The string of devastating malware attacks this year should make any government report claiming to uncover important details an exceedingly important document.
And now we have one.
Recently, the UK released its official report on the WannaCry epidemic that devastated systems of the British national health care provider NHS, amongst thousands of other victims internationally.
In a recent statement, Ben Wallace, a junior minister for security, told BBC Radio that the government was "as sure as possible" that the North Korean government is the culprit behind the hacks.
The British authorities are not the first to speculate a North Korean connection to WannaCry. In May, shortly after the string of hacks ended, security researchers at the firm Symantec posted on the group’s blog that the "tools and infrastructure used in the WannaCry ransomware attacks have strong links” to a mysterious hacker group known as Lazarus, known to be linked to the North Koreans.
The broad implications for this discovery could be substantial, and need to be carefully unpacked.
Many of the malware programs used in the slew of recent incidents, including WannaCry, Defray, NotPetya, and more recently the Bad Rabbit virus, have used tools allegedly stolen from the American NSA by the notorious “Shadow Brokers” hacker conglomerate. The tools use several exploits in the Windows operating system, among other identified weaknesses in commonly used programs. The group has been disseminating these tools via the internet for the past several months.
Assuming that the assessment of North Korea’s connection is correct, does this indicate that the country may possess the full slew of cyber weapons allegedly obtained by Shadow Brokers?
However, there are even darker possibilities.
The identity of Shadow Brokers has always been an open question. Theories abound, and experts have been offering ideas for a while. Could it be that the group is nothing more than a North Korean front, that along with Lazarus carries out the cyber dirty work of Pyongyang?
This is not such an outlandish theory considering the evidence we have on North Korea’s cyber capabilities. In addition to all the attacks associated with Lazarus, North Korea is widely believed to be behind the Sony Pictures hack, one of the most widely sensationalized hacks in recent history. The attackers in this instance were able to wrest complete control of the cyber infrastructure of Sony, leaked troves of sensitive data on company employees and projects, and then deployed a system wiper to delete all of Sony’s digital files.
Anything that can be ascertained about North Korea’s cyber arsenal from these recent revelations will certainly being integrated into the threat assessment of the country in the current crisis. With American officials increasingly discussing military options to deal with North Korean aggression, the cyber backlash from any conflict is an important factor for the US and its allies to consider.