North Korea hackers behind massive WannaCry attack, White House says

Homeland Security Advisor Tom Bossert penned an op-ed Monday publicly attributing the attack, which took out systems around the world, to North Korea.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • The White House has officially blamed North Korea for the WannaCry ransomware cryptoworm that claimed hundreds of thousands of victims in 2017.
  • Homeland Security Advisor Tom Bossert has called for more accountability for such attacks, while asking leaders to work to improve cyberdefenses.

The White House has officially attributed the WannaCry ransomware attack to hackers in North Korea, according to an op-ed by Homeland Security Advisor Tom Bossert published in the Wall Street Journal on Monday.

The WannaCry cryptoworm hit hard in May 2017, claiming hundreds of thousands of victims and paralyzing the UK's National Health Service (NHS). The damage extended to the NHS "put lives at risk," Bossert wrote.

In tracing the attack back to "cyber affiliates of the North Korean government," Bossert's op-ed is further highlighting the growing risk of cyberwarfare around the globe.

SEE: Special report: Cyberwar and the future of cybersecurity (free ebook)

In his article, Bossert claims that the US government has specific evidence that implicates North Korea in the WannaCry attack. He also noted that both the UK government and private companies like Microsoft have also connected the attack to North Korea.

The increasingly connected world is ripe for attacks from hackers, and is creating new challenges for security professionals. North Korea has been taking advantage of these vulnerabilities for "more than a decade" and the nation's behavior continues to grow more reckless, Bossert wrote.

To stop such malicious behaviors from fully manifesting, Bossert said that governments must work together to hold the attackers accountable. He also said he believes that the US government should lead the effort forward, allying itself with tech companies and like-minded governments to boost security online.

Bossert went on to explain that the recent government IT modernization effort put in place by US president Donald Trump was done in part to improve security.

SEE: Network security policy (Tech Pro Research)

"We share almost all the vulnerabilities we find with developers, allowing them to create patches," Bossert wrote. "Even the American Civil Liberties Union praised him for that. He has asked that we improve our efforts to share intrusion evidence with hacking targets, from individual Americans to big businesses."

As part of imposing stricter penalties on cyberattackers, Bossert suggests prison time for convicted hackers and the governments behind them to "pay the price" for their actions. Bossert also called out the removal of Kaspersky Lab software from all government systems, sanctions imposed on Russian hackers, and charges brought against Iranian hackers that had gone after companies in the US as punishments the White House had doled out for cyberattacks.

Now, he wrote, it's time for the US to set its sights on North Korea as well.

"Mr. Trump has already pulled many levers of pressure to address North Korea's unacceptable nuclear and missile developments," Bossert wrote, "and we will continue to use our maximum pressure strategy to curb Pyongyang's ability to mount attacks, cyber or otherwise."

Also see

Image: iStockphoto/BeeBright

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox