More like this

Security

Just WHY is the FBI so sure North Korea hacked Sony? NSA: *BLUSH*

DOH! Clapper smacker for crapper tapper

North Korean leader Kim Jong-un

+Comment For those still wondering why US President Barack Obama and the FBI have so confidently blamed North Korea for the Sony Pictures hack, it's apparently because the NSA compromised the secretive country's computer network years before – giving American intelligence a front-row seat for subsequent shenanigans.

The New York Times reports that the penetration (PDF) was accomplished in 2010, years before the hack of Sony Pictures, and initially with the assistance of South Korea.

The NSA wasn't much interested in North Korea at the time but that changed – partly because the spy agency managed to get its hands on useful zero-day exploits used against the Norks, according to recently disclosed files. NBC News adds that US intel agencies had no forewarning of the Sony hack. After Sony reported the breach to the FBI's cyber unit on 24 November, it became possible to trace back the attack.

So even after comprehensively bugging North Korea's 'net connection, the best the spy agency had was the equivalent of a CCTV camera rather than a burglar alarm capable of detecting a crime in progress.

All this is mostly based on anonymous briefings by shadowy intelligence types. FBI Director James Comey went on the record earlier this month to say that one key piece of evidence implicating North Korea was that IP [Internet protocol] addresses used to post and to send the emails by the Guardian of Peace connected with the attack were coming from IPs that were exclusively used by the North Koreans. Comey told delegates at a cyber conference at Fordham University on 7 January that the North Koreans had erred by being "sloppy" in disguising the source of the attack.

General James Clapper, director of the NSA, backed the attribution of the Sony attack to North Korea at the same conference without revealing the NSA's apparent role.

He also told the conference that he'd had dinner with the head of North Korean intelligence, the ultimate boss on Pyongyang's hacking unit, during a trip to North Korea on 6 and 7 November. The visit – the main goal of which was to bring back two Americans imprisoned in North Korea (Kenneth Bae and Matthew Todd Miller) – occurred around two weeks before Sony notified the FBI that it had been hit by a multi-stage attack involving planting wiper malware on its corporate network as well as lifting and subsequently leaking GB of sensitive corporate data, including an embarrassing cache of emails.

In a statement, the NSA confirmed General Clapper had met his North Korean counterpart General Kim, characterising this as an informal meeting. The agency added that the NSA's recently appointed head spy was well aware of North Korea's hacking activity against US interests.

While we will not specifically address the Sony matter beyond what was stated publicly by the DNI and FBI Director Comey last week, Director Clapper is (and was) fully aware of North Korea's many efforts in recent years to probe and infiltrate U.S. commercial networks and cyber infrastructure. The USIC [U.S. intelligence community] has been tracking North Korean intrusions and phishing attacks on a routine basis. While no two situations are the same, it is our shared goal is to prevent bad actors from exploiting, disrupting or damaging U.S. commercial networks and cyber infrastructure. When it becomes clear that cyber criminals have the ability and intent to do damage, we work cooperatively to defend networks.

The latest twist in the tale supports the argument of those in the infosec world who had argued that the US must have had some sig-int (signals intelligence) that allowed it to be confident that North Korea was behind the Sony hack. Whether or not this will win over those previously convinced that the whole Nork theory is a load of dingo's kidneys, and that Sony was trashed by a disaffected former techie in cahoots with hactivist types, seems unlikely.

Comment

Quite why the Feds are going to such lengths to convince the doubting infosec community, drawing attention to a program to wiretap a hostile country's internet infrastructure, is a puzzle. Perhaps the program had been uncovered. If not, why is the US intel community disclosing source and methods just to bolster the credibility of its explanation for the Sony hack? ®

Sponsored: 2016 Cyberthreat defense report