N. Korea stole cyber tools from NSA, carried out WannaCry ransomware attack – Microsoft chief

Microsoft President Brad Smith told ITV that he believed “with great confidence” that North Korea was behind the worldwide WannaCry cyberattack. 

READ MORE: WannaCry hackers have not withdrawn any ransom bitcoin, surveillance shows

“I think at this point that all observers in the know have concluded that WannaCry was caused by North Korea using cyber tools or weapons that were stolen from the National Security Agency in the United States,” Smith said. 

According to Smith, over the last six months the world has “seen threats come to life… in new and more serious way.”

“We need governments to come together as they did in Geneva in 1949 and adopt a new digital Geneva Convention that makes clear that these cyber-attacks against civilians, especially in times of peace, are off-limits and a violation of international law,” he added.

There has been speculation that North Korea may have played a significant role in the WannaCry ransomware attack in May. Shortly after the hack, Neel Mehta, a prominent Google security researcher, revealed a resemblance between the code used in what is said to be an early version of WannaCry ransomware, and that in a hacker tool attributed to the notorious Lazarus Group in a Twitter post.

Russian cyber security firm Kaspersky Lab explained in a blog post that Mehta drew parallels between “a WannaCry cryptor sample from February 2017” and “a Lazarus APT [Advanced Persistent Threat] group sample from February 2015.”

The Lazarus Group is believed to be behind high-profile hacking attacks on SWIFT servers of banks, including an attempt to steal $851 million from Bangladesh Central Bank in February 2016.

However, Kaspersky researches said that the apparent use by the WannaCry attackers of similar code is not enough to come to definitive conclusions about its origin, as there is the possibility of it being a false flag operation.

READ MORE: Putin: Malware created by intelligence services can backfire on its creators

“Attribution can always be faked, as it’s only a matter of moving bytes around,” another renowned researcher, Matthieu Suiche from Comae Technologies, said at that time, as cited by Cyberscoop. 

In May, a South Korean government-commissioned report produced by the Financial Security Institute (FSI) said that North Korea was responsible for the attack on Sony’s entertainment business in 2014, which erased vast amounts of data while disseminating emails and personal data of employees, in addition to leaking pirated copies of upcoming film releases.

Source Article from https://www.rt.com/news/406680-microsoft-nkorea-hack-wannacry/?utm_source=rss&utm_medium=rss&utm_campaign=RSS

Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con

Marcus Hutchins, AKA MalwareTech, previously registered a specific domain included in the ransomware’s code, which stopped the malware from spreading.

On Wednesday, US authorities detained a researcher who goes by the handle MalwareTech, best known for stopping the spread of the WannaCry ransomware virus.

In May, WannaCry infected hospitals in the UK, a Spanish telecommunications company, and other targets in Russia, Turkey, Germany, Vietnam, and more. Marcus Hutchins, a researcher from cybersecurity firm Kryptos Logic, inadvertently stopped WannaCry in its tracks by registering a specific website domain included in the malware’s code.

Hutchins was arrested for allegedly creating the Kronos banking malware.

Motherboard verified that a detainee called Marcus Hutchins, 23, was being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend.

The friend told Motherboard they “tried to visit him as soon as the detention centre opened but he had already been transferred out.” Motherboard granted the source anonymity due to privacy concerns.

“I’ve spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken,” the person added. “We still don’t know why Marcus has been arrested and now we have no idea where in the US he’s been taken to and we’re extremely concerned for his welfare.”

READ MORE: Hackers Behind WannaCry Cashed Out Bitcoin While No One Was Watching

A US Marshals spokesperson told Motherboard in an email, “my colleague in Las Vegas says this was an FBI arrest. Mr. Hutchins is not in U.S. Marshals custody.”

Source Article from https://www.freedomsphoenix.com/News/222839-2017-08-04-researcher-who-stopped-wannacry-ransomware-detained-in-us-after-def.htm?EdNo=001&From=RSS

WannaCry researcher arrest sends chills through the cybersecurity community


The Wednesday arrest of cybersecurity researcher Marcus Hutchins is sending chills through the cyber community.

“It’s unclear if the Department of Justice knows what it just did with its handling of this indictment,” said Tor Ekeland, a lawyer who specializes in computer crimes.

Researchers across the country have expressed fear and confusion after the Nevada arrest of the United Kingdom-based Hutchins. The details of why he was arrested are still murky.

Hutchins rose to international celebrity by discovering a “kill switch” in the WannaCry malware, cutting off the spread of the ransomware attack before it reached its full potential.

Hutchins is now facing charges over allegedly helping write and aide in the distribution of the Kronos banking malware in 2014. Kronos steals login information when infected systems conduct online banking.

He was arrested during a trip to Las Vegas that corresponded with a series of cybersecurity conferences he did not attend, but used as an opportunity to see far flung friends within the security industry.

Despite Hutchins’s prominence in the field, the Justice Department did not announce his arrest until a full day later. As friends, fans and media pieced together that he had been arrested, speculation ran wild as to the reasoning behind it.

The issue, say lawyers and researchers following the case, is not a matter of Hutchins’s guilt or innocence. Rather, it’s the rollout of an indictment they say is short on facts, was aggressive in its application of computer law and ultimately left researchers confused over whether standard research practices are now being treated as prosecutable offenses.

“We did a lot of work on WannaCry, too,” said Jake Williams, founder of Rendition Infosec. “I had folks afraid that their own involvement in investigating WannaCry would get them arrested.”

It took until late afternoon Thursday for the DOJ to release a press release and the indictment of Hutchins.

The DOJ releases sparked more questions from researchers. The documents were extremely light on evidence or even a complete description of what Hutchins is alleged of doing, but appear to be based on an extremely aggressive interpretation of computer laws.

That may be a DOJ strategy to not tip its hand before an interrogation, said Ekeland. But without evidence or information, he said many of the charges seem a stretch.

The indictment does not say Hutchins designed Kronos to be sold, knew about the sale or was at all aware his work was being used maliciously. Security researchers are worried that the malicious code might have been taken from Hutchins’s research or provided in good faith that he was helping other researchers. Both are common in the security community in its efforts to identify, prevent and test for potential new threats.

“At the time they allege he was committing the crime, he gave a presentation on [malware known as] bootkits,” said Williams. “Until all the cards are on the table, our team will be more careful about any research we publish.”

Those concerns echoed throughout the security community, which worries that any research or security tools that are produced can be reengineered into use in malware.

“As a writer of code sometimes used in viruses, this worries me. People often ask me to add features [to my code], which I do willingly. They may be intending to use these features for crime, but it’s hard for me to know that,” wrote Errata Security’s Rob Graham over two Thursday tweets.

Ekeland and other lawyers, including Orin Kerr in his Washington Post Blog, considered the indictment to push a number of legal boundaries.

Charges Hutchins violated computer trespass laws hinge on demonstrating that he not only wrote the malware, but sold it intending to damage a victim’s computers

“It’s not obvious that Hutchins and [his alleged conspirator] cared what the buyer did with the malware afterward, so long as they paid,” wrote Kerr.

With a researcher who has garnered international press, said Ekeland, the DOJ needed to be as clear as possible in its indictment about what happened, something he says the DOJ fell short on.

“If they have other facts, they should have included them.”

Until those facts surface, Williams believes the DOJ’s actions will prevent U.S. researchers from publicly identifying threats and prevent international researchers from sharing information with American ones.

“Bringing researchers into the U.S. will be more difficult,” he said. “The DOJ really blew it.”

Source Article from https://www.sott.net/article/358407-WannaCry-researcher-arrest-sends-chills-through-the-cybersecurity-community