US government names North Korea as the source of WannaCry
Homeland security adviser Tom Bossert called the attack 'reckless.'
Donald Trump's homeland security adviser, Tom Bossert, said in a Wall Street Journal op-ed that "after careful investigation, the U.S. today publicly attributes the massive "WannaCry" cyberattack to North Korea." Coming during increasing tensions between the two countries over nuclear threats and Twitter outbursts, Bossert said this attribution is based on evidence and agrees with the findings from the UK and Microsoft.
In the op-ed we did not see traces of the evidence used to link the May attack to the "Lazarus Group" (also blamed for the Sony Pictures hacking incident) and North Korea, but the White House will reportedly follow up Tuesday with a more formal statement. While some, like Microsoft, have blamed the US government for stockpiling vulnerabilities -- the WannaCry attack used an exploit based on technology apparently stolen from the NSA -- the op-ed says:
Stopping malicious behavior like this starts with accountability. It also requires governments and businesses to cooperate to mitigate cyber risk and increase the cost to hackers. The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet.
Bossert also called the attack reckless, while Reuters cites a "senior administration official" who declined to comment on whether or not the US believes it was a deliberate attack or accidental. So what happens now? According to the piece, the Trump administration "will continue to use our maximum pressure strategy to curb Pyongyang's ability to mount attacks, cyber or otherwise."
Update (12/21): The Democratic People's Republic of Korea has responded, calling the accusation "a grave political provocation by the U.S. aimed at inducing the international society into a confrontation against the DPRK by tarnishing the image of the dignified country and demonizing it."
