Formally announcing for the first time that North Korea was behind a ransomware attack that briefly crippled computers around the world, White House Homeland Security Adviser Tom Bossert also praised the man who stopped it.
Marcus Hutchins, however, will still stand trial on unrelated hacking charges.
Hutchins, now 23, won international praise in May after he analyzed the code behind the ransomware, called WannaCry, realizing that it had a built-in URL for an unregistered website. Curious, Hutchins registered that URL, activating a kill switch that stopped the virus from spreading. Three months later, the FBI arrested him in Las Vegas’s McCarran airport, accusing him of helping in 2014 to create and distribute a little-used malware, nicknamed Kronos, that could steal banking credentials.
“I will note that to some degree we got lucky. In a lot of ways in the United States we were well prepared,” Bossert said at a White House news conference Tuesday. “But we also had a programmer that was sophisticated, that noticed a glitch in the malware, a kill switch and then acted to kill it.”
Bossert added, “He took a risk but it worked, it caused a lot of benefit. So we’ll give him that. Next time we’re not gonna get so lucky.”
Bossert, however, declined to comment on the criminal proceedings against Hutchins, who has pleaded not guilty to the six charges against him and is still waiting for a trial date. Forbidden to leave the country, Hutchins currently resides in Los Angeles, where he still blogs about cybersecurity research. In October, a judge allowed him to forgo an ankle monitor, allowing him to surf.
Bossert’s comments, both on Tuesday and in a column published in the Wall Street Journal, came on the heels of President Donald Trump announcing his new national security strategy and claiming that “we have united our allies in an unprecedented effort to isolate North Korea.”
The United Kingdom and Microsoft previously had attributed WannaCry to the North Korean government, and most of Bossert’s comments aligned with those claims. But unlike more conventional ransomware, which removes itself from a computer once a payment is made, WannaCry did not — evidence, Bossert said, that North Korea created the malware simply to sow chaos.
Canada’s Communications Security Establishment, the country’s counterpart to the US’s National Security Agency, released a statement confirming the US’s analysis on Monday.
Hutchins’ lawyer didn’t respond to a request for comment, but Hutchins himself tweeted an unease that he'd gotten entangled with a nation-state hacking operation.
Kevin Collier is a cybersecurity correspondent for BuzzFeed News and is based in New York.
Contact Kevin Collier at firstname.lastname@example.org.
Got a confidential tip? Submit it here.