This month, Microsoft confirmed what many of us in the cyber security industry had long suspected — that North Korea was behind the WannaCry virus.
In a statement to ITV, Brad Smith, Microsoft President and Chief Legal Officer, said that he believes “with great confidence” that “the reason for WannaCry is North Korea, which uses cyber tools or weapons stolen from the US National Security Agency.”
There had long been speculation that the virus originated in the DPRK, and the recent statement undoubtedly reflects what the Pentagon has known for some time. Yet it is still worrying. The ease with which otherwise under-developed states can develop powerful computer viruses threatens to undermine the U.S.’s military dominance.
Today, in my first column here, I want to talk a little bit about the WannaCry virus in particular, and what it can tell us about the new age of cyber warfare that we find ourselves in.
WannaCry, along with the less publicized worm NotPetya, represent something new in cyber warfare. On the surface, these viruses appear to be superficially similar to the type of worms that occasionally caused problems in the late 1990s and early 2000s.
However, though these viruses used to same infection vectors as a lot of previous worms, they carried a different (and much more powerful) payload. The WannaCry payload was able to steal financial information, and potentially disrupt government systems, which in itself was one of the reasons it was always suspected to have originated with a nation state.
Looking back, some of the viruses that caused such problems in the early 2000s actually seem pretty benign by comparison. The Code Red and Nimda worms caused panic in 2002, largely because they spread so quickly — Code Red took just 10 minutes to infect every susceptible Microsoft server in the world.
The U.S. government, following these attacks, did put in place a program to develop countermeasures against computer worm infection. However, instead of being offered to commercial businesses, the program was frozen before its recommendations could be acted on. This may be one of the reasons why we are seeing a resurgence in worm attacks.
The last ten years have in fact been a relatively quiet time when it comes to worm attacks. The recent upward trend in such attacks therefore gives rise to an important question — why now?
The question is made more complicated by a paradox at the heart of the WannaCry attack. The payload of the worm was clearly designed to steal financial information, and so it was initially believed that the attack was the work of hackers out for “mere” financial gain. As it became clear that the virus was implemented by the DPRK, the picture became more confusing.
If WannaCry represents an attack by a nation state on another, why was its payload primarily designed to steal financial information? The same worm, after all, could have been used to directly interfere with government information networks. Even, perhaps, to target nuclear or other military facilities, like StuxNet. Yet analysis of the worm suggests that this was not the case.
My answer to this paradox would be this: that WannaCry, far from being a full-blown instance of cyber warfare, was in fact the DPRK experimenting with worm attacks. If this is true, we should expect far more of these in coming years.
The opportunities afforded by cyber warfare are particularly attractive to developing nations. The expertise needed to develop such weapons can be bought relatively cheaply, and the material cost of developing them is thousands of times lower than of conventional weapons.
That said, now that the U.S., and other developed nations, are taking the threat of cyber attack more seriously, it is unlikely that a worm like WannaCry would be able to disrupt hardened networks like those found in military installations. However, attacks like this do not need to target the military directly to have huge effects.
If you are the leader of a developing nation like the DPRK or Iran, and perceive yourself to be under increasing threat from the U.S. and its allies, it makes sense to develop weapons like this as a threat, if not as a weapon or war. You may not be able to shut down the U.S. power grid, but you can threaten to steal billions of dollars, and for U.S. politicians worried about re-election this is a huge threat.
Developing these weapons necessarily involved testing them in the field, and WannaCry will not be the last to go through this process. In short, I expect to see many more “experimental” attacks in coming years.
Sam Bocetta is a defense contractor for the U.S. Navy, a defense analyst, and a freelance journalist. He specializes in finding radical — and often heretical — solutions to "impossible" ballistics problems. Through Lakeview Capital, he also cultivates funding for projects — usually naval, defense, and UAV startups. He writes about naval engineering, mechanical engineering, electrical engineering, marine ops, program management, defense contracting, export control, international commerce, patents, InfoSec, cryptography, cyberwarfare, and cyberdefense. To read more of his reports — Click Here Now.
© 2022 Newsmax. All rights reserved.