Posts

After Trump Spent Four Years Inviting Russia to Hack the US, Russia Allegedly Did Just That

Yesterday, Reuters revealed that the same vulnerability used to steal FireEye’s Red Team tools was also used to spy on Treasury and Commerce’s National Telecommunications and Information Administration, which administers the Internet. Then WaPo revealed that Russia’s APT 29 hacking group is believed to be behind the compromise. Multiple outlets — including FireEye itself — revealed that the hack had used a vulnerability in SolarWinds IT monitoring software identified in the spring. FireEye explains the hack has targeted, “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” (presumably reflecting what they’ve seen in their clients as they respond to their own compromise). And CISA issued an emergency directive aiming to stem the damage in agencies beyond just Treasury and NTIA (among SolarWinds’ other US government clients are DOJ and two nuclear labs, as well as Booz Allen, which might as well be US government). Later today, Reuters confirmed that DHS had also been targeted. State, NIH, and parts of the Pentagon have also been targeted.

Let me make clear before I start that thus far, this is nation-state spying, without the kind of sabotage we’ve seen from Russia in the past (if it is indeed Russia). Russia would do what they did with this vulnerability with or without Trump in office (indeed, I have a suspicion their overt hacks of the US will go up under President Biden, mostly because Trump didn’t need any help damaging the US government). While the full scope of the victims is not yet known, it’s quite clear that hackers targeted a slew of entities, governmental and not, with this campaign. So having Trump in office in no way created this campaign nor chose the target.

Nevertheless, it is the case that the President of the United States, as a policy matter, has gone to great lengths to make it easier for Russia to minimize the costs of hacking the US.

Almost four years ago, Mike Flynn called up the Russian Ambassador and asked him not to box the Trump Administration in in the wake of President Obama’s effort to hold Russia accountable for interfering in our elections, in part by hacking multiple participants in it, from both parties. Vladimir Putin complied with Flynn’s request, taking no steps in response. Not only did Sergey Kislyak make sure Flynn knew that his request had played a key role in Putin’s decision, but he told Flynn that the Trump Administration and Russia were on the same side, targeted by sanctions aiming to incur a cost for Russia’s actions. “I just wanted to tell you that we found that these actions have targeted not only against Russia, but also against the president elect.”

Well before Kislyak had suggested to the 30-year intelligence veteran that Russia and Trump were on the same side against establishment America, Flynn had already taken steps to hide his actions, perhaps because some Transition members, like Marshall Billingslea, objected to the pre-inauguration outreach to Russia.

When the whole thing got leaked to the public, Flynn lied even to the Vice President-Elect about his outreach.

But Trump appears to have been in on the secret. “The boss is aware” of Kislyak’s earlier requests of the Administration, Flynn told Kislyak on December 31, 2016. Indeed, Flynn made the first call that he would later lie about from Mar-a-Lago, while Flynn, “worked all day with trump from Mara lago,” as KT McFarland bragged in real time.

When the FBI interviewed Flynn about those calls a month later, he lied about the requests he had made of Russia. But he appears to have told a remarkable truth about one thing. “With regard to the scope of the Russians who were expelled,” from the US in retaliation for interfering in a US election, the FBI agents who interviewed him wrote, “FLYNN said he did not understand it. FLYNN stated he could understand one [diplomat expelled as a persona non-grata], but not thirty-five.” General Flynn, a thirty year veteran, thought an appropriate response to a systematic assault on American democracy was to kick out one suspected spy.

Months later (though this would not be revealed until years later), the newly installed President would make it clear he agreed with his short-lived National Security Advisor. In his first face-to-face meeting with representatives from Russia as President on May 10, 2017, President Trump told Foreign Minister Sergey Lavrov that he was unconcerned about Russian interference in the election that had made him President, because the US had historically done the same in other countries. Trump’s officials would take efforts to hide the most embarrassing aspects of that meeting (including that Trump shared highly sensitive Israeli intelligence with the Russians), first by altering the MemCon of the meeting and then having Trump’s new National Security Advisor, HR McMaster, give, “a misleading account of what happened during TRUMP’s meeting with LAVROV.” And Russia would have known that Trump and McMaster were lying.

