
The NSA has linked the WannaCry computer worm to North Korea - josephorjoe
https://www.washingtonpost.com/world/national-security/the-nsa-has-linked-the-wannacry-computer-worm-to-north-korea/2017/06/14/101395a2-508e-11e7-be25-3a519335381c_story.html
======
rsync
The only rational response to this is deep, deep skepticism.

In the old days of the USSR, while very difficult, it was at least conceivable
that you could _just fly to moscow and see_ if they were eating their children
there or burning priests or god knows whatever else.

There was a natural limit to the deception that could occur _and further_ a
normal person could make conclusions about the things they saw with their own
eyes.

Now, the enemy that "we have always been at war with" is a completely isolated
(and economically trivial) state that virtually nobody travels to and who is
attacking us with secret cyber weapons that only a domain expert with highly
specialized experience could even recognize, much less qualify.

And the people that are telling us are those same people that are, or are not,
secretly recording all of our conversations.

There's not one little thing there you could take at face value.

~~~
finolex1
I share your skepticism as well, but I wouldn't be too dismissive of North
Korean Cyber capabilities either. They do have a specialized cyber warfare
unit, handpick and train their soldiers extremely intensively
([https://www.theguardian.com/technology/2014/dec/02/north-
kor...](https://www.theguardian.com/technology/2014/dec/02/north-korea-hack-
sony-pictures-brad-pitt-fury)). Their performances in other international
competitions, like the International Math Olympiad ([https://www.imo-
official.org/country_team_r.aspx?code=PRK](https://www.imo-
official.org/country_team_r.aspx?code=PRK)), also indicates that they have the
ability to do so if they wish to.

Developing cyberwarfare capabilities seems like a relatively low cost
(compared to developing ballistic missiles at least), low risk investment,
with a potentially large payoff, so I would be surprised if they didn't try to
develop these skills.

Of course, all evidence tying N.Korea to this specific attack is
circumstantial and almost impossible to definitively prove unless they admit
it and show proof themselves.

~~~
sametmax
For that you need intellectuals, and the NK systems killed most of them, and
is not tuned to produce new ones. It's very hard to destroy criticism and grow
people who can think.

~~~
ForHackernews
What make you think you need intellectuals to develop technical exploits?

~~~
sametmax
Because it requires a brain. A drone can't do it.

~~~
ForHackernews
Do you really think that technical proficiency requires "intellectualism" as
it's normally understood? Because I sure don't. How many developers have you
known who were extremely fascinated by the narrow details of a technical
problem, and utterly uninterested in the wider application and impact of their
work? I've worked with more than a few who fit that description.

~~~
sametmax
Intellectual just mean people that use their intellect a lot. It's not limited
to debating and philosophy. And mathematician is an intellectual.

And yes, somebody who has the skill to craft a very low level yet highly
flexible malware requires skill that goes beyong copy/paste from
stackoverflow.

------
openasocket
OK, so I know this is going to come up in the comments, but this is not
remotely a baseless allegation. The Lazarus group (one of the names for the
DPRK-associated APT group) is somewhat well known and is quite sophisticated.
This is the same group that hacked Sony a few years back. And to preempt
people who are going to chime in with "Sony was just some insider leaking
data" there is extensive evidence showing it was the work of a previously
unidentified APT group. See here: [https://www.operationblockbuster.com/wp-
content/uploads/2016...](https://www.operationblockbuster.com/wp-
content/uploads/2016/02/Operation-Blockbuster-Report.pdf)

I can't comment about specifics linking WannaCry to the Lazarus group, but
that seems to be the consensus in the security community.

