back to article UK, US govt and pals on WannaCry culprit: It woz the Norks wot done it

UK Foreign Office Minister Lord Ahmad of Wimbledon today claimed North Korea was behind the WannaCry ransomware incident. He joins the US government, Canada, Australia, New Zealand, Japan, Microsoft, Google, Kaspersky, Symantec, FireEye, and others, in blaming Kim Jong-un's hackers for unleashing WannaCry on the world. Uncle …

  1. iron Silver badge

    Dear Lord Toffy McToffyface,

    Prove it.

    1. Pascal

      But he's a government official and he pinky swears it, surely that's proof enough?

    2. alain williams Silver badge

      Re: Prove it

      The time is ripe for buttering up public opinion for a jihad (justified war) against the Norks. Those of us who have heard too much fake news require evidence before we form opinions.

      1. Tomato42 Silver badge

        Re: Prove it

        war against Norks is not really justified, it's not like the general populace living there has the ability to have opinion on any subject, let alone foreign politics

        Nork government on the other hand is definitely prime for a chopping block...

        1. sloshnmosh

          Re: Prove it

          It's easy to prove it was NK that did it...there was Korean language found in the malware source code!

          Oh, wait

          https://wikileaks.org/ciav7p1/cms/page_14588467.html

    3. Anonymous Coward
      Anonymous Coward

      Does he chase parked cars or something? He face looks like it was constructed with the assistance of a frying pan.

    4. Semtex451 Silver badge
      Facepalm

      Highly Likely

      "National Cyber Security Centre assesses it is highly likely that North Korean actors...."

      Perhaps they would have inspired more confidence by saying "very highly likely" or "quite probably"?

    5. DougS Silver badge

      What kind of "proof" would you find acceptable?

      Its a little more obvious when Zeroes bomb your harbor who is responsible than when you're hacked. You pretty much had to take your government's word for it that the IRA was responsible for a given bombing in the past, or that Al Qaeda or ISIS is responsible for one today. Even if they claim responsibility (how hard is it to "plant" a claim of responsibility in ISIS' name, after all?)

      I have no idea if the Norks were responsible or not (though ransomware seems like it would fit their MO, given their need for funds that can bypass all the banking sanctions) but even if they released every bit of intelligence that makes them believe the Norks are responsible you could still say "what if it was the Russians | Chinese | Iranians | Americans | Israelis | French | IRA | Welsh | 400 lb hacker sitting on Trump's bed that was actually responsible and they just faked the evidence to make it look like the Norks?"

      1. Mark 85 Silver badge

        Re: What kind of "proof" would you find acceptable?

        I think you nailed it. This has all the hallmarks of the "enemy of the month" type of thing.

        1. Anonymous Coward
          Anonymous Coward

          "enemy of the month"

          "We have always been at war witrh Eurasia."

    6. John Smith 19 Gold badge
      Coat

      Dear Lord Toffy McToffyface, Prove it.

      Signed

      Fatboy Kim.

  2. Aaiieeee
    Mushroom

    So,

    Since it impacted the NHS in a big way is it akin to dropping a bomb on a hospital? An attack against civilians?

    Don't people usualy go to war over stuff like that?

    Note: bombing brainwashed nork peasents isn't something I want to happen - I'm just wondering.

    1. Paul Crawford Silver badge

      Re: So,

      Bomb? More like blowing hard on a house of cards.

      No mention of our American friends providing the exploit?

      No mention of the impact being severe due to unpatched machines being publicly exposed?

      No mention of a lack of IT funds/staff with authority to sort that out?

      1. Jonathan Schwatrz
        FAIL

        Re: Paul Crawford Re: So,

        ".....No mention of the impact being severe due to unpatched machines being publicly exposed?....." Yeah, and people that don't have bars on all their windows are totally to blame when their houses get burgled? And if someone gets stabbed by a mugger it must be their own fault for not wearing a full set of plate armour every time they leave the house? What's next, you're going to accuse women that don't go out in a burka of asking to be raped?

        1. Paul Crawford Silver badge

          Re: @ Jonathan Schwatrz

          "Yeah, and people that don't have bars on all their windows are totally to blame when their houses get burgled?"

          No. Having "unpatched machines being publicly exposed" is more analogous to having unprotected sex with every lady (or man) of negotiable affection down at the docks. How long would you expect to last before getting a dose of galloping knob-rot?

