Page 23 - ARUBA TODAY
P. 23
A23
TECHNOLOGY Wednesday 17 May 2017
Experts see possible North Korea links to global cyberattack
YOUKYUNG LEE tack, searching for digital spread of the worm glob- Choi said. “It’s not unique should stop underestimat-
AP Technology Writer clues and following the ally suggests it did not rely in North Korea but it’s also ing its capabilities and
SEOUL, South Korea (AP) — money. on phishing, a method not a very common meth- work together to think of
Cybersecurity experts are “We are talking about a whereby an email is sent od.” a new way to respond to
pointing to circumstantial possibility, not that this was to people with the aim of Choi also cited an acci- cyber threats, such as hav-
evidence that North Korea done by North Korea,” having them click on in- dental communication he ing China pull the plug on
may be behind the global Choi said. fected documents or links. had last year with a hacker North Korea’s internet.
“ransomware” attack: the HOW IT WORKED Rather, analysts at the Eu- traced to a North Korean “We have underestimat-
way the hackers took hos- WannaCry paralyzed com- ropean Union cybersecuri- internet address who ad- ed North Korea so far that
tage computers and serv- puters running mostly older ty agency say the hackers mitted development of since North Korea is poor,
ers across the world was versions of Microsoft Win- likely scanned the internet ransomware. it wouldn’t have any tech-
similar to previous cyberat- dows in some 150 countries. for systems that were vul- The Russian security firm nologies. But North Korea
tacks attributed to North It encrypted users’ com- nerable to infection and Kaspersky Lab has said por- has been preparing cyber
Korea. puter files and displayed a exploited those computers tions of the WannaCry pro- skills for more than 10 years
Simon Choi, a director at message demanding $300 remotely. gram use the same code and its skill is significant. We
South Korean anti-virus soft- should never underesti-
ware company Hauri Inc. mate it,” Choi said.
who has analyzed North FOLLOW THE MONEY
Korean malware since Researchers might find
2008 and advises the gov- some additional clues in
ernment, said Tuesday that the bitcoin accounts ac-
the North is no newcomer cepting the ransom pay-
to the world of bitcoins. It ments. There have been
has been mining the digital three accounts identified
currency using malicious so far, and there’s no indi-
computer programs since cation yet that the crimi-
as early as 2013, he said. nals have touched the
In the attack, hackers de- funds. Although bitcoin is
mand payment from vic- anonymized, researchers
tims in bitcoins to regain can watch it flow from user
access to their encrypted to user. So investigators
computers. The malware can follow the transactions
has scrambled data at until an anonymous ac-
hospitals, factories, gov- count matches with a real
ernment agencies, banks person, said Steve Grob-
and other businesses since man, chief technology of-
Friday, but an expected In this Wednesday, April 22, 2015, file photo, Stijn Vanveerdeghem, left, an engineer with Cisco, ficer with the California se-
second-wave outbreak shows graphics with live wireless traffic to FedEx employee Barry Poole during the RSA Conference curity company McAfee.
largely failed to materialize in San Francisco, where threat analysts, security vendors and corporate IT administrators gathered But that technique is no
to talk about malicious software, spear-phishing and other attacks that can steal money or se-
after the weekend, in part crets from companies and consumers. sure bet. There are ways to
because security research- Associated Press convert bitcoins into cash
ers had already defanged on the sly through third
it . to $600 worth of the digital The worm then is likely to as malware previously parties. And even finding
Choi is one of a number currency bitcoin to release have spread through a distributed by the Laza- a real person might be no
of researchers around the them; failure to pay would channel that links com- rus Group, a hacker col- help if they’re in a jurisdic-
world who have suggested leave the data scrambled puters running Microsoft lective behind the 2014 tion that won’t cooperate.
a possible link between and likely beyond repair . Windows in a network. The Sony hack. Another secu- TELL-TALE SIGNS
the “ransomware” known The hackers appeared channel is typically used to rity company, Symantec, James Lewis, a cybersecu-
as WannaCry and hack- to have taken control of share files within a network has also found similarities rity expert at the Center for
ers linked to North Korea. computers and servers or to link to a printer, for ex- between WannaCry and Strategic and International
Researchers at Symantec around the world by send- ample. Lazarus tools. Studies in Washington, said
and Kaspersky Lab have ing a type of malicious THE NORTH KOREA LINK But it’s possible the code U.S. investigators are col-
found similarities between code known as a worm. This method has been was simply copied from lecting forensic information
WannaCry and previous The worms quickly scanned found in previously known the Lazarus malware with- — such as internet address-
attacks blamed on North computers with vulnerabili- North Korean cyberat- out any other direct con- es, samples of malware or
Korea. ty, in this case the older ver- tacks, including the Sony nection. information the culprits
The evidence is still far sions of Microsoft Windows, hack in 2014 blamed on If North Korea, believed might have inadvertently
from conclusive, however. and used those computers North Korea. to be training cyber war- left on computers — that
Authorities are working to as hackers’ command and “Since a July 2009 cyberat- riors at schools, is indeed could be matched with
catch the extortionists be- control centers. tack by North Korea, they responsible for the latest the handiwork of known
hind the global cyberat- Experts say that the rapid used the same method,” attack, Choi said the world hackers.q
