Investigators looking to catch the perpetrators of the global "ransomware" attack will be looking for digital clues, including monitoring the bitcoin accounts used to collect ransom payments.
It'll be tough, but not impossible.
Security experts say that bitcoin is often believed to be anonymous, but the transactions are highly traceable. What's not known is who's behind a particular account. But the bitcoin money often has to be converted into real-world currency at some point.
Steve Grobman of the security company McAfee says forensics experts will also be looking for clues in the structure of the malware, including how it was written and how it was run. He says the malware was sophisticated, helping to rule out pranksters and lower-level thieves.
The cyberattack that emerged Friday has paralyzed computers running factories, banks, government agencies and transport systems around the world.
Interpol's cybercrime unit, based in Singapore, said it is working on information provided by the private Kaspersky Lab to assist investigations in the countries affected. Europol has said the same. But neither agency has actual enforcement capabilities, instead acting more as information clearinghouses and organizers in the complex world of international law enforcement, where police from different countries rarely have a language in common - and few speak the languages of computer programming.
Costin Raiu, head of Kaspersky's global research and analysis, whose group has two analysts directly embedded with Interpol, said a main pitfall will be sharing intelligence in real time, and then being able to follow the accumulated evidence to a suspect. Raiu said investigators are scouring the Tor darknet to trace the command and control servers. The attackers are believed to be relatively new at the ransomware business, he said.
"The attack appears to be slowing down anyway. What we are afraid of are copycats," he said.
President Donald Trump's homeland security adviser says that so far, no U.S. federal systems have been affected by the global cyberattack.
Tom Bossert says the U.S. government has been closely monitoring the attack, which has affected an estimated 300,000 machines in 150 countries. He noted a few U.S. businesses, including Fed Ex, were affected.
Neither the FBI or NSA would comment Monday
(Copyright 2017 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)
