U.S. says Facebook, Microsoft disabled North Korean cyber threats

This post was originally published on this site

WASHINGTON (Reuters) – Facebook Inc and Microsoft Corp acted last week to disable a number of potential North Korean cyber threats, a senior White House official said, as the United States publicly blamed Pyongyang for a May cyber attack that crippled hospitals, banks and other companies.

“Facebook took down accounts and stopped the operational execution of ongoing cyber attacks and Microsoft acted to patch existing attacks, not just the WannaCry attack initially,” White House homeland security adviser Tom Bossert said on Tuesday.

Bossert did not provide details on the actions but said the U.S. government was calling on other companies to cooperate in cyber security defense.

Bossert said at a White House news conference that Pyongyang was responsible for the WannaCry cyber weapon launched in May. The attack was “meant to cause havoc and destruction,” Bossert said, while conceding there was little the United States could do to exert further pressure on Pyongyang.

“We don’t have a lot of room left here to apply pressure to change their behavior,” Bossert said. “It’s nevertheless important to call them out, to let them know that it’s them and we know it’s them.”

Bossert said the U.S. government had clear evidence that North Korea was responsible for the attack, though he did not give details.

A senior administration official told Reuters on Monday that U.S. intelligence agencies had a “very high level of confidence” that a hacking entity known as Lazarus Group, which works on behalf of the North Korean government, carried out the WannaCry attack. Classified sources and methods were used to make that determination, the official said.

Lazarus is widely believed by security researchers and U.S. officials to have been responsible for the 2014 hack of Sony Pictures Entertainment (6758.T) that destroyed files, leaked corporate communications online and led to the departure of several top executives.

A Facebook (FB.O) spokesman said on Tuesday the company last week deleted accounts associated with Lazarus “to make it harder for them to conduct their activities.”

Facebook said it also notified individuals in contact with these accounts and suggested enhanced account security.

Microsoft (MSFT.O) did not immediately comment on Bossert’s assertions.

North Korean government representatives could not be reached immediately for comment. Pyongyang has repeatedly denied responsibility for WannaCry and called other allegations that it launched cyber attacks a smear campaign.

Aside from a public condemnation, the United States did not issue any indictments or name individuals believed to be involved in the attacks.

The accusations came as worries mount about North Korea’s hacking capabilities and its nuclear weapons program.