          1. strum Silver badge

            Re: @ Jonathan Schwatrz

            >No. Having "unpatched machines being publicly exposed" is more analogous to having unprotected sex with every lady (or man) of negotiable affection down at the docks.

            Bollocks. You are excusing criminals.

            1. Paul Crawford Silver badge

              Re: @ Jonathan Schwatrz

              "Bollocks. You are excusing criminals."

              So you think that a large professional organisation that uses IT has no obligation to take some care of its own system security?

              I take it you would be happy to see banks store your money in a cardboard box under the counter?

              No problem with leaving your keys in your car overnight?

              Better if airports did nothing to check passengers or luggage boarding the plane you are due to fly on?

    2. David Webb

      Re: So,

      I believe the problem there, with the NHS, wasn't so much the DPRK ransomware but the fact that the NHS's IT was a bit lacking. It's a bit like building a hospital next to a river and using water from the river as potable, then blaming the factory up the road because of the nasty chemicals in the water, rather than blaming the hospital for using a dodgy water supply.

      If the NHS had followed best security practices, there wouldn't have been a problem. It's just easier to blame the big bad NK Bogeyman than it is to blame failure of the UK government.

      1. fandom Silver badge

        Re: So,

        "It's a bit like ..."

        What you are doing is a lot like blaming a mugging victim for not knowing karate.

        1. Yet Another Anonymous coward Silver badge

          Re: So,

          What you are doing is a lot like blaming a mugging victim for not knowing karate.

          Or blaming a hospital for starting open-heart surgery in the middle of a hurricane knowing that you didn't pay for the backup generator

          1. Voland's right hand Silver badge

            Re: So,

            Or blaming a hospital for starting open-heart surgery in the middle of a hurricane knowing that you didn't pay for the backup generator

            Sort-a. You are mistaking "middle of hurricane" with "agents of foreign country blowing up the power supply". Now, if you had a backup generator that would have helped. Or maybe not - it can be blown up too.

            The stupid part is elsewhere. The rule of thumb when dealing with lunatics is "if you are not going to act on it, keep your mouth shut". Empty talk only makes them do it again.

            In fact, from this perspective, we have LOTS to learn from both Russian and the French. They are significantly more restrained on the talking front and significantly less restrained on the "deploy marines backed up by an aircraft carrier and execute the little shit on the spot" front.

            Oh sorry, forgot. We do not have a viable aircraft carrier, do we? We have a leaky tin can which has no planes to fly from it. Oh well, how fortunate. We can continue empty posturing then I guess. It is easier when you have an excuse for not putting your money where your mouth is.

            1. Mark 85 Silver badge

              Re: So,

              The rule of thumb when dealing with lunatics is "if you are not going to act on it, keep your mouth shut".

              I was always told that when dealing with lunatics, you have be a bigger lunatic to keep them in line. Maybe the US and UK have it right... bigger lunatics? The NORKs do have one who's in the running for Lunatic of the Year, however.

            2. Jonathan Schwatrz
              FAIL

              Re: Voland's right hand Re: So,

              "....Russian and the French. They are significantly more restrained on the talking front and significantly less restrained on the "deploy marines backed up by an aircraft carrier and execute the little shit on the spot" front....." Yeah, I think you need to do a lot more reading on actual historical sites and less on IndyMedia. I'm surprised you forgot about the French bombing of the Rainbow Warrior, or is that too old for today's millennial snowflakes? Have you forgotten about the recent French lead on Libya already? You could start improving your historical knowledge by looking up the French history in Algeria and the Soviet adventures in Afghanistan. France is still sticking it's imperial oar in with previous colonies like the Lebanon and Africa states like Mali, and Putin seems to have every interest in returning the Middle East to the days when Arab states were split into those friendly to the West and those in the Soviet sphere.

        2. Paul Crawford Silver badge

          Re: @ fandom

          "What you are doing is a lot like blaming a mugging victim for not knowing karate."

          No, more a case of a shop assistant carrying large wads in cash in clear plastic bags, and without any disguise or protection, to the bank every day. Of course they *should* not be robbed, but if they were you could not help but think it was partly due to a rather lax and careless attitude to security.

          And then you (or the insurers, assuming they had any) would be asking the shop owner serious questions about their risk assessment and practices...