DISCLAIMER: I worked with the people who wrote that report

~~~
cottsak
It's not been fully confirmed/established that Lazarus group == DPRK: see
"false flag" from Kaspersky researchers
[https://www.wired.com/2017/05/wannacry-ransomware-link-
suspe...](https://www.wired.com/2017/05/wannacry-ransomware-link-suspected-
north-korean-hackers/)

~~~
mc32
Yeah, I don't know. People tend to believe the narrative story they want to
believe. When someone claims "the Russians" hacked the DNC and other
operatives, there is very little "false flag" ("how do you know it really was
the Russians?") claims (and for good reason), but when something does not fit
their belief systems then it's "oh, false flag" despite reputable researchers
putting their reputation on the line.

~~~
losteric
It's about broader context, or a lack thereof.

The DNC hack is self-consistent and aligned with known motives of suspected
actors, so the public sees a false flag as possible but improbable. WannaCry
came seemingly out of nowhere using a mixed bag of tricks from unfamiliar
actors... absent context, the public will entertain any explanation.

~~~
mc32
That's a logical and plausible explanation for rational thinkers --I don't
think I'm going out on a limb saying if it fit people's narrative preference,
they'd say that "it fit too well", how can the Russians, so capable, leave so
obvious trails, it must have been the Ukranians (or some other realistically
unlikely but fitting a narrative).

The N Korea thing was the same even under Obama (the Sony hack) people wanted
to believe the US was just trying to make the N Koreans "look bad" or create
excuses for something (as if N KOrea needed any help in that regard).

------
sillysaurus3
_Though the hackers raised $140,000 in bitcoin, a form of digital currency, so
far they have not cashed it in, the analysts said. That is likely because an
operational error has made the transactions easy to track, including by law
enforcement.

As a result, no online currency exchange will touch it, said Jake Williams,
founder of Rendition Infosec, a cybersecurity firm. “This is like knowingly
taking tainted bills from a bank robbery,” he said._

Could anyone give some more details about this?

Does a trustworthy bitcoin mixer exist? Would the attackers be able to use it
to launder the coins?

EDIT: Does anyone know anything about the operational error mentioned in the
article?

The coins are easy to track, but that's the default for bitcoin. Mixing the
coins should restore anonymity in most cases, right? And at that point it
would be possible to move the coins back to an exchange, or sell them on
localbitcoins.

On the other hand, have the exchanges blacklisted most of the large mixers? It
seems like it should be theoretically possible to track whether coins have
been mixed. Then exchanges could simply close any account that receives
significant sums of tumbled coins.

~~~
tuna-piano
I don't understand. Isn't the point of bitcoin that it doesn't need a central
authority?

If Bitcoin has evolved to the point where you need to have currency exchanges
that act just like banks... what's the point?

~~~
artursapek
It is more accurate to say that the point of Bitcoin is everyone has perfect
information about how much money everyone has and who they transact with. The
hackers are free to send the stolen money to someone else with no central
authority to stop them, but an exchange is likely to reject that because they
deal with fiat and therefore have to meet certain legal and ethical standards.

The hackers can still spend the money on something else provided the other
party doesn't hold themselves to the same standards.

~~~
hellbanner
"likely to reject" \-- I haven't seen any history of exchanges stopping
_specific_ withdrawals for certain coins.

------
carvalho
Of note: The Shadow Brokers hinted at the same thing a few weeks back.

"In May, No dumps, theshadowbrokers is eating popcorn and watching "Your
Fired" and WannaCry. Is being very strange behavior for crimeware? Killswitch?
Crimeware is caring about target country? The oracle is telling
theshadowbrokers North Korea is being responsible for the global cyber attack
Wanna Cry. Nukes and cyber attacks, America has to go to war, no other
choices! (Sarcasm) No new ZeroDays."

