North Korea may have been behind the ransomware cyber-attack on the NHS and up to 100 countries including the UK, a former head of the US Department of Homeland Security has claimed.

Michael Chertoff, who served under George W Bush from 2005 to 2009, said that agents or allies of the Pyongyang regime were the most likely suspects for the hacking of the health service’s administration system in the UK and state infrastructures across the globe this month.



Chertoff, an expert in global cybercrime and terrorism, was speaking at an international conference on terrorism and security in the Slovak capital, Bratislava, this weekend. “The issue with North Korea is this – they don’t participate for the most part in the global financial/commercial system,” he told the Guardian.

“So how do they support their regime? Well they do that basically by committing crime on a global scale whether it’s smuggling counterfeit goods, drugs, human trafficking or theft, this is literally, practically a criminal state. And so it would not surprise me that they would attempt to make money by being engaging in ransomware and extortion.”

Cybersecurity experts have also linked North Korea to the hacks, with top firms Kaspersky and Symantec both saying that technical details in the WannaCry code resembled a previous hack that was linked to Pyongyang. Chertoff said it was “far more likely” that the North Koreans were involved in the ransomware attack than the Russians.

“I don’t think the Russians generally as a state are particularly in cyber-attacks to make money because they have their own economy. The North Koreans don’t really have much legitimate trade and so this is the kind of thing they would use.”



The co-author of the US Patriot Act, which was enacted to enhance security in the US after 9/11, said criminal groups operating online made themselves available to states such as North Korea. He pointed out that North Korean agents were accused of being behind the major online theft of millions of dollars from the Bank of Bangladesh about a year ago.

“I can’t tell you exactly about how they operated in relation to the British ransomware incident but, on past experience, there is something about the tools that were used that for me call it as a North Korean operation because, in the past, the North Koreans used the same kind of tools in other cyber-attacks.”



At the Globsec thinktank summit in Bratislava, Chertoff said it was inevitable that there would be further mass ransomware attacks on the UK and other western states. “You are going to see the scale and breadth of the attacks increasing. There is no question in my mind that they are going to increase.”

The hackers, he said, were beginning to attack devices that were online as part of the so-called Internet of Things, such as refrigerators and thermostats. “They attacked these things because they had minimal security behind them. They were easy targets. I think we may see more mass attacks of this kind.”



Chertoff added that while Isis and previously al-Qaida had limited the use of the internet to spreading propaganda, distributing execution videos and radicalising people online, he expected Islamist terror groups would be investigating if they could use cyber-attacks and online sabotage to disrupt states’ infrastructures.



“When the likes of Isis observes what happened to British Airways this weekend even due to a random thing like a power outage they must be saying to themselves, imagine the disruption or even destruction we could cause if we were able to launch cyber-attacks to bring down companies or even countries’ computer and data systems. I am sure they will try and it may be where the next form of warfare from them takes place.”