US short of options to punish N. Korea for May cyberattack

Associated Press

WASHINGTON

The Trump administration vowed Tuesday that North Korea would be held accountable for a May cyberattack that affected 150 countries, but it didn’t say how, highlighting the difficulty of punishing a pariah nation already sanctioned to the hilt for its nuclear weapons program.

The WannaCry ransomware attack infected hundreds of thousands of computers worldwide and crippled parts of Britain’s National Health Service. It was the highest-profile cyberattack North Korea has been blamed for since the 2014 hack of Sony Pictures after it produced “The Interview,” a satirical movie imagining a CIA plot to kill leader Kim Jong Un.

While that attack led to leaks of confidential data from the movie studio and emails that embarrassed Sony talent, the impli- cations of the WannaCry intrusion were altogether more serious. Homeland security adviser Tom Bossert said it was “a reckless attack, and it was meant to cause havoc and destruction.” He said it put lives at risk in British hospitals.

Other experts say the attack was more likely an attempt by Kim’s cash-strapped government to extract money. Last year, the same hacking group was suspected in a malware attack that penetrated the Bangladesh Central Bank’s computer system, stealing $81 million.

Whatever the motivation, the public declaration of blame by Washington reflects growing concern over North Korea’s cyber capabilities that appear all the more threatening because of Pyongyang’s scant regard for international norms. In defiance of world opinion, North Korea is the only country to test nuclear weapons this century and is closing in on a missile that could strike anywhere on U.S. mainland.

“President Trump has used just about every lever you can use, short of starving the people of North Korea to death, to change their behavior,” Bossert told reporters at the White House. “And so we don’t have a lot of room left here to apply pressure to change their behavior.”

In a sign of continuing malevolent online activity, Microsoft and Facebook said Tuesday that they worked together last week to help disable hackers tied to the same hacking group that was behind WannaCry.