U.S. Says Facebook, Microsoft Disabled North Korean Cyber Threats

WannaCry malware briefing at the White House in Washington
Tom Bossert, homeland security adviser to President Donald Trump, holds a press briefing to publicly blame North Korea for unleashing the so-called WannaCry cyber attack at the White House in Washington, U.S., December 19, 2017. REUTERS/Kevin Lamarque

By Dustin Volz

Facebook Inc and Microsoft Corp disabled a number of North Korean cyber threats last week, a White House official said on Tuesday, as the United States publicly blamed Pyongyang for a May cyber attack that crippled hospitals, banks and other companies

“Facebook took down accounts that stopped the operational execution of ongoing cyber attacks and Microsoft acted to patch existing attacks, not just the WannaCry attack initially,” White House homeland security adviser Tom Bossert said on Tuesday.

Bossert did not provide details on the actions by the two American tech heavyweights but said the U.S. government was calling on other companies to cooperate in cyber security defense.


WannaCry malware briefing at the White House in Washington
White House homeland security adviser Tom Bossert and Assistant Secretary at Homeland Security’s Office of Cybersecurity and Communications Jeanette Manfra hold a briefing publicly blaming North Korea for unleashing the so-called WannaCry cyber attack, at the White House in Washington, U.S., December 19, 2017. REUTERS/Kevin Lamarque


Bossert’s remarks came during a White House news conference in which he blamed Pyongyang for the WannaCry attack that infected hundreds of thousands of computers in more than 150 countries, saying the U.S. government had clear evidence that North Korea was responsible. He did not share that evidence.

The U.S. accusation came at a time of high tension with North Korea over its nuclear weapons and missile programs.

A Facebook (FB.O) spokesman confirmed that the company last week deleted accounts associated with a North Korea-linked hacking entity known as Lazarus Group “to make it harder for them to conduct their activities.” The accounts were mostly personal profiles operated as fake accounts that were used to build relationships with potential targets, the spokesman said.


Facebook said it also notified individuals in contact with these accounts

The actions echoed similar steps the social media powerhouse took this year against suspected Russian accounts that Facebook said were used to promote divisive political messages during the 2016 U.S. presidential election.



In a blog post, Microsoft (MSFT.O) President Brad Smith said the company last week disrupted malware that the Lazarus Group relied upon, cleaned customers’ infected computers and “disabled accounts being used to pursue cyber attacks.” Smith said the steps were taken after consultation with several governments, which he did not identify, but Microsoft’s decision was independent.

The WannaCry attack was “meant to cause havoc and destruction,” Bossert said. He conceded there was little the United States could do to exert further pressure on Pyongyang.


Illustration photo of binary code against a North Korean flag
Binary code is seen on a screen against a North Korean flag in this illustration photo November 1, 2017. REUTERS/Thomas White/Illustration


“We don’t have a lot of room left here to apply pressure to change their behavior,” Bossert said. “It’s nevertheless important to call them out, to let them know that it’s them and we know it’s them.”


Britain and several private sector security researchers previously concluded that North Korea was responsible for the attack. Bossert said other countries including Japan, Australia, New Zealand and Canada also agreed with the U.S. conclusion

A senior administration official told Reuters on Monday that U.S. intelligence agencies had a “very high level of confidence” that the Lazarus Group carried out the WannaCry attack. Classified sources and methods were used to make that determination, the official said.

Lazarus is widely believed by security researchers and U.S. officials to have been responsible for the 2014 hack of Sony Pictures Entertainment (6758.T) that destroyed files, leaked corporate communications online and led to the departure of several top executives.



North Korean government representatives could not be reached immediately for comment. Pyongyang has denied responsibility for WannaCry and called other allegations that it launched cyber attacks a smear campaign.

The United States did not issue any indictments or name individuals believed to be involved in the attacks.

Worries are mounting in Washington about North Korea’s hacking capabilities and its weapons programs. North Korea this month said it had successfully tested an intercontinental ballistic missile that could place the entire U.S. mainland within range of its nuclear weapons.


Keep  reading…