A recent hack attack across the globe sparked some renewed accusations from liberals towards nebulous “Russian hackers”, but initial evidence actually points to North Korean involvement. The hack is a “ransomware” called “WannaCry” that uses an exploit in Windows called EternalBlue that some allege involved the NSA. The attack is one of the most devastating hacks in years and has been estimated to infect over two hundred thousand systems across one hundred and fifty countries.
Despite the fact that Russia was one of the worst hit countries by the hack attack, liberals were fast to blame the whole thing on Russia due to their conspiracy theory about “Russian hackers” controlling the universe. Contrary to that, however, researchers have found that some of the code used in the program is shared with another program known as “Contopee” that is used by the hacker group Lazarus which is believed to operate in North Korea.
The Lazarus hacker group rose to prominence in 2014 when they hacked Sony Pictures and under an investigation by the U.S. government were concluded to most likely exist as an operation of the North Korean government. As it was pointed out by Russian ministers, it is easy to make it appear that a digital attack is originating from a different point and they have leveled this accusation at some hacks that were claimed to be Russian.
This tactic has also been used by the Lazarus group. They have routed their attacks to appear as though they were coming from France, South Korea, or Taiwan but were caught when Kaspersky spotted a brief connection that was made to North Korea. Kaspersky did note, however, the possibility that this brief connection to North Korea was left in on purpose as misdirection but noted that they found that improbable. Kaspersky is one of the leading cyber security firms in the world.
There is speculation that part of the reason for the Lazarus groups aggressive hacking operations is to generate revenue to offset the sanctions set on North Korea by the United Nations. North Korea has been the target of increasing sanctions since 2006 when the United Nations demanded that North Korea cease nuclear testing and the country ignored their demands.
In 2013, after the third nuclear test by North Korea, the United Nations imposed sanctions on money transfers which have done a lot to keep North Korea out of the global finance system. North Korea also faces sanctions from the United States, Japan, South Korea, the European Union, and most recently thanks to President Trump’s negotiation skills, China.
The theory is that the North Korean government uses the profits generated by groups such as Lazarus to put into front companies that have access to the global banks that the government does not. It is also suspected that some banks that are subsidiaries of Chinese or Malaysian firms are owned by the North Korean government in order to bypass the sanctions.
The way that the hack makes money is by locking computers that are affected until the user sends them a payment in bitcoin to an address. Bitcoin is a digital cryptocurrency that is difficult to track and often used in online black markets and the “deep web”.
The President of Microsoft Brad Smith wrote a blog post addressing the WannaCry ransomware as well. In the blog post, he called for a collective action to be taken in order to help protect people online as well as levying some criticisms towards governments. As he explains in his blog post, the attack was made possible by governments stockpiling security vulnerabilities in order to spy on citizens or other governments.
This attack was only made possible by the EternalBlue vulnerability which was stockpiled by the NSA and then leaked or uncovered by the Shadow Brokers hacker group that spread the information further until it wound up in the hands of presumably Lazarus if they were indeed behind this attack. He went on to compare the leaking of these digital vulnerabilities to losing tomahawk missiles before ending his blog post with a call for a “Digital Geneva Convention” that would require governments to report vulnerabilities rather than stockpile, sell, or exploit them.