Monday, January 29, 2018

The problematic Wannacry North Korea attribution

Last month, the US government officially "attributed" the Wannacry ransomware worm to North Korea. This attribution has three flaws, which are a good lesson for attribution in general.

It was an accident

The most important fact about Wannacry is that it was an accident. We've had 30 years of experience with Internet worms teaching us that worms are always accidents. While launching worms may be intentional, their effects cannot be predicted. While they appear to have targets, like Slammer against South Korea, or Witty against the Pentagon, further analysis shows this was just a random effect that was impossible to predict ahead of time. Only in hindsight are these effects explainable.

We should hold those causing accidents accountable, too, but it's a different accountability. The U.S. has caused more civilian deaths in its War on Terror than the terrorists caused triggering that war. But we hold these to be morally different: the terrorists targeted the innocent, whereas the U.S. takes great pains to avoid civilian casualties. 

Since we are talking about blaming those responsible for accidents, we also must include the NSA in that mix. The NSA created, then allowed the release of, weaponized exploits. That's like accidentally dropping a load of unexploded bombs near a village. When those bombs are then used, those having lost the weapons are held guilty along with those using them. Yes, while we should blame the hacker who added ETERNAL BLUE to their ransomware, we should also blame the NSA for losing control of ETERNAL BLUE.


A country and its assets are different

Was it North Korea, or hackers affilliated with North Korea? These aren't the same.

It's hard for North Korea to have hackers of its own. It doesn't have citizens who grow up with computers to pick from. Moreover, an internal hacking corps would create tainted citizens exposed to dangerous outside ideas. Update: Some people have pointed out that Kim Il-sung University in the capital does have some contact with the outside world, with academics granted limited Internet access, so I guess some tainting is allowed. Still, what we know of North Korea hacking efforts largley comes from hackers they employ outside North Korea. It was the Lazurus Group, outside North Korea, that did Wannacry.

Instead, North Korea develops external hacking "assets", supporting several external hacking groups in China, Japan, and South Korea. This is similar to how intelligence agencies develop human "assets" in foreign countries. While these assets do things for their handlers, they also have normal day jobs, and do many things that are wholly independent and even sometimes against their handler's interests.

For example, this Muckrock FOIA dump shows how "CIA assets" independently worked for Castro and assassinated a Panamanian president. That they also worked for the CIA does not make the CIA responsible for the Panamanian assassination.

That CIA/intelligence assets work this way is well-known and uncontroversial. The fact that countries use hacker assets like this is the controversial part. These hackers do act independently, yet we refuse to consider this when we want to "attribute" attacks.


Attribution is political

We have far better attribution for the nPetya attacks. It was less accidental (they clearly desired to disrupt Ukraine), and the hackers were much closer to the Russian government (Russian citizens). Yet, the Trump administration isn't fighting Russia, they are fighting North Korea, so they don't officially attribute nPetya to Russia, but do attribute Wannacry to North Korea.

Trump is in conflict with North Korea. He is looking for ways to escalate the conflict. Attributing Wannacry helps achieve his political objectives.

That it was blatantly politics is demonstrated by the way it was released to the press. It wasn't released in the normal way, where the administration can stand behind it, and get challenged on the particulars. Instead, it was pre-released through the normal system of "anonymous government officials" to the NYTimes, and then backed up with op-ed in the Wall Street Journal. The government leaks information like this when it's weak, not when its strong.

The proper way is to release the evidence upon which the decision was made, so that the public can challenge it. Among the questions the public would ask is whether it they believe it was North Korea's intention to cause precisely this effect, such as disabling the British NHS. Or, whether it was merely hackers "affiliated" with North Korea, or hackers carrying out North Korea's orders. We cannot challenge the government this way because the government intentionally holds itself above such accountability.


Conclusion

We believe hacking groups tied to North Korea are responsible for Wannacry. Yet, even if that's true, we still have three attribution problems. We still don't know if that was intentional, in pursuit of some political goal, or an accident. We still don't know if it was at the direction of North Korea, or whether their hacker assets acted independently. We still don't know if the government has answers to these questions, or whether it's exploiting this doubt to achieve political support for actions against North Korea.


5 comments:

George said...

Nice entry and very nice blog :)

___________________
Niskie ceny

George said...

Very nice post. I am waiting for the next one :)

____________________
http://www.servikom.pl/wymiana-matryc.php

roselewis470 said...

hello guys,have you ever wondered what your spouse is doing behind you?i was able to get proof that my ex husband was cheating on me through the help of a good samaritan which was referred to me by Mrs Jane.i messaged him and to my greatest suprise he's real and he got me result in less minutes,he's a great professional ,applause for him always as i told him i will let the world know him,do you have any problem spying on someone,track a cheating spouse,hack into text messages and phone calls,bank statement hacks and criminal records erased also you can boost your school grade,hack into whats' app,facebook,viber,emails,gmail and whatsoever related to hacking or your trying to get into a phone without the owner's consent,he's an expert and won't ever fail you. contact hackdigg at g mail dot com or text his number +15186284630 ,also you can text him on whats app or call him with this number on what's app +15185049376 and let him know i referred you.for sure he will help you.
Email:hackdigg at gmail dot com
Text num:+15186284630
what's app num:+15185049376
tell him Roseline referred you.

Jessica franco said...

Are you suspecting your spouse of cheating and having extra marital affairs?I met with a hacker that helped me hacked into my boyfriend's phone and social media accounts successfully.Their job is a one time service and they're reliable,they also offer service for bank statement hack,school grades boost,clearing criminal records.text messages recovery,if you need help tell her Jessica referred you.Her email is cyberlaser2@gmail.com and you can text on +12153920241
Email:cyberlaser2@gmail.com
Textnum:+12153920241

Jenny Fitt said...

If you ever require the services of a hacker, i implore you to try your very best to hire only professionals. johnhacker498@gmail.com will help you get your job completed. i was able to hire the services of an elite, asides the fact that he provided a good service, he also gave a very efficient customer experience. he carried me along with every process and didn't leave me in the dark. his contact is as below, am sure he will help you too.

contact; johnhacker498@gmail.com