NSA, Homeland Security, FBI, CIA, and pretty much every other agency with a hand in cybersecurity has requested, then taken whatever authority it claims it needs to protect us all from cyber attacks. So when those same agencies tell us, North Korea was behind WannaCry, you wanna reply, “This is a joke, right?” Not a joke in the usual sense, where our government parents tell us something fictional to make us laugh. In fact, it’s a joke in the usual government sense, where our parents tell us something true to make us sick.
Why would an announcement like this one make us sick? Well, first of all, let’s assume it’s true. That means that not only were our vaunted secret agencies unable to predict or prevent the attack, they could not even figure out who did it for seven months! Or they figured it out months ago, and saved up the announcement for some opportune moment. Second, I was going to say, they will not tell us how the North Koreans did it, because everything they know is secret. I was going to say that, but then I remembered that the North Koreans mounted their attack successfully because someone stole the malware they used from the NSA and posted it online!
Apparently, to use cybersecurity language, the NSA hoards vulnerabilities. That means NSA experts figure out weaknesses or vulnerabilities in, say, Microsoft Windows, then develop hacking tools to exploit those weaknesses. Those tools might come in handy against one of America’s enemies someday: thus the hoarding. Then, as in Spy vs. Spy, your enemies hack your computers, steal your tools, and use them against you. That’s what happened with North Korea and WannaCry, except we don’t know if North Korea simply downloaded the malware directly from the hackers’ website, or managed to develop an especially virulent version of it in their own computer labs. It doesn’t actually matter, does it?
Did NSA and the U. S. government in general think we were all going to forget how North Korea found itself in possession of such a powerful weapon? Here are the opening sentences in today’s report about Washington’s accusations:
The Trump administration on Monday evening publicly acknowledged that North Korea was behind the WannaCry computer worm that affected more than 230,000 computers in over 150 countries earlier this year. As a result, the administration will be calling on “all responsible states” to counter North Korea’s ability to conduct cyberattacks and to implement all “relevant” United Nations Security Council sanctions, according to a U.S. official familiar with the matter. “The [WannaCry] attack was widespread and cost billions, and North Korea is directly responsible,” Thomas P. Bossert, Trump’s homeland security adviser, said in an op-ed published in the Wall Street Journal…
I like that, “all responsible states.” That’s like a bank with a broken safe telling its customers, after they’ve been robbed, “All responsible depositors must act together to counter the thieves’ ability to rob us again.” My goodness. The NSA can’t even protect its own hacking tools, then Homeland Security acts righteous and even troubled when our enemies attack us with them. The Trump administration “publicly acknowledged that North Korea was behind…” Is that government’s concession to their own shame and incompetence, that they acknowledged rather than accused? Or did the Washington Post just come up with that word because they felt slightly sympathetic toward Bossert and his crew?
Let’s overlook the likelihood that NSA discovered North Korea’s ability to exploit this Windows vulnerability not long after the WannaCry attack in May 2017. Let’s also overlook how convenient it is to bring this charge against Pyongyang now, when we have geared up government’s propaganda machine for aggressive action against Kim’s regime. Lastly, let’s forget how cynical this kind of behavior is, with its assumption that we don’t care that much whether or not NSA can hold onto its hacking tools. Let’s just look at this behavior plainly, as another instance where large organizations engage in misdirection, more commonly known in politics as big lies.
We used to think that big businesses and even bigger governments, as well as people with money and power, were competent – otherwise, how did they get to be big, rich, and able to get their way? We used to think intelligence, wealth and some weight in the world went together. Then we learned that idiots get rich, imbeciles become powerful, and bigness is no protection against stupidity, however cautious big institutions might be. NSA and Homeland Security have proven once again: secrecy and self-satisfied pride are proof against success. On the contrary, they nourish incompetence, and undermine even minimal standards of integrity. These jerks tell us now that North Korea hacked allies’ computer systems around the globe. Why don’t you tell us, honestly, how they managed to do it?
Our online sources tell us that Shadow Brokers downloaded NSA’s hacking tools in August 2016. Like most people who aren’t cybersecurity experts, I had to go back to May 2017 news and posts to recall what happened last spring. I googled ‘who disclosed NSA theft of hacking tools’, knowing that NSA would never confess to a disaster like that. Well, no one had to disclose it as such. The hackers who downloaded the tools from NSA’s computer system simply posted the tools at a hacking site!