Before Trump would tell Russia, to their face, that he didn’t much mind that Russia had hacked American democracy, he started dismantling the United State’s ability to prevent further hacks. That started with an effort to prevent the FBI from investigating why Flynn had reached out to Russia to undermine sanctions and (as a sentencing memo approved by Bill Barr’s DOJ would later explain) who ordered him to do so. The day Trump learned the FBI had interviewed Flynn, he asked FBI Director James Comey for loyalty. Then, after Trump fired Flynn — ostensibly for lying to the Vice President — he then privately asked the FBI Director to, “let[] this thing go, to let[] Flynn go.” After Comey testified publicly to Congress about the investigation, Trump fired him.

A long line of people would follow Comey out the door, many of them experts on Russia or counterintelligence or cybersecurity. Trump invented reasons in most cases (reasons that, as with Comey, sharply conflicted with his own views about Hillary Clinton). The obvious real reason had to do with retaliation for investigating him. But in those firings and resignations, Trump got rid of numerous people who had long fought Russian organized crime (like Andrew McCabe and Bruce Ohr), and counterintelligence experts like Peter Strzok. Before and after his impeachment, he got rid of other Russian experts like Marie Yovanovitch and Alexander Vindman. Even those who left of their own accord, like Fiona Hill, were demonized for their true testimony under subpoena.

The most remarkable moment came in July 2018, shortly after the Mueller team indicted Russia’s hackers for their attack on our democracy, when Trump met Putin in Helsinki.

Days before the meeting — though possibly after he had been warned the indictment was coming — Trump announced that he and Putin were talking about cybersecurity cooperation.

Then at the actual summit, with Putin displaying Trump like a soggy trophy, Trump sided with Putin’s denials over the US intelligence community in part because of conspiracy theories about the DNC server.

My people came to me, Dan Coats, came to me and some others, they said they think it’s Russia. I have President Putin. He just said it’s not Russia.

I will say this: I don’t see any reason why it would be. But I really do want to see the server but I have confidence in both parties.

I really believe that this will probably go on for a while, but I don’t think it can go on without finding out what happened to the server. What happened to the servers of the Pakistani gentleman that worked on the DNC?

Where are those servers? They’re missing. Where are they? What happened to Hillary Clinton’s emails? 33,000 emails gone, just gone. I think in Russia they wouldn’t be gone so easily.

I think it’s a disgrace that we can’t get Hillary Clinton’s 33,000 emails.

I have great confidence in my intelligence people, but I will tell you that President Putin was extremely strong and powerful in his denial today and what he did is an incredible offer.

He offered to have the people working on the case come and work with their investigators, with respect to the 12 people. I think that’s an incredible offer. Okay? Thank you.

That is, after a lengthy meeting with Putin, Trump simply decided — perhaps because he had to decide — that Russia had not attacked the US at all. His solution, per Putin’s suggestion, was to send people who had been investigating Russian crimes to Russia, something that has gotten people killed in the past.

Meanwhile, Trump started dismantling the cybersecurity defenses built up during the Obama Administration. The first day John Bolton started as Trump’s third National Security Advisor, experienced cybersecurity guy Tom Bossert was fired as Homeland Security czar.

President Donald Trump’s homeland security adviser, Tom Bossert, was fired Tuesday as the president’s new national security adviser, John Bolton, consolidates power in the White House.

On Monday night, Bossert was socializing with current and former U.S. Intelligence officials at a conference in Sea Island, Georgia, and a source close to him told NBC News that the adviser was unaware of any intention at the White House to seek his resignation, and that he had no plans to quit.

“New team,” the source said, without further explanation.

Bossert was called in to Bolton’s office early Tuesday morning and told that he was being fired, according to a source with direct knowledge.

Trump’s associates may have figured out that Bossert had provided key details about the events at Mar a Lago in December 2016; he also appears to have provided emails to Mueller’s team that helped them to get those of others like Jared Kushner and Steve Bannon.

Rob Joyce, a top NSA expert, was moved back to the Agency a few months after Bossert left. So even as Bolton was downgrading the pandemic expertise within NSC, he was also eliminating top cybersecurity talent.

That was done because Bolton is a power hungry asshole. But Trump continued eliminating cybersecurity expertise (even beyond that ensuring secure elections) in a fit of pique after the election. At a time when this hack would have already started, Trump fired the head of CISA, Chris Krebs, along with a deputy because they refused to back his conspiracy theories about the election. Politico reported that, in Krebs’ absence, “There is ‘massive frustration with CISA on a sluggish response to agency breaches.'”

