World

Trump administration blames North Korea for WannaCry cyberattack

U.S. President Donald Trump's administration blames North Korea for a ransomware attack that infected hundreds of thousands of computers worldwide in May and crippled parts of Britain's National Health Service.

5 other countries including Canada agree, U.S. official says, 'and they join us in condemning North Korea'

White House Homeland Security adviser Tom Bossert speaks during the daily news briefing at the White House in Washington on Sept. 11. Bossert wrote in a Wall Street Journal op-ed Monday that North Korea was responsible for the WannaCry ransomware attack, which he called 'indiscriminately reckless.' (Carolyn Kaster/Associated Press)

U.S. President Donald Trump's administration blames North Korea for a ransomware attack that infected hundreds of thousands of computers worldwide in May and crippled parts of Britain's National Health Service.

Homeland Security adviser Tom Bossert wrote in a Wall Street Journal op-ed published Monday night that North Korea was "directly responsible" for the WannaCry ransomware attack and that Pyongyang will be held accountable for it.

Bossert said the administration's finding of responsibility is based on evidence and confirmed by other governments and private companies, including the United Kingdom and Microsoft.

"North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious. WannaCry was indiscriminately reckless," he wrote.

Bossert said the Trump administration will continue to use its "maximum pressure strategy to curb Pyongyang's ability to mount attacks, cyber or otherwise."

At a news conference on Tuesday, he said U.S. officials had shared their assessment with several other governments.

"The United Kingdom, Australia, Canada, New Zealand and Japan have seen our analysis, and they join us in condemning North Korea for WannaCry," Bossert said.

Britain chimes in

The WannaCry attack struck more than 150 nations in May, locking up digital documents, databases and other files and demanding a ransom for their release.

It battered Britain's National Health Service, where the cyberattack froze computers at hospitals across the country, closing emergency rooms and bringing medical treatment to a halt.

Britain joined the U.S. on Tuesday in publicly blaming Pyongyang for the ransomware incident. The U.K.'s National Cyber Security Centre had assessed it was highly likely that North Korea's Lazarus hacking group was behind the attack, the Foreign Office said.

"We condemn these actions and commit ourselves to working with all responsible states to combat destructive criminal use of cyberspace," Foreign Office Minister Tariq Ahmad said. "The indiscriminate use of the WannaCry ransomware demonstrates North Korean actors using their cyberprogram to circumvent sanctions," Ahmad said.

Employees watch electronic boards to monitor possible ransomware cyberattacks at the Korea Internet and Security Agency in Seoul on May 15. (Yun Dong-jin/Yonhap via Associated Press)

Government offices in Russia, Spain, and several other countries were also disrupted by the cyberattack, as were Asian universities, Germany's national railway and global companies such as automakers Nissan and Renault.

Stolen NSA cyberweapons

The WannaCry ransomware exploited a vulnerability in mostly older versions of Microsoft's Windows operating system. Affected computers had generally not been patched with security fixes that would have blocked the attack. Security experts, however, traced the exploitation of that weakness back to the U.S. National Security Agency. It was part of a cache of stolen NSA cyberweapons publicly released by a group of hackers known as the Shadow Brokers.

The WannaCry ransomware attack used NSA code that exploited a software vulnerability found in multiple versions of Microsoft's Windows operating system, and was known by the codename EternalBlue, according to experts. (The Associated Press)

Microsoft president Brad Smith likened the theft to "the U.S. military having some of its Tomahawk missiles stolen," and argued that intelligence agencies should disclose such vulnerabilities rather than hoarding them.

WannaCry came to a screeching halt thanks to enterprising work by a British hacker named Marcus Hutchins, who discovered that the malware's author had embedded a "kill switch" in the code. Hutchins was able to trip that switch, and the attack soon ended. In an unusual twist, Hutchins was arrested months later by the FBI during a visit to the U.S. He pleaded not guilty and now awaits trial on charges he created unrelated forms of malware.

The United States and South Korea have accused North Korea of launching a series of cyberattacks in recent years, though the North has dismissed the accusations.

Accusations from Seoul

A South Korean lawmaker in October said North Korean hackers stole highly classified military documents that include U.S.-South Korean wartime "decapitation strike" plans against the North Korean leadership. Seoul's Defence Ministry earlier said North Korea was likely behind the hacking of the Defence Integrated Data Centre, which is the military data centre where the information was kept, in September of last year. But the Defence Ministry refused to confirm the nature of the information that was compromised.

South Korea also last year accused North Korea of hacking the personal data of more than 10 million users of an online shopping site and dozens of email accounts used by government officials and journalists.

In 2014, the United States formally accused North Korea of hacking Sony Pictures Entertainment over the movie The Interview, a satirical film about a plot to assassinate North Korea's leader.

South Korea said in 2015 that North Korea had a 6,000-member cyberarmy dedicated to disrupting the South's government and military. The figure was a sharp increase from a 2013 South Korean estimate of 3,000 such specialists.

Baik Tae-hyun, spokesperson for South Korea's Unification Ministry, which deals with matters related to North Korea, said Monday that the Seoul government was examining whether the North was behind hacking attacks on a cryptocurrency exchange in June. About $7 million US in digital money was stolen in the hacks, South Korean officials said.

There's speculation in the South that North Korean hackers are possibly targeting cryptocurrency like bitcoin to evade the heavy financial sanctions imposed over the country's nuclear weapons and missiles program.

"We are monitoring the bitcoin-related issue. We believe that North Korea is currently engaging in various activities to evade sanctions and earn foreign currency," Baik said.

With files from CBC News