attacks each year but this one happened to get onto some NHS laptop and got plugged into a network and shared by a user accidentally."
Nope. Cyberattack. Against hospitals. Bastards. Go America! We're with you! (something, something, special relationship.)
> it was a carefully orchestrated and targeted attack against our most precious institution, the NHS, for which we will not stand
Still a drop in the ocean of tears compared to Jeremy Hunt - maybe GBHQ could run an extensive analysis to rule out the possibility he's being operated remotely by Little Ming.
>The implication of your question, and almost certainly the way the gubmint will paint it, is that it was a carefully orchestrated and targeted attack against our most precious institution, the NHS, for which we will not stand.
There is a criminal principle that a perpetrator must take responsibility of the results of his crime - whether or not he intended it.
For this reason, arson has long been treated as if it were murder (because an arsonist could not know whether anyone might be killed by their fire). When we still had the option, arson was a capital crime.
Someday, someone will die because of a hack (may already have happened) - and commentards crowing that the security should've been better will do little to comfort the deceased's family.
Indiscriminate malware isn't just a nuisance - it's a serious crime.
"Indiscriminate malware isn't just a nuisance - it's a serious crime"
Agreed, but my concern here is that its a prime piece of news that can be manipulated to fit political agenda very easily; propaganda time. i.e. It lines us up against North Korea alongside Trump and Co., it suits the governments clear anti-internet freedom agenda, and it maintains the "fear factor" as the spectre of ISIS is just starting to diminish.
Too easy for the PtB to ignore the reality of malware that you and I deal with in our professions in favour of spin.
Article quote: The decision to publicly attribute this incident sends a clear message that the UK and its allies will not tolerate malicious cyber activity, the Foreign Office said.
You are not alone here. My first thought was also: Since it impacted the NHS in a big way is it akin to dropping a bomb on a hospital? An attack against civilians? Don't people usualy go to war over stuff like that?
The Foreign office reaction is a first degree idiocy. If you attribute what is a WAR CRIME AGAINST OUR CIVILLIANS to a FOREIGN STATE and YOU CAN PROVE it, that is a valid casus belli to start a war. You can even get the Security Council to agree on it. The Chinese Ambassador is not Nicky Halley and if the proof is irrefutable will most likely abstain. Now, the fact that we cannot even scrape 3 ships worth of an expeditionary force with zero aircraft is a different story, but let's not get there shall we?
If you cannot provide a proper response to a foreign state against an aggression against a civilian hospital on our soil, shut the f*** up and do not attribute it to them. Especially if you happen to be a nuclear power. This is the worst of all possible options - you show you have no teeth and you give a precedent where we do fuck all after someone has attacked civilians and out of all places a hospital.
While previous gems by the hair-disorganized quasi-idiot could be laughed at as most of them did not have possible consequences in the form of a bodycount, this one isn't. He should be sacked (in fact that will be too kind for him).
This bit:
"The decision to publicly attribute this incident sends a clear message that the UK and its allies will not tolerate malicious cyber activity, the Foreign Office said."
Bollocks.
You are making this announcement because you *know* Trump is going to blab it. Full stop. End of story.
You've realised you'll look daft if you simply nod and agree with him after the fact, and even worse if you get into a public spat over Yes it was/No it wasn't.
"You are making this announcement because you *know* Trump is going to blab it. Full stop. End of story."
Or the story is far more scary than what they used when Saddam had his weapons of mass destruction and we were all 45 minutes away from death.
That turned out to be bollocks too.
The article quotes him as saying 'highly likely' which is different from confirming they did it.
A bit like America's 'high confidence' of weapons of mass destruction in Iraq.
So they are not 100% sure but they are making a statement now that sounds like they are, as the political timing is right due to action they want to take towards NK.
This post has been deleted by its author
Even as early heat-maps of the strikes came in, it made no sense Pyongyang would have been responsible: Russia was hit first (then heavily later) then the Ukraine, then Europe massively and quite a lot of China. The U.S. was moderately or even lightly hit.
Why on earth would Kim pick on China and Russia?
"We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace."
How about you start patching those systems up? And putting some firewall between them and the wild internet?A little bit of defence-in-depth haven't harmed anyone...
Thought it was the Ruskies. Could you just pick one bad guy please?
But the Norks don't have sell anything the Muricans will want to do in house. Not like Kasperski.
They're not just looking for random enemy to continue the perpetual war as a distraction from Trumps dementia, and excessive state control of populations are they
WANNACRY wasn't "ransomware". In ransomware you can pay money and get your data back.
There wasn't any mechanism for this to work in WANNACRY and nobody is known to have paid (and some did) and got their data back.
