VessOnSecurity@malwaretech @mttaggart Maybe but the official narrative is still "North Korea unleashed WannaCry" and "NotPetya was the work of the Russian intelligence agencies".
Neither of which is true or, more exactly, the truth is much more nuanced than this.
The WannaCry case was pretty close to the hypothetical scenario I described (except some British security researcher prevented it from causing major damage to the USA 😀 ) and NotPetya was the Russian intel agencies giving the tools and access to some retarded cyber criminals, along with the general direction to "cause grief to Ukraine" and then not bothering to supervise the operation because, hey, it's the Russians we're talking about.
Maybe someone with better access to classified info in the US intel community does know better (e.g., they were careful enough to say that "the Russian intel agencies are *responsible* for NotPetya" - which is true - and not that they actually did it) but they never bothered to correct the official narrative, so we don't know for sure that this is the case.
Mistakes are very easy to make in this area and I dread to think what the results will be if the generals' first thought is to look for the "nuke 'em" button every time somebody port scans their secretary's PC...
All GNU social JP content and data are available under the