North Korea top suspect for WannaCry attack, says ex US security chief

Methods used in ransomware attack on NHS and in up to 100 countries similar to those used by Pyongyang in the past, says Michael Chertoff

North Korea may have been behind the ransomware cyber-attack on the NHS and up to 100 countries including the UK, a former head of the US Department of Homeland Security has claimed.

Michael Chertoff, who served under George W Bush from 2005 to 2009, said that agents or allies of the Pyongyang regime were the most likely suspects for the hacking of the health service’s administration system in the UK and state infrastructures across the globe this month.

Chertoff, an expert in global cybercrime and terrorism, was speaking at an international conference on terrorism and security in the Slovak capital, Bratislava, this weekend. “The issue with North Korea is this – they don’t participate for the most part in the global financial/commercial system,” he told the Guardian.

“So how do they support their regime? Well they do that basically by committing crime on a global scale whether it’s smuggling counterfeit goods, drugs, human trafficking or theft, this is literally, practically a criminal state. And so it would not surprise me that they would attempt to make money by being engaging in ransomware and extortion.”

Cybersecurity experts have also linked North Korea to the hacks, with top firms Kaspersky and Symantec both saying that technical details in the WannaCry code resembled a previous hack that was linked to Pyongyang. Chertoff said it was “far more likely” that the North Koreans were involved in the ransomware attack than the Russians.

“I don’t think the Russians generally as a state are particularly in cyber-attacks to make money because they have their own economy. The North Koreans don’t really have much legitimate trade and so this is the kind of thing they would use.”

The co-author of the US Patriot Act, which was enacted to enhance security in the US after 9/11, said criminal groups operating online made themselves available to states such as North Korea. He pointed out that North Korean agents were accused of being behind the major online theft of millions of dollars from the Bank of Bangladesh about a year ago.

“I can’t tell you exactly about how they operated in relation to the British ransomware incident but, on past experience, there is something about the tools that were used that for me call it as a North Korean operation because, in the past, the North Koreans used the same kind of tools in other cyber-attacks.”

At the Globsec thinktank summit in Bratislava, Chertoff said it was inevitable that there would be further mass ransomware attacks on the UK and other western states. “You are going to see the scale and breadth of the attacks increasing. There is no question in my mind that they are going to increase.”

The hackers, he said, were beginning to attack devices that were online as part of the so-called Internet of Things, such as refrigerators and thermostats. “They attacked these things because they had minimal security behind them. They were easy targets. I think we may see more mass attacks of this kind.”

Chertoff added that while Isis and previously al-Qaida had limited the use of the internet to spreading propaganda, distributing execution videos and radicalising people online, he expected Islamist terror groups would be investigating if they could use cyber-attacks and online sabotage to disrupt states’ infrastructures.

“When the likes of Isis observes what happened to British Airways this weekend even due to a random thing like a power outage they must be saying to themselves, imagine the disruption or even destruction we could cause if we were able to launch cyber-attacks to bring down companies or even countries’ computer and data systems. I am sure they will try and it may be where the next form of warfare from them takes place.”


Henry McDonald

The GuardianTramp

Related Content

Article image
Russia and neighbours are source of most ransomware, says UK cyber chief
Lindy Cameron, head of National Cyber Security Centre, says extortion is most serious online threat to UK

Dan Sabbagh Defence and security editor

11, Oct, 2021 @4:28 PM

Article image
Hostile states pose 'fundamental threat' to Europe, says MI6 chief
Although Alex Younger does not name specific country, he makes clear that Russia is target of his remarks

Ewen MacAskill Defence and intelligence correspondent

08, Dec, 2016 @1:31 PM

Article image
May to ban Huawei from providing 'core' parts of UK 5G network
Telecoms firm will still be able to supply some technology, but decision may anger Beijing

Dan Sabbagh Defence and security editor

23, Apr, 2019 @11:01 PM

Article image
Major cyber-attack on UK a matter of 'when, not if' – security chief
Exclusive: Ciaran Martin says Britain fortunate so far to avoid major, crippling attack

Ewen MacAskill Defence and intelligence correspondent

23, Jan, 2018 @6:56 AM

Article image
Cybersecurity stocks boom after ransomware attack
Companies see share prices rise sharply amid expected increase in spending on IT security after WannaCry hack

Nick Fletcher and Haroon Siddique

16, May, 2017 @3:35 PM

Article image
Hostile states trying to steal coronavirus research, says UK agency
Experts say Russia, Iran and China likely to be behind cyber-attacks on universities

Jamie Grierson and Hannah Devlin

03, May, 2020 @3:12 PM

Article image
GCHQ warns of fresh threat from Chinese state-sponsored hackers
National Cyber Security Centre urges operators of critical national infrastructure to prevent hacks

Dan Milmo Global technology editor

25, May, 2023 @3:34 PM

Article image
Google warns of surge in activity by state-backed hackers
More than 50,000 alerts sent so far this year, including of an Iranian group that targeted a UK university

Dan Milmo Global technology editor

15, Oct, 2021 @12:00 PM

Article image
Ransomware is biggest online threat to people in UK, spy agency chief to warn
GCHQ cybersecurity boss sounds alarm over extortion by hackers who are mostly based in former Soviet states

Dan Sabbagh Defence and security editor

13, Jun, 2021 @11:01 PM

Article image
Has North Korea found a friend in President Putin? | Natalie Nougayrède
Natalie Nougayrède: In the midst of the Sony hacking scandal, Kim Jong-un received an invite to Russia. It’s a sign that we’re in a new era of hybrid warfare and deniable attacks

Natalie Nougayrède

23, Dec, 2014 @5:09 PM