On December 19, in a Wall Street Journal editorial that drew much attention, Homeland Security Advisor Tom Bossert asserted that North Korea was “directly responsible” for the WannaCry cyberattack that struck more than 300,000 computers worldwide. The virus encrypted files on infected computers and demanded payment in return for supposedly providing a decryption key to allow users to regain access to locked files. Bossert charged that North Korea was “using cyberattacks to fund its reckless behavior and cause disruption across the world.”
At a press conference on the same day, Bossert announced that the attribution was made “with evidence,” and that WannaCry “was directed by the government of North Korea,” and carried out by “actors on their behalf, intermediaries.” The evidence that led the U.S. to that conclusion? Bossert was not saying, perhaps recalling the ridicule that greeted the FBI and Department of Homeland Security’s misbegotten report on the hacking of the Democratic National Committee.