Cybersecurity was one area where Trump’s team really was every bit the match of Obama’s — if not better. But Trump fired or removed key people one after another.

Similarly, also in a fit of pique, Trump put one after another unqualified flunky in charge of the entire Intelligence Community, first Twitter troll Ric Grenell and then resume fluffer John Ratcliffe. He did so, in substantial part, because they would ensure that Congress would not get briefed on threats from Russia. He also did so to ensure documents that purportedly undermined the case that he had been elected with Russian help would be released to the public. Under the two men, the government released documents that might have revealed key details about sources and methods to the Russians, both on how they collected on the Russian Embassy and on how quickly the CIA picked up certain pieces of intelligence in summer 2016.

Finally, things have come full circle. After Flynn blew up a perfectly good plea agreement (I’ll show in a few days he still would have been better off with that) largely in the service of making unsubstantiated claims of abuse refuted even by Barr’s DOJ along the way, Barr needed to help him out of the legal pickle and jail time his shitty defense attorney Sidney Powell got him into. As part of that effort, the Attorney General of the United States moved to dismiss the prosecution based off a claim (one that conflicted with a filing submitted by his own DOJ months earlier) that Flynn did nothing wrong by calling up Russia to undermine sanctions imposed, in part, to punish them for a hack. The case was so weak, the team trying to invent excuses for why Flynn shouldn’t be prosecuted for lying to hide his attempts to undermine sanctions on Russia altered documents. And that still didn’t work.

And so, along with a Thanksgiving turkey, Trump pardoned Mike Flynn, his first act of lame duck clemency, for Flynn’s service in protecting Trump from accountability for, himself, undermining those sanctions. Trump came into office telling Russia not to worry about hacking the United States. Trump told them explicitly, to their face, not to worry about hacking the United States. And in pardoning Mike Flynn, Trump made it clear that Russia should not worry — about Trump at least — about hacking the Untied States.

We will presumably get more certainty in days ahead about whether Russia did this hack, as well as the many key targets of it. The real question, however, will be whether Trump will be held accountable for inviting it to happen.

Update: The NYT describes analysis pointing out that Trump continues to sow conspiracy theories about voter fraud while remaining silent about getting pwned by his buddy Putin.

Analysts said it was hard to know which was worse: that the federal government was blindsided again by Russian intelligence agencies, or that when it was evident what was happening, White House officials said nothing.

But this much is clear: While President Trump was complaining about the hack that wasn’t — the supposed manipulation of votes in an election he had clearly and fairly lost — he was silent on the fact that Russians were hacking the building next door to him: the United States Treasury.

Updated with link to Politico and expanded list of targets.

Update: Richard Blumenthal, after attending a classified briefing on this compromise, has repeatedly attributed it to Russia.

Mike Pompeo has similarly stated, as fact, that Russia did it.

The Bankrupt Attribution of WannaCry

I’ve been puzzling through this briefing, purportedly attributing the WannaCry hack to North Korea, which followed last night’s Axis of CyberEvil op-ed (here’s the text). The presser was … perhaps even more puzzling than the Axis of CyberEvil op-ed.

Unlike the op-ed, Homeland Security Czar Tom Bossert provided hints about how the government came to attribute this attack.

Bossert makes much of the fact that the Five Eyes plus Japan all agree on this.

We do so with evidence, and we do so with partners.

Other governments and private companies agree.  The United Kingdom, Australia, Canada, New Zealand, and Japan have seen our analysis, and they join us in denouncing North Korea for WannaCry.

He also points to the Microsoft and (unnamed — because it’d be downright awkward to name Kaspersky in the same briefing where you attack them as a cybersecurity target) security consultant attributions from months ago.

Commercial partners have also acted.  Microsoft traced the attack to cyber affiliates of the North Korean government, and others in the security community have contributed their analysis.

Here are the specific things he says about how the US, independent of Microsoft and villains like Kaspersky, made an attribution.

What we did was, rely on — and some of it I can’t share, unfortunately — technical links to previously identified North Korean cyber tools, tradecraft, operational infrastructure.  We had to examine a lot.  And we had to put it together in a way that allowed us to make a confident attribution.

