No. 2 FBI Cyber Division Official: Questions Remain About WannaCry Motives
The 2017 WannaCry ransomware attack might have been a premature attempt by North Korea to exploit an underdeveloped cyber tool, said FBI Cyber Division Deputy Assistant Director Tonya Ugoretz Wednesday. There was financial motivation, but the ransomware didn’t allow attackers to collect any ransom, she said at an Aspen Institute event.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
“Honestly, the government still doesn’t quite know what the impetus behind that was,” the official said. “Clearly, ransomware we might assume that was intended to have some sort of financial benefit, but it was not engineered in a way where victims could actually pay the ransom, so maybe it was a tool that got out of control prematurely.” One North Korean was charged for his involvement in the cyberattack (see 1712190043 and 1809060044).
Asked after her appearance what intelligence agencies are doing to learn more about North Korea’s motivations, she told reporters: “I think we’re always looking to gather more intelligence and increase our understanding of adversaries’ calculations behind activity, but I can’t point to anything specific.”
Cyberattacks are a means of making money, whether that’s through cryptocurrency, mining or bank theft, Ugoretz said. There’s not one particular threat agencies are closely monitoring, but the Office of the Director of National Intelligence is trying to better understand cryptocurrency and ways to stop related malicious activity, said Cyber Threat Intelligence Integration Center Director Erin Joe. Cryptocurrency, “a relatively new thing,” is getting a lot of focus from the agency, Joe said.
Nearly every American has been digitally victimized, Ugoretz said, citing breaches that hit Equifax, the Office of Personnel Management and a long list of other entities. The FBI believes attribution, holding attackers accountable, is critically important, she said. Year after year, the top four bad actors are consistently North Korea, China, Russia and Iran, she added.
There’s no evidence state actors are deterred when named in criminal complaints or indictments, argued Georgia Institute of Technology professor Milton Mueller. The U.S. is still in the “early days” of judging the impact of publicly naming state actors, Ugoretz said. She told reporters the true assessment will come in the long term.
The private sector plays a critical role in ensuring intelligence agencies have the best information for investigations, Joe said. For instance, ISPs and “network defenders” have better information on internet activity than intelligence officials, she said. Mueller agreed industry is in the best position, as ISPs examine data in real-time. About 80 percent of cyberthreats are initially intercepted by ISPs, Mueller said. “The government doesn’t have a monopoly on intelligence of cyber activity,” Ugoretz said.