The NSA says North Korea is behind the WannaCry cyberattack. Here's everything you need to know.


North Korea is probably behind last month's WannaCry cyberattack, according to the National Security Agency.

The NSA issued an internal assessment last week saying they have "moderate confidence" that the hack came from North Korea's Reconnaissance General Bureau — a tip that the Washington Post first reported. The Reconnaissance General Bureau is a government spy agency that unleashed the nasty, yet somewhat amateur virus that managed to successfully prey on 300,000 people across 150 countries. It appears that the government hackers were after bitcoins, a valuable form of digital currency, though they weren't very successful in getting them.

This isn't the first time North Korea allegedly hacked foreign computers

According to one expert, it's a big deal in the sense that the world has an isolated, arguably unpredictable nation cashing in on illegal activities to fund their regime. But other than that, North Korea's hacking is really not worth losing sleep over for most Americans.

"It would be nice if it stopped — the crime supports things we don't really like — but no, it's not an immediate threat," James Lewis, a senior fellow researching tech and national security at the Center for Strategic and International Studies, said. "I wouldn't make any movies about Kim. But if you can avoid that temptation, you're probably not at very much risk."

He's referring to the 2014 Sony Pictures hack, when North Korea (as far as intelligence officials can tell) leaked employee and film data from Sony Pictures. It was around the time that The Interview, a film that mocked North Korean leader Kim Jong Un, was set to debut.

Marcus Ingram/Getty Images

That incident wasn't necessarily for money, but North Korea has been hacking for cash since at least 2009, Lewis said. Famous incidents include U.S. and South Korean website outages in July 2011 and a 2013 attack on a South Korean bank and three South Korean TV stations.

Then in 2016, North Korean hackers funneled $81 million from Bangladesh's central bank to the North Korea. But to put that in perspective, that's less than 10% of the amount they were trying to steal.

"They're just sloppy. They make mistakes that are pretty basic," Lewis said. "Some of these targets are not well-defended, so the North Koreans don't even have to be that good. If we look at the banks they hack, it's like the central bank of Bangladesh and Ecuador and the Philippines. They aren't hitting A-level targets."

What WannaCry may have accomplished for North Korea

The WannaCry hackers essentially tried to extort money out of its victims, conjuring a quintessential alarmist popup splashed in bright, emergency shades of red. Though the popup starts with a cute, "Ooops, your files have been encrypted!" it ultimately gave a users a time-ticking countdown that threatened to wipe files if they didn't pay $300 in bitcoins, a tactic called "ransomware."

Realizing the vulnerability of an attack, Microsoft released a patch nearly two months before the hack. That means that computer users who didn't download the patch — or who couldn't access it because they were using pirated Microsoft software — were the potential victims. Russia and China, where pirated Windows software is rampant, were most affected. But at least 16 hospitals were also among the victims, effectively shutting down work as medical workers were prompted to pay up their $300 in bitcoins.

"In the U.K., it was just negligence — they didn't patch their systems," Lewis said. "They were asleep at the switch."

The hackers only raised about $140,000 in bitcoin, according to the Washington Post, and it hasn't actually cashed in yet. A security researcher was also able to temporarily stop WannaCry, freeing up users' computers once again, but mutations have since been made to creep up on those who haven't updated their systems.

"There's not a lot you can do about it"

Some believe that North Korea's alleged hacking attacks are more about sustaining the regime than sending any acute political message to other countries. "Sloppy" hacking is what ultimately indicated to NSA that North Korea is likely behind the attack. It's not as if the nation claimed responsibility proudly.

"Kim uses this money to pay off people in the regime — to keep them loyal. You get a BMW, you get an iPhone, you get cognac, or you get some luxury goods from the west. Or you get money."

"I think this is the way North Koreans are going to act until we figure out some way to stop them," Lewis said. "They rely on a criminal network for hard currency."

The North Korean government is a totalitarian dictatorship currently led by Kim Jong Un, who has no problem deploying extreme human rights abuses — including public executions and political prisoner camps — to keep citizens in line. But in the highest levels of government, senior officials need to be kept pampered, Lewis said. That's why the regime has its hands in hacking, smuggling arms, gambling and other dodgy business. The Korea Institute of Liberal Democracy, for example, estimated that the North Korea makes about $864 million annually "through illicit activities in cyberspace."

STR/Getty Images

"Kim uses this money to pay off people in the regime — to keep them loyal," Lewis said. "You get a BMW, you get an iPhone, you get cognac or you get some luxury goods from the west. Or you get money. There's not a whole lot you can do about it."

Yet in the world of hackers, the U.S. has other nations to worry about. As Lewis put it, "Russia, their cybercriminals are the best in the world. They love money and now they love to have a political effect."