[snip]

[I]t’s a little tradecraft, to get to your second question.  It’s hard to find that smoking gun, but what we’ve done here is combined a series of behaviors.  We’ve got analysts all over the world, but also deep and experienced analysts within our intelligence community that looked at not only the operational infrastructure, but also the tradecraft and the routine and the behaviors that we’ve seen demonstrated in past attacks.  And so you have to apply some gumshoe work here, not just some code analysis.

Nevertheless, Bossert alludes to people launching this attack from “keyboards all over the world,” but says because these “intermediaries … had carried out those types of attacks on behalf of the North Korean government in the past,” they were confident in the attribution.

People operating keyboards all over the world on behalf of a North Korean actor can be launching from places that are not in North Korea.  And so that’s one of the challenges behind cyber attribution.

[snip]

[T]here were actors on their behalf, intermediaries, carrying out this attack, and that they had carried out those types of attacks on behalf of the North Korean government in the past.  And that was one of the tradecraft routines that allowed us to reach that conclusion.

Taking credit for stuff the private sector did

In his prewritten statement, Bossert provides on explanation for the timing of all this. One of the reasons the US is attributing the WannaCry attack now — aside from the need to gin up war with North Korea — is that Facebook and Microsoft, “acting on their own initiative last week,” took action last week against North Korean targets.

We applaud our corporate partners, Microsoft and Facebook especially, for acting on their own initiative last week without any direction by the U.S. government or coordination to disrupt the activities of North Korean hackers.  Microsoft acted before the attack in ways that spared many U.S. targets.

Last week, Microsoft and Facebook and other major tech companies acted to disable a number of North Korean cyber exploits and disrupt their operations as the North Koreans were still infecting computers across the globe.  They shut down accounts the North Korean regime hackers used to launch attacks and patched systems.

Yet even while acknowledging that Microsoft and Facebook are busy keeping the US safe, he demands that the private sector … keep us safe.

We call today — I call today, and the President calls today, on the private sector to increase its accountability in the cyber realm by taking actions that deny North Korea and the bad actors the ability to launch reckless and disruptive cyber acts.

Golly how do you think the US avoided damage from the attack based on US tools so well?

Then Bossert invites Assistant Secretary for Cybersecurity and Communications at DHS Jeanette Manfra to explain not how the US attributed this attack (the ostensible point of this presser), but how the US magically avoided getting slammed — by an attack based on US tools — as badly as other countries did.

By midafternoon, I had all of the major Internet service providers either on the phone or on our watch floor sharing information with us about what they were seeing globally and in the United States.  We partnered with the Department of Health and Human Services to reach out to hospitals across the country to offer assistance.  We engaged with federal CIOs across our government to ensure that our systems were not vulnerable.  I asked for assistance from our partners in the IT and cybersecurity industry.  And by 9:00 p.m. that night, I had over 30 companies represented on calls, many of whom offered us analytical assistance throughout the weekend.

By working closely with these companies and the FBI throughout that night, we were able to issue a technical alert, publicly, that would assist defenders with defeating this malware.  We stayed on alert all weekend but were largely able to escape the impacts here in this country that other countries experienced.

Managing to avoid getting slammed by an attack that the US had far more warning of (because it would have recognized and had 96 days to prepare) is proof, Manfra argues, of our preparation to respond to attacks we didn’t write the exploit for.

[T]he WannaCry attack demonstrated our national capability to effectively operate and respond.

Ix-Nay on the AdowBrokers-Shay

Which brings us to the dramatic climax of this entire presser, where Tom Bossert plays dumb about the fact that his this attack exploited an NSA exploit. In his first attempt to deflect this question, Bossert tried to distinguish between vulnerabilities and the exploits NSA wrote for them.

Q    Had they not been able to take advantage of the vulnerabilities that got published in the Shadow Brokers website, do you think that would have made a significant difference in their ability to carry out the attack?

MR. BOSSERT:  Yeah.  So I think what Dave is alluding to here is that vulnerabilities exist in software.  They’re not — almost never designed on purpose.  Software producers are making a product, and they’re selling it for a purpose.

Pretending a vulnerability is the same thing as an exploit, Bossert pointed to the (more visible but still largely the same) Vulnerabilities Exploit Process Trump has instituted.

When we find vulnerabilities, the United States government, we generally identify them and tell the companies so they can patch them.

In this particular case, I’m fairly proud of that process, so I’d like to elaborate.  Under this President’s leadership and under the leadership of Rob Joyce, who’s serving as my deputy now and the cybersecurity coordinator, we have led the most transparent Vulnerabilities Equities Process in the world.

