“As we have clearly stated on several occasions, we have nothing to do with cyber-attack and we do not feel a need to respond, on a case-by-case basis, to such absurd allegations of the U.S.,” the spokesperson said. “However, we can never tolerate the U.S. reckless move of using the issue of cyber-attack for the purpose of making direct accusation against our state.”
“Crystal clear is the purpose of the U.S. trying to link us to the issue of cyber-attack at this very moment when it is hell-bent on making a harshest ‘sanctions resolution’ against us,” the spokesperson added.
On Tuesday, December 19, the United States publicly attributed the WannaCry ransomware attack to North Korea in a White House briefing presented by counterterrorism adviser Thomas Bossert. The attack originally took place for three days in May across 150 countries using the WannaCry ransomware cryptoworm, which encrypted Windows-based PCs and demanded bitcoins in return.
“This was a careless and reckless attack,” he stated. “It affected individuals, industry, governments. And the consequences were beyond economic. The computers affected badly in the UK and their healthcare system put lives at risk, not just money.”
The United States isn’t simply throwing out accusations in a heated war of words. Bossert said the White House made its final decision “after careful investigation” backed by evidence, and a unanimous agreement with Australia, Canada, Japan, New Zealand, and the United Kingdom. Microsoft is even involved, tracing the WannaCry attack back to “cyber affiliates” of North Korea’s government.
But the DPRK spokesperson said accusations made by the White House are unreasonable. “The U.S., a source of all social evils and a state of global cyber-crimes, is unreasonably accusing the DPRK without any forensic evidence,” the spokesperson said. “This cannot be construed otherwise than an expression of its inveterate repugnance towards the DPRK.”
So, what now? First, the briefing is part of a public move to hold North Korea accountable for its actions. Second, the United States will spearhead a plan that will bring the government and corporations closer together, thus increasing the cost for hackers by strengthening the nation’s cyber defenses. Good cooperation between the two entities will bring improved security across the board, Bossert said.
During his briefing, Bossert said Microsoft, Facebook, and other technology entities already began purging exploits used by North Korea and shutting down accounts used in attacks. They did so on their own without any government nudging, although he gave a special acknowledgment to Microsoft, which addressed exploits prior to the attack that kept many U.S. targets out of the line of fire.
“We call today — I call today, and the President calls today, on the private sector to increase its accountability in the cyber realm by taking actions that deny North Korea and the bad actors the ability to launch reckless and disruptive cyber acts,” he said.
Most of what he said during the White House briefing made its way into his op-ed post on The Wall Street Journal. But the briefing also introduced the nation to Jeanette Manfra, assistant secretary for Cybersecurity and Communications at the Department of Homeland Security. She will be joined by Christopher Krebs and Secretary Kirstjen Nielsen to coordinate operations with corporations to beef up cybersecurity on all fronts.
As an example of a government/corporate collaboration, Manfra relayed the events that began when WannaCry began attacking the Asia-Pacific region. By the end of the first day, all major local internet providers, IT and cybersecurity firms, and more than 30 companies across the nation were providing analytical assistance. This local collaboration between the government and the private sector helped defend the United States against the brunt of the WannaCry attack.
“In many ways, WannaCry was a defining moment and an inspiring one,” Manfra said. “It demonstrated the tireless commitment of our industry partners, a moment that showed how the government and private sector got it right.”
Update: Added North Korea’s response.
