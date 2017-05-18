Baseless Attribution Discussions Distract From Meaningful DialogueIt’s the Russians! No, wait, it’s the North Koreans! No, wait it’s…cyber mercenaries posing as PLA hackers moonlighting as cyber mercenaries for the North Korean nation-state? It’s interesting to watch faux experts take such authoritative positions in sinking sand arguments with virtually zero evidence.

On May 12, 2017, the WannaCry ransomware infected an over 200,000 systems, in more than 150 nations, and demanded $300 in Bitcoins in exchange for the decryption of victim systems. WannaCry is also referred to as Wanna Decryptor, WannaCrypt, WCrypt, Wanacrypt0r, WCry, WnCry, and WannaCryptor [1]. If the victim did not pay the ransom after three days, the demand would double to $600. If the ransom remained unpaid, then eventually the adversary would threaten to delete the victim’s data [2]. FedEx in the U.S, ~48 NHS Trusts in the U.K., Renault factories in France, the Interior Ministry of Russia, Telefonica in Spain, the Andhra Pradesh police department in India, PetroChina in China, and numerous and diverse globally distributed systems, were affected by the WannaCry malware. Nevertheless, as of May 17, 2017, only around 230 victims paid ransoms totally approximately $70,000 [2].

The scale of the attack has incited some hasty widespread speculation that the malware originated in North Korea. As discussed later, these claims are circumstantial at best and likely result from the combination of North Korea’s recent media infamy and naïve attempts to correlate the scale of an attack with a nation-state adversary. Speculation such as this, based on a single piece of incidental and inconclusive evidence, detracts from real and meaningful conversations about inherent software vulnerabilities that result from manufacturers’ refusal to incorporate security-by-design into software development, the failure of organizations all over the world to protect their systems and client data according to their value and potential for harm, and governments’ responsibility to manage, secure, and disclose discovered vulnerabilities. read the full article here