Govt should come up with national cyber security law

Govt should come up with national cyber security law

A researcher from South Korea's Hauri Labs said on Tuesday their own findings matched those of Symantec and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation, Reuters reported.

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington, said US investigators are collecting forensic information - such as internet addresses, samples of malware or information the culprits might have inadvertently left on computers - that could be matched with the handiwork of known hackers.

The United States would consider talks with North Korea if it halts all nuclear and ballistic missile tests, Washington's envoy to the United Nations said Tuesday as the UN Security Council weighed new sanctions on Pyongyang.

Security researchers say China's fondness for pirated software left it especially vulnerable to the latest global cyberattack.

WannaCry uses two exploits, both believed to have been created by the National Security Agency, to encrypt data on infected machines and "ransom" it back to the machines' owners. They pointed to how easy it was to stop and how little money it has collected so far - a little over $50,000, a relatively paltry amount for an attack so large.

The idea that North Korea could be behind the attack is not a reach. "We don't have it done yet", Haley said.

The potential link was highlighted on Monday by a researcher from Google who posted a message on Twitter showing a sample of the WannaCry malware that appeared online in February.

He said, "It is similar to North Korea's backdoor malicious codes".

"Our job is to make sure we're set up as well as possible to be able to deal with such attacks", he said.

The Lazarus hackers have however been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cybersecurity firms.

Security experts are examining a potential link in the computer code behind the global attack with earlier ones that could suggest North Korea was responsible. The United States accused it of being behind a cyber attack on Sony Pictures in 2014.

Asked whether North Korea's missile program was developing faster than expected, he said: "Yes".

The North Korean mission to the United Nations could not be reached for comment, while the Federal Bureau of Investigation declined to comment. It did not name any of the entities.

More than 200,000 computers were crippled worldwide, the paper said, citing the European Police Office.

So investigators can follow the transactions until an anonymous account matches with a real person, said Steve Grobman, chief technology officer with the California security company McAfee. Taiwan Power Co. said that almost 800 of its computers were affected, although these were used for administration, not for systems involved in electricity generation.