More to the point
If the authors used Google Translate then chances are Google has logs of those interactions which include IP address, potentially identity of the person using it. They might have used Tor but then again maybe they didn't.
The WannaCrypt extortion notes were most likely written by Chinese-speaking authors, according to linguistic analysis. WannaCry samples analysed by security outfit Flashpoint contained language configuration files with translated ransom messages for 28 languages. All but three of these messages were put together using Google …
Chinese is not a homogenous single language. Different idioms, way of sentence structure (and not applicable here, but vocal patterns) and vocabulary differ highly from area to area, region to region.
(not even counting the dozens of different regional dialects).
Most of this is much more relevant to the spoken language, since the written is the same. Most likely what they analyzed given the areas noted is probably the writing looks like it was written by somebody that speaks Cantonese. Totally different language than Mandarin, but still uses the same written characters.
"Totally different language than Mandarin, ..."
You might want to consider this small extract from the article:
" ...a glaring grammatical error in the note suggest the speaker is non-native or perhaps poorly educated."
You might notice that the extract I quoted also has a grammatical error.
Where does it end??
Most people, especially those from the supposed "masters of the universe" class, would not be able to spot that. Grammar and usage apparently don't get taught in business schools these days, or, judging from the performance of the last two business school educated Presidents, for the last few decades at least.
On the substance: shouldn't really be a surprise if it turns out the people behind this were Chinese speakers. I mean, after all, it's not like all dark web government contractors are from the Americas and Eastern Europe. It would make sense for the three-letter agencies who have been funding the hacker-for-hire industry recruited from Asia, undoubtedly in an effort to contain costs.
All of this stuff seems so familiar:during the Cold War the US outsourced military operations against the Soviets to the Mujahideen. In the new "cyber" war the three-letters outsourced "cyber" operations to a constellation of well-connected Beltway firms that employed ex-government executives to maintain those connections. The fact that government itself has little or no organic capability to perform those operations is no accident. First of all, it would be an awful waste to have to use up finite job openings that could go to patrons, their families or business associates by employing people with actual technical skills that few in the aforementioned groups are likely to have, and, second, spending on in house resources competes with the gravy train of contracts that is the whole point of "right-sized" government.
Funny that southern China and Hong Kong speak Cantonese, Taiwan and Singapore speak Mandarin which makes identifying the language of the perps pretty confusing to me. My bet is that the NSA did it and included obfuscation to conform to the usual ' plausible deniability' clause in the job spec.
Note to the outraged:- you can replace 'NSA' by anyone you want, the meaning of my comment would be unchanged.
If Google says "it was done from THIS IP at THIS time", then I would imagine the Chinese government would be able to produce the rest from the logs of the great firewall of China. Unless China is massively behind the west in spying on their citizens, and we're told that they have a clear lead in this area.
"Every time the guy does a google search now it suggest bitcoin, ransomware" ...
The google-eyed monster has no incentive to play the cop. But tech sites that use google-generated ads could keep a lid open. No, no, not to catch anybody, but to put a plausible lower bound on the number of proxy servers extant.
Too bad El Reg doesn't have a Lord Kitchener icon, with a warm and fuzzy text such as "Be sure to leave some dosh with your family so they can pay for the bullet."
Replying to my own post. It has begun.
Today El Reg served up these two ads on my front page:
"Canada's Bitcoin Exchange - Most Secure, Lowest Fees"
"Get a free copy of 'Building an Enterprise Cloud for Dummies.'"
I'm touched, I'm honoured, I'm blushing. This is a way higher hacker class than the ads for Ladies' clothing I've been seeing for weeks. Though just between us, I do have a great pair of gams. Hairy, but shapely. Even Mrs. Bunch is jealous.
So it's clear that it was all My Fault. Before you arrest me, occifers, I need to know this, what is an "Intellectual Property address"?
" ' a bit shakey on grammar ' "
"And shaky on spelling."
In 1954, Sherwood “Shakey” Johnson opened the first Shakey’s Pizza Parlor® in a remodeled grocery store on 57th and J Street in Sacramento, California. (from the franchise website).
Therefore it is likely that the shakey poster is a Yank (British term for denizen of USA). See how easy this is?
It should never be excluded from consideration that a grammatical faux pas was committed intentionally.
Don't be fooled people, this is just a cunning ruse by the glorious leader with his god like command of language he has fooled Google translate into thinking he is Chinese for the betterment of the peoples and the glory of the one Korea.
Next week they will find reference to Vodka and blame the Russians.
All part of the plan.
Or absolutely not! We know after Sony / other hacks, that there's quite a bit gamesmanship here. If I was hell-bent on internet extortion I'd ask foreigners in a net cafe / bar to help translate. To deflect attention away from whatever my real heritage / language skills / citizen profile really is... Message would be broken up into innocuous parts first of course....
From the article: ... Though the English note appears to be written by someone with a strong command of English, a glaring grammatical error in the note suggest the speaker is non-native or perhaps poorly educated.
And as we all know, all native English speaker are highly educated, especially in the US, so it must be the Chinese. Or the Russians. Or some ISIS terrorist. Right?
Anyone else notice the glaring stupidity in Flashpoint's linguistics analysis ?
Mandarin is a spoken language (not a set of phonetic linguistic characters which be can typed into Google Translate)
Try again Flashpoint:....
Hong Kong; Taiwan - Traditional Chinese characters (languages spoken Cantonese; Hokkien)
Guangzhou; - Simplified Chinese characters (language spoken Cantonese)
Singapore - Simplified Chinese and English (both at a native speaker level) - no need for Google Translate