The U.S. is publicly attributing the, White House homeland security adviser Tom Bossert told reporters Tuesday at a briefing at the White House.
"Today took us awhile," he said of the announcement, but "we believe we now have the evidence to support the assertion."
Canada, New Zealand and Japan have seen the Homeland Security Department's analysis and agree with the U.S. conclusion, Bossert disclosed. He said that the U.S. "looked not only at operational infrastructure, but [also] tradecraft and routine used in past attacks." Bossert also noted that the North used intermediaries to carry out the attacks. Though he didn't say where those intermediaries were, he noted that outside North Korea, hackers would have access to better technology and tools than are likely available in the North.
He went on to talk about the vulnerabilities that exits in commercial software that are discovered by the government. Ninety percent of the time, he said, the U.S. shares the information about the vulnerability with the company, thus helping companies to improve their products and help prevent their customers from being victimized by hackers. The vulnerabilities the government doesn't share it keeps "for very specific purposes."
Microsoft had traced the attack to North Korea, and Bossert pointed out, the company acted to disrupt the North Korean hackers again last week.
The attribution of the attack to North Korea is a little unusual, but it's evident that the White House decided there was a value in making this information public -- that the U.S. has high confidence that the WannaCry attack was orchestrated and directed by the North Korean government, and that its aim was to create havoc and destruction. What the White House is still figuring out is where the administration stands on whether cyber war constitutes an act of war and what retaliatory measures can or should be taken by the U.S.
Identifying North Korea as the perpetrator, Bossert said, is a matter of "simple culpability." "We're going to say it. We're going to shame them for it," he said.
The Monday announcement that North Korea is behind the an op-ed published in the Wall Street Journal. Bossert wrote that "the attack was widespread and , and North Korea is directly responsible."that plagued multiple industries earlier this year -- including hospitals, financial systems and other companies -- came in
The hackers took advantage of a vulnerability in Microsoft, forcing the shutdown of businesses in 150 countries around the world by encrypting files to make them inaccessible until victims paid a ransom of $300. But Bossert suggested that raising money was not the main purpose of the hack. That assumption is based on what targets of the attack reported -- that most of them didn't pay, and those who did promptly found that their computers weren't unlocked. They then informed others that paying wouldn't end the hack.
Bossert wrote his op ed that WannaCry "encrypted and rendered useless hundreds of thousands of computers ... while victims received ransom demands, paying did not unlock their computers. It was cowardly, costly, and careless."
Asked Tuesday if the U.S. was slow to act, Bossert said, "We took a lot of time to look through classified and sensitive information." The U.S. was able to make a "confident" attribution. "We can't get it wrong. We can't rush it," he said.
He conceded, 'We got lucky. In the U.S. we were well-prepared." And he pointed out thatwho was sophisticated, inadvertently noticed the kill switch and acted to kill it.
Adam Meyers, with the cybersecurity firm CrowdStrike, said "the ransomware element may have been part of the guidance that is to generate revenue."
"There's lots of things that North Korea is involved in, in order to fund their nuclear program and to fund some of their other operations," he said.
North Korea, which is under U.S. sanctions, was also behind thecomputers three years ago. That was retaliation for a movie called "The Interview," which depicted an assassination attempt on the North Korean leader.
The WannaCry ransomware was developed in part by using leaked National Security Agency hacking documents, and that leak is still under investigation.