White House: Facebook, Microsoft helped stop North Korea hackers

The two tech titans played an important role in countering attacks like WannaCry, the US government says.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
3 min read
Homeland Security Adviser Tom Bossert Holds White House Briefing On N. Korea

Tom Bossert, White House homeland security adviser, commended Facebook and Microsoft for helping stop North Korean hackers.

Mark Wilson / Getty Images

It's not just the US government staring down North Korea. Facebook and Microsoft are helping on the hacking front.

On Tuesday, the White House commended the two companies, and others as well, for shutting down North Korean hacking operations during the last week.

The revelation came during a press conference in which Tom Bossert, homeland security adviser to President Trump, accused North Korea of masterminding the WannaCry ransomware attack earlier this year. US officials said WannaCry, which locked up hundreds of thousands of Windows computers across more than 150 countries, was designed to cause chaos rather than to make money as ransomware generally is intended to do.

Microsoft, the maker of the Windows software, found evidence of North Korea's role by tracing the attacks and sending its analysis to the government, Bossert said.

Both Microsoft and Facebook acted on their own last week to continue the fight against North Korean hackers, he added.

"Facebook took down accounts that stopped the operational execution of ongoing cyberattacks," Bossert said. "Microsoft acted to patch existing attacks, not just the WannaCry attack."

After being largely an afterthought for years, cybersecurity in 2017 has finally forced its way into the national conversation, thanks to significant attacks that affected personal finances, home devices and the political scene. Researchers have long warned about the threat from hackers but often had a difficult time getting the public to pay attention.

North Korea, meanwhile, is no stranger to accusations of cyberwarfare. The US government has concluded that the country was behind the breach of Sony Pictures' networks in 2014, which resulted in the theft of Social Security numbers for 47,000 employees and leak of embarrassing internal documents and emails.

But the defenses are taking shape. Facebook, for instance, has banned multiple accounts used to coordinate and carry out North Korea's attacks, Bossert said.

"Last week, Facebook, Microsoft and other members of the security community took joint action to disrupt the activities of a persistent, advanced threat group commonly referred to as ZINC, or the Lazarus Group," a Facebook spokesman said in a statement. 

Facebook said it also notified people who might have been compromised by North Korean hackers and gave suggestions on how to make sure their accounts are secure. The social network said it sought to delete accounts to make it harder for North Korean hackers to operate.

In a blog post, Brad Smith, Microsoft's chief legal officer, said the company strengthened "Windows defenses to prevent reinfection" and also cleaned up infected computers hit by North Korean hackers. 

"Today's announcement represents an important step in government and private sector action to make the internet safer," Smith said. 

The effort by the two tech giants prompted the White House to ask that all private companies help out in protecting the US cybersecurity, which the Trump administration on Monday highlighted as a national defense priority.   

Jeanette Manfra, the assistant Homeland Security secretary for cybersecurity and communications, warned that attacks are becoming much more sophisticated and that governments will have to work with the private sector.

She called the WannaCry attack a "defining moment and an inspiring one," because it prompted so many companies to work with the government to stop the attack from spreading.

"We make it way too easy for attackers by operating independently. Our adversaries are not distinguishing between public and private, and neither should we," Manfra said. "We cannot secure our homeland alone. A company can't single-handedly defend itself against a nation-state attack."

First published Dec. 19, 8:36 a.m. PT
Update, 9:05 a.m.: Adds information from Microsoft blog post.

Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.