    3. Bernard M. Orwell Silver badge

      Re: So,

      "Since it impacted the NHS in a big way is it akin to dropping a bomb on a hospital? An attack against civilians?"

      The implication of your question, and almost certainly the way the gubmint will paint it, is that it was a carefully orchestrated and targeted attack against our most precious institution, the NHS, for which we will not stand. (Cue patriotic headlines, music, and "boots on the ground").

      Of course, no mention will be made of the idea that this was less a "Cyberattack" and more like "ransomware chucked out by an unknown actor in an attempt to get some cash from suckers just like the other myriad attacks each year but this one happened to get onto some NHS laptop and got plugged into a network and shared by a user accidentally."

      Nope. Cyberattack. Against hospitals. Bastards. Go America! We're with you! (something, something, special relationship.)

      1. Anonymous Coward
        Anonymous Coward

        Re: So,

        > it was a carefully orchestrated and targeted attack against our most precious institution, the NHS, for which we will not stand

        Still a drop in the ocean of tears compared to Jeremy Hunt - maybe GBHQ could run an extensive analysis to rule out the possibility he's being operated remotely by Little Ming.

      2. strum Silver badge

        Re: So,

        >The implication of your question, and almost certainly the way the gubmint will paint it, is that it was a carefully orchestrated and targeted attack against our most precious institution, the NHS, for which we will not stand.

        There is a criminal principle that a perpetrator must take responsibility of the results of his crime - whether or not he intended it.

        For this reason, arson has long been treated as if it were murder (because an arsonist could not know whether anyone might be killed by their fire). When we still had the option, arson was a capital crime.

        Someday, someone will die because of a hack (may already have happened) - and commentards crowing that the security should've been better will do little to comfort the deceased's family.

        Indiscriminate malware isn't just a nuisance - it's a serious crime.

        1. Bernard M. Orwell Silver badge

          Re: So,

          "Indiscriminate malware isn't just a nuisance - it's a serious crime"

          Agreed, but my concern here is that its a prime piece of news that can be manipulated to fit political agenda very easily; propaganda time. i.e. It lines us up against North Korea alongside Trump and Co., it suits the governments clear anti-internet freedom agenda, and it maintains the "fear factor" as the spectre of ISIS is just starting to diminish.

          Too easy for the PtB to ignore the reality of malware that you and I deal with in our professions in favour of spin.

    4. Voland's right hand Silver badge

      Re: So,

      Article quote: The decision to publicly attribute this incident sends a clear message that the UK and its allies will not tolerate malicious cyber activity, the Foreign Office said.

      You are not alone here. My first thought was also: Since it impacted the NHS in a big way is it akin to dropping a bomb on a hospital? An attack against civilians? Don't people usualy go to war over stuff like that?

      The Foreign office reaction is a first degree idiocy. If you attribute what is a WAR CRIME AGAINST OUR CIVILLIANS to a FOREIGN STATE and YOU CAN PROVE it, that is a valid casus belli to start a war. You can even get the Security Council to agree on it. The Chinese Ambassador is not Nicky Halley and if the proof is irrefutable will most likely abstain. Now, the fact that we cannot even scrape 3 ships worth of an expeditionary force with zero aircraft is a different story, but let's not get there shall we?

      If you cannot provide a proper response to a foreign state against an aggression against a civilian hospital on our soil, shut the f*** up and do not attribute it to them. Especially if you happen to be a nuclear power. This is the worst of all possible options - you show you have no teeth and you give a precedent where we do fuck all after someone has attacked civilians and out of all places a hospital.

      While previous gems by the hair-disorganized quasi-idiot could be laughed at as most of them did not have possible consequences in the form of a bodycount, this one isn't. He should be sacked (in fact that will be too kind for him).

  3. rmason Silver badge

    Twaddle!

    This bit:

    "The decision to publicly attribute this incident sends a clear message that the UK and its allies will not tolerate malicious cyber activity, the Foreign Office said."

    Bollocks.

    You are making this announcement because you *know* Trump is going to blab it. Full stop. End of story.

    You've realised you'll look daft if you simply nod and agree with him after the fact, and even worse if you get into a public spat over Yes it was/No it wasn't.

    1. Jack of Shadows Silver badge

      Re: Twaddle!