Hey, by the way, why isn’t Rob Joyce at this presser so the person in government best able to protect against cyber attacks can answer questions?

Oh, never mind–let’s continue with this VEP thing.

And what that means is the United States government finds vulnerabilities in software, routinely, and then, at a rate of almost 90 percent, reveals those.  They could be useful tools for us to then exploit for our own national security benefit.  But instead, what we choose to do is share those back with the companies so that they can patch and increase the collective defense of the country.  It’s not fair for us to keep those exploits while people sit vulnerable to those totalitarian regimes that are going to bring harm to them.

So, in this particular case, I’m proud of the VEP program.  And I’d go one step deeper for you:  Those vulnerabilities that we do keep, we keep for very specific purposes so that we can increase our national security.  And we use them for very specific purposes only tailored to our perceived threats.  I think that they’re used very carefully.  They need to be protected in such a way that we don’t leak them out and so that bad people can get them.  That has happened, unfortunately, in the past.

Hell! Let’s go for broke. Let’s turn the risk that someone can steal our toys and set off a global worm into the promise that we’ll warn people they’ve been hacked.

But one level even deeper.  When we do use those vulnerabilities to develop exploits for the purpose of national security for the classified work that we do, we sometimes find evidence of bad behavior.  Sometimes it allows us to attribute bad actions.  Other times it allows us to privately call — and we’re doing this on a regular basis, and we’re doing it better and in a more routine fashion as this administration advances — we’re able to call targets that aren’t subject to big rollouts.  We’re able to call companies, and we’re able to say to them, “We believe that you’ve been hacked.  You need to take immediate action.”  It works well; we need to get better at doing that.  And I think that allows us to save a lot of time and money.

We’re not yet broke yet, though! When Bossert again gets asked whether WannaCry was based off a US tool, he tried to argue the only tool involved was the final WannaCry one, not than the underlying NSA exploit.

Q    So you talked about the 90 percent of times when you guys share information back with companies rather than exploit those vulnerabilities.  Was this one of the 10 percent that you guys had held onto?

MR. BOSSERT:  So I think there’s a case to be made for the tool that was used here being cobbled together from a number of different sources.  But the vulnerability that was exploited — the exploit developed by the culpable party here — is the tool, the bad tool.

This soon descends into full-on Sergeant Schultz.

I don’t know what they got and where they got it, but they certainly had a number of things cobbled together in a pretty complicated, intentional tool meant to cause harm that they didn’t entirely create themselves.

MalwareTech took a risk doing what he always does [er, did, before the US government kidnapped him] with malware?

Then there’s weird bit — one of those Bossert moments (like when he said WannaCry was spread by phishing) that makes me think he doesn’t know what he’s talking about. When asked if this North Korean attribution changed the government’s intent to prosecute MalwareTech (Marcus Hutchins), Bossert dodged that tricksy question (the answer is, yes, the prosecution is still on track to go to trial next year) but then claimed that Hutchins “took a risk” doing something he has repeatedly said he always does when responding to malware.

I can’t comment on the ongoing criminal prosecution or judicial proceedings there.  But I will note that, to some degree, we got lucky.  In a lot of ways, in the United States we were well-prepared.  So it wasn’t luck — it was preparation, it was partnership with private companies, and so forth.  But we also had a programmer that was sophisticated, that noticed a glitch in the malware, a kill-switch, and then acted to kill it.  He took a risk, it worked, and it caused a lot of benefit.  So we’ll give him that.  Next time, we’re not going to get so lucky.

After dodging the issue of why the government is prosecuting the guy whose “luck” Bossert acknowledges saved the world, he has the gall to say — in the very next breath!! — we need to do the kind of information sharing that Hutchins’ prosecution disincents.

So what we’re calling on here today is an increased partnership, an increased rapidity in routine speed of sharing information so that we can prevent patient zero from being patient 150.

Whatever you do, don’t follow the lack of money

All that was bad enough. But then things really went off the rail when a journalist asked about what one of the poorest countries on earth — a country with a severe exchangeable currency shortage — did with the money obtained in this ransomware attack.

Q    Tom, the purpose of ransomware is to raise money.  So do you have a sense now of exactly how much money the North Koreans raised as a result of this?  And do you have any idea what they did with the money?  Did it go to fund the nuclear program?  Did it go just to the regime for its own benefit?  Or where did that money go?

