The UK National Audit Office has today released a report into the Wannacry attack which affected the NHS (among others): https://www.nao.org.uk/report/investigation-wannacry-cyber-attack-and-the-nhs/ It's hugely disappointing - though perhaps unsurprising - in solely blaming the deficiencies of the NHS Trusts. The wider context of lack of accountability and jail time for management - including in the Trusts themselves, the private outsourcing companies, and in the government itself is perhaps expected. Nor is the context of decades of prioritising attack over defence by GCHQ, vulnerability hoarding, and now, spending yet more money on institutionalised cyber defence analyses - when the basic need is competent IT staff executing obvious security controls and decent Information security policies which would cost much less. PS - to add icing to the avoidance of responsibility, we now have the Home Office saying, trust us, it was North Korea, honestly.
Yeah well, the HO have to blame someone. The North Korean bogeyman is as good as any other. I must admit I haven't actually read the report, but I'd only expect it to be a whitewash, or at its best a piece of creative writing, although it doesn't sound like it's particularly imaginative in that respect. 'The first duty of the government is to keep citizens safe and the country secure. The Home Office has been at the front line of this endeavour since 1782. As such, the Home Office plays a fundamental role in the security and economic prosperity of the United Kingdom.' ~ Home Office - GOV.UK 'Intelligence is not to make no mistakes, but quickly to see how to make them good' ~ Bertolt Brecht
"North Korea denies 'wicked' British claims it was behind WannaCry ransomware attack and warns the accusation is 'beyond the limit of our tolerance'..." http://www.dailymail.co.uk/news/article-5034191/N-Korea-denies-involvement-WannaCry-cyberattack.html
Well, here's my take on this. I know how to create an app that would appear to have been created in any country you want to choose. The ways to do such things have been published years ago. It is about the compiler you use, the libraries you include and which language versions they are and where they came from. If I know that, you can be sure, so do the N.Koreans and every other nation state actor and probably most independent hacking groups. So, if a malware appears to be from a given country, it probably was, if it is just a virus some script kiddie was playing around with. If on the other hand, we are talking about complex malware that is obviously the work of a nation state or corporate entity, and it appears to be from a given country, common sense should say, as much as it could have come from that country, it is equally as likely it was designed to look that way to discredit that country's government and to hide its true place of origin.
Well, my take is that there are a lot of porkies on both sides. I mean, we're talking pork pie factory here. Of course, whether they're Home Office pork pies or North Korean pork pies is possibly the issue. In my experience, all governments tell porkies, for various reasons. It's the nature of governments. Unless you're partial to a pork pie or two washed down with a nice refreshing glass of Kool Aid of course. Some people swallow everything.
https://www.esecurityplanet.com/thr...D_20171101_STR1L1&dni=429770224&rni=411350013 "It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice," ~ op cit "There" said the mayor "that's that!" ~ Urban Hype, Trip to Trumpton