~~~
qeternity
Do you have a link for this? Where are they releasing these comms?

~~~
wila
at steemit.

see: [https://steemit.com/shadowbrokers/@theshadowbrokers/oh-
lordy...](https://steemit.com/shadowbrokers/@theshadowbrokers/oh-lordy-comey-
wanna-cry-edition)

------
cmiles74
I am not at all impressed with this article, it strikes me as another piece
that simply summarizes information leaked by the US government or someone at
one of the intelligence organizations.

They say "the NSA has linked the North Korean government..." then tell us the
assessment was not made public, that it is inconclusive, and that the NSA has
declined to comment. "One agency..." supposedly has a "building block for this
assessment but they are not named. I understand that the government would like
to protect their sources, but I don't think we should simply take them at
their word. In my opinion, this piece is doing exactly that. What little
concrete data I've managed to gather is all circumstantial, I've seen nothing
that point to any sort of technical "smoking gun".

Maybe I am paranoid, but my concern is that this finger pointing at foreign
governments does nothing but generate fear. When the legislature finally
introduces a bill to defeat encryption across the board, they'll have
widespread support and everyone who argues against it will be painted as some
kind of imbecile. All of the sudden, the largest tech companies in the country
will be accused of wanting to aid and abet North Korea and Russia.

And security doesn't materially improve. The assessment Reality Winner
released isn't much better than these articles, but at least it's more
straightforward and the means to the end were clearly disclosed. Yet no one is
talking about putting training in place at the companies involved (to defeat
phishing or social engineering attacks via phone or email) or source code
audits (even private is better than nothing). It's infuriating.

------
joshfraser
It's ~impossible to prove who's behind any attack these days given code-reuse,
false flags & TOR. Anyone who claims to be able to do it reliably, is
bullshitting you and likely has an agenda.

~~~
intern4tional
Not really. Very few attacks dedicate enough effort to evasion or anti-
forensics to be completely untraceable.

There are plenty of things that get reused such as public keys that can be
reliably tied to a group. There are also many private indicators that are not
released to the general public Discovering who funds that group or where they
operate from can be tougher, but APT groups are trackable.

~~~
3131s
Re-using a public key seems like an incredibly basic mistake.

How is the chain of custody for digital evidence handled by intelligence
agencies and 3rd party researchers? Are there higher standards with regard to
digital evidence? It seems to me that with digital evidence, ultimately you at
least have to trust the investigatory agency at hand. But we're past that,
because a huge number of Americans like myself will never trust any
information from the US government.

------
throwaway-1209
The job of NSA is getting easier by the day. Blame it on the boogeyman du jour
and have the media present it to the masses as ironclad evidence. What
happened to the actual, you know, national security? You can't have it without
working on preventive measures. How about we start with something tangible,
like government infrastructure, power grid, etc, and make them darn near
impenetrable. Think you could do that, NSA?

~~~
shitlord
> Blame it on the boogeyman du jour and have the media present it to the
> masses as ironclad evidence

It says right in the article that the assessment was "issued internally last
week and has not been made public". Until it's made public, it's unreasonable
to expect them to provide evidence.

> government infrastructure That's not really their responsibility

> power grid That's the private sector's job. Congress has to yell at the
> industry to get them to do it[1]. Yet they still fail [2].

I don't trust the NSA either, but come on, be reasonable. If everyone just
rambled incoherently, they would overshadow the legitimate complaints.

[1]: [http://www.nextgov.com/cybersecurity/2008/05/hill-
regulatory...](http://www.nextgov.com/cybersecurity/2008/05/hill-regulatory-
groups-fail-to-protect-power-grid-from-cyberattacks/42098/) [2]:
[http://thehill.com/policy/cybersecurity/261310-congress-
stru...](http://thehill.com/policy/cybersecurity/261310-congress-struggles-to-
secure-power-grid)

~~~
throwaway-1209
It has been "made public", since we, the public, are talking about it here. If
it was some BS government agency, I'd assume the leak wasn't intentional, but
with NSA I choose to assume otherwise, for obvious reasons.

>> that's not their responsibility

Then what the fuck are my taxes paying for? Weaponized zero days that leak out
from there on a regular basis? Mass wiretapping? Undermining democratically
elected government?

------
blitmap
I don't want to write off everyone working for the NSA as liars, but NK seems
like a good scapegoat. Why would we believe anything the NSA says/reports?
They took our trust with our privacy.

------
iffe_closure
Maybe I'm old fashioned but I take any hacking blame from gov to gov as likely
propaganda.

