North Korea will continue to hack the US - and there's nothing Trump can do about it
WannaCry cyberattack infected hundreds of thousands of computers globally.
The Trump administration has vowed that North Korea would be held accountable for a May cyberattack that affected 150 countries but did not say how, highlighting the difficulty of punishing a pariah nation already sanctioned to the hilt for its nuclear weapons programme.
The WannaCry ransomware attack infected hundreds of thousands of computers worldwide and crippled parts of the NHS in the UK. It was the highest-profile cyberattack North Korea has been blamed for since the 2014 hack of Sony Pictures after the studio produced The Interview, a satirical movie imagining a CIA plot to kill leader Kim Jong-un.
While that attack led to leaks of confidential data from the movie studio and emails that embarrassed Sony talent, the implications of the WannaCry intrusion were altogether more serious. Homeland security adviser Tom Bossert said it was "a reckless attack and it was meant to cause havoc and destruction".
He said it put lives at risk in British hospitals. Other experts say the attack was more likely an attempt by Kim's cash-strapped government to extract money.
Last year, the same hacking group was suspected in a malware attack that penetrated the Bangladesh Central Bank's computer system and stole $81m (£60.5m).
Whatever the motivation, the public declaration of blame by Washington reflects growing concern over North Korea's cyber capabilities that appear all the more threatening because of Pyongyang's scant regard for international norms.
North Korea is the only country to test nuclear weapons this century and is closing in on developing a missile that could strike anywhere on the US mainland.
Under Trump, the US has piled on economic sanctions against North Korea, both on its own and with wide international support.
"President Trump has used just about every lever you can use, short of starving the people of North Korea to death, to change their behaviour," Bossert told reporters at the White House on Tuesday (19 December). "We don't have a lot of room left here to apply pressure."
In a sign of continuing malevolent online activity, Microsoft and Facebook said on Tuesday that they worked together last week to help disable hackers tied to the same hacking group that was behind WannaCry.
Secretary of State Rex Tillerson said that the pressure on Pyongyang "will be intensified as time goes by". Experts say North Korea's access to hard cash could be further hurt by more targeting of Chinese intermediary banks and companies but US options for punishing steps are limited.
"Sanctions on North Korea really aren't going to change its behaviour," said James Lewis, a technology and intelligence expert at the Centre for Strategic and International Studies, who proposes not just targeting North Korea's revenue sources but also its government's own limited access to the internet. "Sending a carrier battle group off North Korea won't get them to stop hacking."
In January 2015, then US president Barack Obama responded to the Sony cyberattack by imposing sanctions on North Korea's primary intelligence agency and a state corporation involved in ballistic missiles and arms trading, as well as on officials who worked for it.
He also warned of further unidentified actions that would take place "at a time and manner of our choosing". If any further action were taken, it was never made public.
While experts say North Korea lacks the elite capabilities of Russia or China, it has honed its cyber skills and has been accused of increasingly serious attacks.
South Korea, which said in 2015 that North Korea had a 6,000-member cyberarmy, says the North was suspected of hacking a South Korean military data centre. Last year, the North was also accused of hacking the personal data of more than 10 million users of an online shopping site and dozens of email accounts used by government officials and journalists.
It is also suspected of targeting South Korean banks and the operator of the nation's nuclear power plants.
"Their technical abilities are not the best out there but they are plenty good enough to find a weak point and take advantage of it," said Benjamin Read, manager for cyberespionage analysis at online security provider FireEye.
FireEye says that in September it detected and stopped spear phishing emails sent to US electric companies by a group affiliated with the North Korean government, though it did not observe the use of any method designed to compromise power supply. They also believe that North Korean hackers are targeting bitcoin exchanges to supplement the government's income.
Bossert said Microsoft and foreign governments, including the UK, Australia, Canada, New Zealand and Japan, confirmed the US finding of responsibility for WannaCry. He said the US seeks to partner with other nations and the private sector to prevent future attacks.
While WannaCry raised relatively little money for its perpetrators — few paid up after it proved that paying the ransom did not unlock affected computers — its impact was vast.
Government offices in Russia, Spain and other countries were disrupted, as were Asian universities, Germany's national railway ,and global companies such as car manufacturers Nissan and Renault.
British hacker Marcus Hutchins disarmed the attack by identifying a "kill switch" in the code. In a twist, the FBI arrested Hutchins months later during a visit to the US; he pleaded not guilty and awaits trial on charges he created unrelated forms of malware.