Addressing the nation this morning, Department of Homeland Security advisor Tom Bossert restated—in some cases word-for-word—the assertions in an op-ed he penned for the Wall Street Journal last night squarely blaming North Korea for the widespread ransomware attack known as WannaCry. Today he revealed DHS’s plan to combat further attacks, which seems limited to asking technology companies for unprecedented cooperation.
Bossert—who cut his teeth in the Bush administration and was the victim of an email phishing attack this August—stated that evidence compiled by DHS had been reviewed by allied nations such as the United Kingdom, Canada, and Japan, which had agreed with the United State’s assessment of North Korea’s culpability.
But DHS declined to share details on its own strategies, if any exist, to prevent a similar attack from being carried out by a hostile nation-state in the future, claiming the purpose of the announcement was to call out North Korea publicly for its actions.
Instead, Bossert praised the actions of Facebook, Microsoft, and other private companies that he said “acted to disable a number of North Korean cyber exploits,” and requested such companies “increase their sharing of information with us.” Jeanette Manfra, the assistant secretary for cybersecurity at DHS said, “We are calling on all companies to commit to the collective defense of our nation.”
Microsoft’s chief legal officer Brad Smith confirmed that his company worked with Facebook over the past week to disrupt WannaCry. “Among other steps, last week we helped disrupt the malware this group relies on, cleaned customers’ infected computers, disabled accounts being used to pursue cyberattacks and strengthened Windows defenses to prevent reinfection. We took this action after consultation with several governments, but made the decision independently,” Smith explained in a blog post.
Down the line, Bossert claimed, “we’re gonna ask [private companies] to look into sharing more technical information on how they’re architected and where their exposure points.” Neither of those are directives tech companies have been eager, or are likely, to follow.
Those who remember May’s attack, which locked down the systems of hospitals, banks, and other companies across the US, might recall Marcus Hutchins—a 22-year-old hacker known as MalwareTech—was credited with stopping the spread of WannaCry. He was arrested by the FBI the following August for allegedly creating and distributing an unrelated piece of malware. Bossert, seeking to downplay Hutchins’s role, simply noted that “we got lucky” that an independent security researcher had triggered WannaCry’s kill switch.
The NSA (and later, the CIA) arrived at the same conclusions about WannaCry months ago, and one wonders what Bossert hopes to accomplish by relitigating an 8-month-old cyber attack. In summation of the impotent goals of the briefing, Bossert said of North Korea, “I hope that they decide to stop behaving badly online.”
Additional reporting by Kate Conger.