~~~
threeseed
The idea that the US needs to actively spread propaganda about North Korea is
pretty ridiculous. You are aware that they have been sending missiles on a
regular basis and inviting criticism from pretty much everyone.

Who exactly is pro-North Korea that the US is trying to sway ?

~~~
claytonjy
While I don't think this is the case here, specifically, propaganda isn't
always about swaying people from anti- to pro-; it could be for swaying people
from "they are bad, but not that dangerous" to "they are dangerous enough that
we should intervene with force"

~~~
1001101
Right. Watching the Noam Chomsky documentary, Manufacturing Consent, on
YouTube really opened my eyes to this phenomena. Based on what I have observed
recently, I think the decision was made some time ago on this, and we're being
told what to think.

~~~
mc32
It's good to be skeptical but I think when you have preponderance of evidence
in one way, it's not unreasonable to reach a conclusion. Remember Noam was the
same guy who for political reasons did not want to believe Pol Pot was mowing
through millions despite large amounts of information filtering out of the
country corroborating the atrocities others claimed were taking place.

Additionally, there is no need to "manufacture consent" as only a very small
minority would object to any action against N Korea at this point in time.

~~~
1001101
Did people think highly of Saddam in 2003?

~~~
mc32
There was lots of skepticism but in the end because of lack of good humint a
lot of weight was placed on his behavior (his continued pretense/bluffing for
the purpose of not disclosing weakness to Iran), the international community
with the US at the lead reached a faulty conclusion.

With regard to DPRK S Korea has great humint and we have multiple defectors
corroborating each other (whereas Iraq there was basically one guy feeding
intelligence services lies) so I would say it's not the same.

In addition, the regime provides all the evidence necessary (not just boastful
claims) we sample the atmosphere as well as have seismometers corroborating
their claims of nuclear development. There is no question as toward their
progress nor their intentions.

~~~
mythrwy
"the international community with the US at the lead reached a faulty
conclusion"

Mistakes can happen and be forgiven but deception is seldom forgotten. It
didn't go down quite so innocently as you portray. It appears painfully
obvious that there were/are many parties with economic and other interests who
were behind what turned into a giant expensive catastrophe and killed hundreds
of thousands. No one has even been reprimanded much less punished. A lot of
them are still around trying to beat war drums for Syria. Trust was broken.
The effects of that will go on for a long time and they aren't good.

re. North Korea "There is no question as toward their progress nor their
intentions."

Fully agree. Very much unlike Iraq (or even less Iran and Syria) NK is truly
dangerous and leaving them to continue their present course doesn't seem wise.

Supporting almost no military adventures the US has engaged in over the last
30 years I would fully support any action necessary against NK. But hopefully
it doesn't come to that.

It's a shame someone has been calling wolf every few years for economic gains
and now when a real wolf is at the door lots of people won't listen. Look at
the comments on this thread. People don't trust. And with very good reason.
But in the case of NK I think they are mistaken. If there is a place a germ or
technology comes out of that kills half the globe it will be there. ISIS are a
bunch of circus clowns in comparison.

~~~
mc32
There is lots of blame to go around with re Iraq. Our intelligence, Saddam
himself (calling a bluff he could not possibly win, the cat-mouse game, in
addition to just being a tyrant), opposition, Shiites, many western countries
(but curiously Russia opposed) etc.

It may not seem like it from the way I write, but I was utterly devastated
when the congress approved the plans. But I take one incident at a time. I try
not to color unrelated things.

------
zabana
lol yeah, the whole "It's the
<russians|iranians|chinese|koreans|syrians|insert nation we desperately want
to destroy because they don't subscribe to our bellicist agenda>" is getting
very boring very quickly.

------
fdsfdsfs
And why should we believe in the NSA this time?

A scalded cat knows better than to dip its paw in hot fudge again.

~~~
pfisch
Remind me what past incident you are referring to.

~~~
natch
There's that little part where they claim to be dedicated to helping keep our
information systems secure, while they simultaneously stockpile zero day
exploits and work behind the scenes to subvert and weaken encryption
practices.