MR. BOSSERT:  Yeah, it’s interesting.  There’s two conundrums here.  First, we don’t really know how much money they raised, but they didn’t seem to architect it in the way that a smart ransomware architect would do.  They didn’t want to get a lot of money out of this.  If they did, they would have opened computers if you paid.  Once word got out that paying didn’t unlock your computer, the payment stopped.

And so I think that, in this case, this was a reckless attack and it was meant to cause havoc and destruction.  The money was an ancillary side benefit.  I don’t think they got a lot of it.

Wow. A couple things here. First, of one of the poorest countries in the world, Bossert said with a straight face: “They didn’t want to get a lot of money out of this.”

He has to do that, because he has just said that, “They’ve got some smart programmers.” So he has to treat the attack, as implemented, as the attack that the perpetrators wanted. That apparently doesn’t mean he feels bound to offer some explanation for why North Korea would forgo the money that their smart programmers could have earned. Because he never offers that, without which you have zero credible attribution.

Still nuttier, at one level it cannot be true that “we don’t know how much money they raised.” Later in his presser he claims, “cryptocurrency might be difficult to track” and suggests the government only learned about how little they were making because, “targets seem to have reported to us, by and large, that they mostly didn’t pay. … So we were able to track the behavior of the targets in that case.”

Um. No. It was very public! We watched WannaCry’s perps collect $144,000 via the @Actual_ransom account, and we watched the account be cashed out in the immediate wake of the aforementioned MalwareTech arrest (as Hutchins noted, making it look like he had absconded with his Bitcoin rather than gotten arrested by the FBI).  That, too, is a detail that Bossert would have needed to address for this to be a marginally credible press conference.

But wait! There’s more! We also know that as soon as WannaCry’s perps publicly cashed out, Shapeshift blacklisted all its known accounts, making it impossible for WannaCry to launder the money, and adding still more transparency to the process. Which means Bossert should know well the answer to the question “how much did North Korea (or whatever perp) make off this?” is, zero. None. Because their money got cut off in the laundering process. (For some reason, Bossert gave Shapeshift zero credit here, which raises further questions I might return to at a later date.) Either attribution includes details about this process or … it’s not credible.

Bossert’s backflips to pretend Trump isn’t treating North Korea differently than Russia

Now, all this is before you get into the gymnastics Bossert performed to pretend that Trump isn’t treating North Korea — against whom this attribution will serve as justification for war — differently than Russia. After being asked about it, Bossert claimed,

President Trump not only continued the national emergency for cybersecurity, but he did so himself and sanctioned the Russians involved in the hacks of last year.

His effort to conflate last year’s hack-related sanctions with the sanctions imposed by Congress but not fully implemented looked really pathetic.

Q    Have all the sanctions been implemented?

MR. BOSSERT:  This was — yeah, this was the Continuation of the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities.  President Trump continued that national emergency, pursuant to the International Emergency Economic Powers Act, to deal with the “unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.”

Pivoting to one of the most important private companies

Immediately after which, perhaps in an act of desperation, Bossert pivoted to Kaspersky, one of the most important security firms in unpacking WannaCry and therefore utterly central to any claim the answer to cyberattacks is to share between the private and public sector. Bossert said this to defend the claim that the Trump administration is taking Russian threats seriously.

Now, look, in addition, if that’s not making people comfortable, this year we acted to remove Kaspersky from all of our federal networks.  We did so because having a company that can report back information to the Russian government constituted a risk unacceptable to our federal networks.

And then — in the same press conference where Bossert hailed cooperation, including with private security firms like Kaspersky, he boasted about how “in the spirit of cooperation” the US has gotten “providers, sellers, retail stores” to ban one of the firms that was critical in analyzing and minimizing the WannaCry impact.

In the spirit of cooperation, which is the second pillar of our strategy — accountability being one, cooperation being the second — we’ve had providers, sellers, retail stores follow suit.  And we’ve had other private companies and other foreign governments also follow suit with that action.

In case you’re counting, he has boasted about cooperation in the same breath as speaking of both MalwareTech and Kaspersky.

Whatever. From this we’re supposed to conclude we should go to war against North Korea and their non-NK keyboarders the world over and  that the way to defend ourselves against them is to simultaneously demand “cooperation” even while treating two of the most important entities who minimized the threat of WannaCry as outlaws.