Also, any attribution is based on a tiny code snippet that was also seen in a previous piece of code supposedly from "Lazarus" who are supposedly Norks.
Given that the code from which the snippet came from had been previously widely seen, why would that prove anything? Everyone from hard core black hats to skiddies copy and paste code from all over and thats before you even start to consider a false flag operation by another nation state.
There is also a lot more interesting aspects of WANNACRY if you go digging....
But anyway, typical stupid UK government BS powered by both stupidity and a desire to twist the facts to support other agendas.
WANNACRY wasn't "ransomware". In ransomware you can pay money and get your data back.
Not necessarily. The reality is: "You pay your money and you pray you get your data back". It is a basic hostage situation, just your data instead of your daughter. Sounds similar, possibilities of getting something back are similar, but spelled differently.
I personally blame the NSA. If they leave their cyber nukes lying about for anyone to steal, they are really the ones to blame should someone use them.
Still not seen any real proof North Korea behind it, but North Korea and Russia are the current bogeymen, so it has to be one of them. US Military got to keep getting their funding somehow, need an enemy to fight.
Which is it? Are the Norks backward barbarians living in the past, or are they a sophisticated enemy undermining the great western values?
I suspect that everything is vastly oversimplified to achieve the goal de jour. So Sony is hacked - we find a lame excuse that it is because of a lame film which bombed that provoked it. No WannaCry showed that there are lots and lots of lazy sysadmins out there, but we want an excuse to hit the Norks harder.
The timing of this attribution is also interesting - is it because there hasn't been anything flying lately and the military needs to keep the Norks in the news?
Which is it? Are the Norks backward barbarians living in the past, or are they a sophisticated enemy undermining the great western values?
I think it depends on if your country wants to invade them or not. If you do want to invade then the Norks are a sophisticated enemy. If you don't, then they are just backwards barbarians whose people we should pity.
Yeah, I always get confused by this.
On the one hand, it's a backward little shithole with the population of Afghanistan, a GDP that's less than half the UK defence budget, and fewer IP addresses than Market Harborough.
On the other hand, it's a sinister unstoppable power capable of standing off the entire US, and striking with impunity at NATO countries who can do nothing, nothing I tell you, to stop them.
Seriously, when I wor' a lad we had the Soviet Union to worry about. There, at least, was an enemy that could credibly be talked up to those sorts of levels of paranoia. But North Korea? Something is badly wrong with this picture.
If it is true, then what that tells us is that defence (and national security) budgets are a complete waste of money. If we can't even stop North feckin' Korea from attacking us, then what the hell use is all this hardware we spend so much on?
It can be both. Clearly they've got a fairly well established and high tech "making big bangs" industry and at the same time a general population living in poverty.
They can have a "high tech" script kiddie industry too, or even a few hundred well motivated bright programmers. You've got to admit, if you were in NK and it was a choice between labour camp leading to death and malware author you'd pick the latter, so they'll have the brightest and best out of 25 million people.
Used tech grabbed from the NSA, most of the damage was done to countries which are friendly to NK.
This is, in my opinion, an attempt to offer those countries an excuse to change their stance and join the cool kids stomping on Kim Jong Fuckface.
He does deserve a stomping, I'm just not convinced that this is another reason.
AC because I called fatboy a rude name.
I thought the Russians did it using leaked NSA "security" tools?
https://www.forbes.com/sites/thomasbrewster/2017/04/26/shadow-brokers-leaked-nsa-cyber-tools-become-weapons-of-american-enemies/#1b6ba06b1924
Actually, nevermind. This whole thing stinks of a desire by the powers that be to start yet another war by bombing the North Koreans.
When Governments or Government Agencies point at the usual suspects or some other group, country or otherwise scapegoatable entity over some issue or event, it's usually to distract while they wash the blood off, scrub out the car and dump it somewhere....
This post has been deleted by its author
and commit ourselves to working with all responsible states to combat destructive criminal use of cyber space."
That sort of use of cyberspace is the domain of the UN security council members only. No one else is allowed. Just like the nuke issue really, he thought to himself.
with all the people in government with history degrees, that none of them appear to have realised that if you declare war on a country, and yes, economic war is war, funnily enough the other side tends to fight back. Often, not on the playing field you are on. Usually, not by the same rules as you are playing by.
Boxing a country into a corner until it has no options but to lash out violently often doesn't end well either.
The only lesson we learn from history is that we learn nothing from history...
"The decision to publicly attribute this software nasty to North Korea sends a clear message that the UK and its allies will not tolerate malicious cyber activity, Blighty's Foreign Office thundered."
....and to show how angry we are we've sent a strongly worded letter, via social media, which will stop any repeat.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