~~~
SomeStupidPoint
The NSA has always been a mix of offense and defense.

You can argue that balance has tilted inappropriately in recent times (I do),
but that's different from any sort of indication they'd misattribute something
like this.

------
hoodoof
Hard to see how deep technical talent can develop in a country that has six or
so web hosts.

~~~
kbart
A lot of smart North Koreans study abroad, especially in China. There are
smart people all over the world, don't underestimate them just because they
were born in some awkward country.

------
didibus
1) It saddens me that a nuclear bomb in the hand of a dictator basically means
that no one will come help you out. The revolution has to come on the inside.
Many dictatorship or empire might still be standing had they had their hand on
one.

2) For a country so isolated and brainwashed, how can they train and develop
the talent needed for complex hack like that? It seems it would require quite
a complete education system. Does NK have a full proper education system?

~~~
kbart
It's not nuclear bomb that is the biggest concern in Korea conflict (as of
now, North Korea's nuclear capabilities are more of show-off kind, not real,
tactical threat), but the insane numbers of conventional artillery in range of
Seoul(0) that can turn it to rubble in few hours in case of war.

0\. [http://www.dailykos.com/story/2017/4/25/1656090/-North-
Korea...](http://www.dailykos.com/story/2017/4/25/1656090/-North-Korean-
artillery-and-the-concept-of-flattening-Seoul-a-breakdown)

------
pqdbr
If this checks out, it's very surprising. I would assume they wouldn't have
the skills for pulling out something so massive like this.

~~~
booleandilemma
Basing your malware on a tool leaked from the NSA probably makes it easier.

[https://en.m.wikipedia.org/wiki/EternalBlue](https://en.m.wikipedia.org/wiki/EternalBlue)

------
jlgaddis
The NSA has lost all credibility, as far as I am concerned.

~~~
threeseed
And this is based on what, exactly ?

If you're going to make hyperbolic statements maybe some clarifications would
be useful.

~~~
clouddrover
> _And this is based on what, exactly ?_

The NSA developed the exploits that WannaCry was based on. The NSA lost
control of its weapon (EternalBlue) in the Shadow Brokers leak and the world
suffered economic damage as a consequence.

The NSA doesn't seem interested in switching to a more defensive role where
they will inform software makers of the security problems they find. Instead
they seem intent on maintaining offensive capability by seeking out,
cataloging, exploiting, weaponizing, and keeping silent about the software
security flaws they discover.

~~~
jonnybgood
To be fair, the NSA was never given the mission to take on that defensive role
you state. Their mission includes the defense of classified systems. Defense
of any other systems is not their responsibility.

The offensive capability you state is part of their mission and is what NSA
was created for.

~~~
clouddrover
> _The NSA was never given the mission to take on that defensive role you
> state._

It's both. James Clapper
([https://en.wikipedia.org/wiki/James_Clapper](https://en.wikipedia.org/wiki/James_Clapper)),
former director of national intelligence, says the NSA has a review process to
decide whether or not to disclose vulnerabilities to software vendors. Nothing
in their mission prevents them from doing it. They're choosing not to do it.

Look at the slogan on the NSA's website
([https://www.nsa.gov/](https://www.nsa.gov/)): "Defending our Nation.
Securing the Future". It's difficult to say with a straight face that they are
defending the nation when they are willingly leaving domestic networks open to
attack from zero days.

The NSA says ([https://www.nsa.gov/what-we-do/](https://www.nsa.gov/what-we-
do/)) national decision makers "Must be able to outmaneuver those who would do
us harm in cyberspace." How are you outmaneuvering anyone when you allow
systems to remain open to harm?

~~~
anigbrowl
Strategically there is sometimes advantage in not letting the enemy know what
you know (how you define enemy is another question, but it's reasonable to
observe that we have antagonistic relationships with some countries). The
alternative is a siege mentality. If you systematically throw up defences ASAP
every time you discover a vulnerability, and an enemy discovers a
vulnerability but does observe any defensive preparations, the enemy now knows
that they have an operational advantage over you and is incentivized to deploy
it for maximum effect.