      Part of what I was going to say about that bit in the article. The rest is: "What the fuck are you going to do to North Korea that you haven't done already." Short of a full-blown war, of course. The toolbox doesn't have any more tools to use than that.

      1. Jonathan Schwatrz
        Facepalm

        Re: Jack of Shadows Re: Twaddle!

        ".....The toolbox doesn't have any more tools to use than that." Diplomacy is about bringing pressure to bear. Every headline about "bad Norks" makes it harder for China to dodge their responsibilities when not fully applying UN sanctions.

    2. wolfetone Silver badge

      Re: Twaddle!

      "You are making this announcement because you *know* Trump is going to blab it. Full stop. End of story."

      Or the story is far more scary than what they used when Saddam had his weapons of mass destruction and we were all 45 minutes away from death.

      That turned out to be bollocks too.

  4. Anonymous Coward
    Anonymous Coward

    Who?

    So the NSA made the weapons (eternal blue) that NK used to attack the UK.

    Ahh well, once NK gets all their assets into BC, then when it's crashed by (spooky shadow governments) they will still have nothing to show for all that hard work.

    Good thing the NSA doesn't make ICBMs.

  5. Uncle Slacky Silver badge
    Big Brother

    Wot, no NSA?

    Have they forgotten the source of the original exploits used in the attack?

  6. NonSSL-Login
    Pirate

    Highly likely

    The article quotes him as saying 'highly likely' which is different from confirming they did it.

    A bit like America's 'high confidence' of weapons of mass destruction in Iraq.

    So they are not 100% sure but they are making a statement now that sounds like they are, as the political timing is right due to action they want to take towards NK.

  7. This post has been deleted by its author

  8. danR2

    Dynamic heatmaps hardly implicated N.K.

    Even as early heat-maps of the strikes came in, it made no sense Pyongyang would have been responsible: Russia was hit first (then heavily later) then the Ukraine, then Europe massively and quite a lot of China. The U.S. was moderately or even lightly hit.

    Why on earth would Kim pick on China and Russia?

  9. beardman
    Holmes

    "We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace."

    How about you start patching those systems up? And putting some firewall between them and the wild internet?A little bit of defence-in-depth haven't harmed anyone...

  10. 0laf Silver badge
    Childcatcher

    Thought it was the Ruskies. Could you just pick one bad guy please?

    But the Norks don't have sell anything the Muricans will want to do in house. Not like Kasperski.

    They're not just looking for random enemy to continue the perpetual war as a distraction from Trumps dementia, and excessive state control of populations are they

  11. Anonymous Coward
    Anonymous Coward

    Not what it seems

    WANNACRY wasn't "ransomware". In ransomware you can pay money and get your data back.

    There wasn't any mechanism for this to work in WANNACRY and nobody is known to have paid (and some did) and got their data back.

    Also, any attribution is based on a tiny code snippet that was also seen in a previous piece of code supposedly from "Lazarus" who are supposedly Norks.

    Given that the code from which the snippet came from had been previously widely seen, why would that prove anything? Everyone from hard core black hats to skiddies copy and paste code from all over and thats before you even start to consider a false flag operation by another nation state.

    There is also a lot more interesting aspects of WANNACRY if you go digging....

    But anyway, typical stupid UK government BS powered by both stupidity and a desire to twist the facts to support other agendas.

    1. Voland's right hand Silver badge

      Re: Not what it seems

      WANNACRY wasn't "ransomware". In ransomware you can pay money and get your data back.

      Not necessarily. The reality is: "You pay your money and you pray you get your data back". It is a basic hostage situation, just your data instead of your daughter. Sounds similar, possibilities of getting something back are similar, but spelled differently.

  12. Anonymous Coward
    Anonymous Coward

    Yeah yeah using weapons supplied by the NSA

    I personally blame the NSA. If they leave their cyber nukes lying about for anyone to steal, they are really the ones to blame should someone use them.

    Still not seen any real proof North Korea behind it, but North Korea and Russia are the current bogeymen, so it has to be one of them. US Military got to keep getting their funding somehow, need an enemy to fight.

  13. Anonymous Coward
    Anonymous Coward

    Which is it? Are the Norks backward barbarians living in the past, or are they a sophisticated enemy undermining the great western values?

