US and UK condemn Russia for NotPetya worm attack

When it comes to pointing the finger for last year’s historically-disruptive NotPetya cyberattack, nobody could accuse the US and UK of dodging the issue.

First the UK, and then the US, named their chief suspect – Russia – in near-synchronised statements that set out to dissolve the secrecy and confusion that cloaks many cyber-incidents.

UK Defence Secretary Gavin Williamson said at the time:

Russia is ripping up the rule book by undermining democracy, wrecking livelihoods by targeting critical infrastructure, and weaponising information.

Which echoed White House Press Secretary Sarah Sanders:

This was also a reckless and indiscriminate cyberattack that will be met with international consequences.

In a possible first, the three other members of the Five Eyes intelligence alliance – Australia, Canada and New Zealand – also put out statements blaming Russia too.

We’ve heard US-led condemnations before. Examples include that Russia hacked the Democratic National Committee in 2016, that North Korea was behind WannaCry and, further back in time, a lot of fuss about China’s APTs stealing intellectual property from US companies.

The problem is accusations only get you so far: no technical evidence against Russia has been offered beyond noting that NotPetya appeared to have been aimed at arch-Russian foe, Ukraine.

Inevitably – whether Russia was behind the attack or not – it can dismiss the accusation as “Russiaphobia” in a way that makes that defence sound plausible.

To onlookers, a cyberattack that happened over six months ago (and whose central software exploit has been patched) will sound like old news. Cyberattacks are a regular occurrence after all.

That would be to underestimate NotPetya’s deeper significance, which was unlike any other cyberattack yet recorded, bar perhaps the WannaCry attack which preceded it by mere weeks.

NotPetya should be the last attack the US would want to remind the world of given that it exploited the EternalBlue Windows SMB vulnerability leaked to The Shadow Brokers hacking group from none other than the US National Security Agency (NSA) itself.

In other words, the US and the world had been attacked using its own cyberweapons loaded with a home-made exploit, which is as embarrassing as cyberwar gets.

The US and its allies probably calculate they have little to lose by warning alleged perpetrator Russia about its conduct after the event.

But it seems only fair to point out that had the NSA secured its cyberweapons more competently, the attacks would not have been possible.