Obviously this is only a thumbnail sketch rather than an exhaustive
exploration of strategy. But it's a subject I read and think about a good
deal. Pretty much every military thinker through history has emphasized the
value of surprise and the ability to set the tempo of battle.

~~~
anigbrowl
I just noticed that the last sentence in the first paragraph above should read
"but does _not_ observe any defensive preparations". sorry about that.

------
cm2187
I wonder where hacking becomes an act of war vs a mere annoyance. Where is the
red line? Shutting down a power plant? Shutting down hospitals? Disrupting a
nuclear weapon factory? Any of these, if done with conventional weapons, would
clearly constitute an act of war. But it seems that no one seems ready to take
any action even when the aggressor is clearly identified.

One could argue: great, it means less wars, let's not overreact over a few
bits flipped in a machine. I'd argue the contrary. If countries do not respond
militarily to hacking aggressions, it will only make them escalate with
increasingly serious consequences (disrupting hospitals to me is already a
pretty severe consequence). There needs to be some form of accountability.

------
davidgerard
> As a result, no online currency exchange will touch it, said Jake Williams,
> founder of Rendition Infosec, a cybersecurity firm. “This is like knowingly
> taking tainted bills from a bank robbery,” he said.

This is incorrect - crypto exchanges have had no problem cashing in bags of
dyed notes before, _e.g._ the coins from the Bitfinex hack. They really just
do not care.

------
marcosdumay
I wonder why it's always North Korea. Is there no other private or
governmental hacker group on the world?

~~~
Buge
You clearly haven't been following the front page of hacker news.

From yesterday: Russia hacking US elections
[https://news.ycombinator.com/item?id=14547091](https://news.ycombinator.com/item?id=14547091)

From 2 days ago: Russian government hacking Ukranian power grid
[https://news.ycombinator.com/item?id=14537138](https://news.ycombinator.com/item?id=14537138)

From 7 days ago: Russian government Turla group using satellites to hack other
governments and pharmaceutical companies
[https://news.ycombinator.com/item?id=14503230](https://news.ycombinator.com/item?id=14503230)

------
dsfyu404ed
While any sort of attribution claim should be taken with a lot of skepticism I
wouldn't at all be surprised if it was NK. They routinely engage in behavior
that keeps the region from getting too stable. The asymmetric nature of cyber-
warfare is a perfect fit for them.

------
bogomipz
I'm sure Dennis Rodman will get to the bottom of this:

[http://time.com/4817638/north-korea-otto-warmbier-kim-
jong-u...](http://time.com/4817638/north-korea-otto-warmbier-kim-jong-un-
dennis-rodman/)

------
fdik
It is so incredibly stupid that some people actually buy such bullshit, that
I'm impressed from the makers of this propaganda. I never could assume total
idiocy in my fellow human beings, but I stand corrected.

Chapeau!

------
alexeiz
Bullcrap. Another made-up story from WaPo based on anonymous sources and
internal leaks. The NSA has not confirmed anything from this story.

------
edmanet
We're are in an Orwellian decade.

------
poland2
people create a tool to solve problem, but he could not solve the problem
which created by the tool

~~~
anigbrowl
See: guns, explosive, pretty much any weapon in history :-/

------
mtgx
When in doubt, blame North Korea?

------
vectorEQ
and we beleive what they say :D because they are always filled with truth and
honesty@!

------
rdxm
lol...at some point there will have to be some type of specifc discussion on
null-routing that shit-hole of a country...

~~~
Buge
And then they use a Chinese VPN.

You can't stop a nation state with by geoblocking.

~~~
rdxm
heh, of course you are correct. i was using "null-routing" in a more borad
methaphorical sense, in a weak attempt at humor.

Norks are China's useful idiots so nothing going to change in near term...