    I suspect that everything is vastly oversimplified to achieve the goal de jour. So Sony is hacked - we find a lame excuse that it is because of a lame film which bombed that provoked it. No WannaCry showed that there are lots and lots of lazy sysadmins out there, but we want an excuse to hit the Norks harder.

    The timing of this attribution is also interesting - is it because there hasn't been anything flying lately and the military needs to keep the Norks in the news?

    1. Bob Dole (tm)
      Trollface

      Which is it? Are the Norks backward barbarians living in the past, or are they a sophisticated enemy undermining the great western values?

      I think it depends on if your country wants to invade them or not. If you do want to invade then the Norks are a sophisticated enemy. If you don't, then they are just backwards barbarians whose people we should pity.

    2. veti Silver badge

      Yeah, I always get confused by this.

      On the one hand, it's a backward little shithole with the population of Afghanistan, a GDP that's less than half the UK defence budget, and fewer IP addresses than Market Harborough.

      On the other hand, it's a sinister unstoppable power capable of standing off the entire US, and striking with impunity at NATO countries who can do nothing, nothing I tell you, to stop them.

      Seriously, when I wor' a lad we had the Soviet Union to worry about. There, at least, was an enemy that could credibly be talked up to those sorts of levels of paranoia. But North Korea? Something is badly wrong with this picture.

      If it is true, then what that tells us is that defence (and national security) budgets are a complete waste of money. If we can't even stop North feckin' Korea from attacking us, then what the hell use is all this hardware we spend so much on?

    3. Adam 52 Silver badge

      It can be both. Clearly they've got a fairly well established and high tech "making big bangs" industry and at the same time a general population living in poverty.

      They can have a "high tech" script kiddie industry too, or even a few hundred well motivated bright programmers. You've got to admit, if you were in NK and it was a choice between labour camp leading to death and malware author you'd pick the latter, so they'll have the brightest and best out of 25 million people.

  14. Anonymous Coward
    Anonymous Coward

    Not credible

    Used tech grabbed from the NSA, most of the damage was done to countries which are friendly to NK.

    This is, in my opinion, an attempt to offer those countries an excuse to change their stance and join the cool kids stomping on Kim Jong Fuckface.

    He does deserve a stomping, I'm just not convinced that this is another reason.

    AC because I called fatboy a rude name.

  15. Bob Dole (tm)
    Paris Hilton

    Now hold on a second...

    I thought the Russians did it using leaked NSA "security" tools?

    https://www.forbes.com/sites/thomasbrewster/2017/04/26/shadow-brokers-leaked-nsa-cyber-tools-become-weapons-of-american-enemies/#1b6ba06b1924

    Actually, nevermind. This whole thing stinks of a desire by the powers that be to start yet another war by bombing the North Koreans.

  16. John H Woods Silver badge

    Off topic, but...

    ... doesn't the conjunction of 'free' and 'open' in the declaration "We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace" sound a bit pro- net neutrality?

  17. Teiwaz Silver badge

    Slight of hand (yes, it was intentional)

    When Governments or Government Agencies point at the usual suspects or some other group, country or otherwise scapegoatable entity over some issue or event, it's usually to distract while they wash the blood off, scrub out the car and dump it somewhere....

  18. This post has been deleted by its author

  19. Anonymous Coward
    Anonymous Coward

    "We condemn these actions...

    and commit ourselves to working with all responsible states to combat destructive criminal use of cyber space."

    That sort of use of cyberspace is the domain of the UN security council members only. No one else is allowed. Just like the nuke issue really, he thought to himself.

  20. Anonymous Coward
    Anonymous Coward

    It is staggering that

    with all the people in government with history degrees, that none of them appear to have realised that if you declare war on a country, and yes, economic war is war, funnily enough the other side tends to fight back. Often, not on the playing field you are on. Usually, not by the same rules as you are playing by.

    Boxing a country into a corner until it has no options but to lash out violently often doesn't end well either.

    The only lesson we learn from history is that we learn nothing from history...

  21. andyp-random-number

    Strongly worded letter

    "The decision to publicly attribute this software nasty to North Korea sends a clear message that the UK and its allies will not tolerate malicious cyber activity, Blighty's Foreign Office thundered."

    ....and to show how angry we are we've sent a strongly worded letter, via social media, which will stop any repeat.

    1. Anonymous Coward
      Anonymous Coward

      Re: Strongly worded letter

      Blistering barnacles, as Pugwash would say.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019