This post was originally published on February 3, 2015.
Do you remember the recent hack of Sony Pictures Entertainment? If so, you’ll likely also recall that speculation as to who was behind the attack was rife with fingers being pointed toward North Korea almost immediately. The fact that many of those fingers belonged to US officials was interesting – after all, how could they ‘know’?
Well, the answer is amazingly simple: the America National Security Agency (NSA) had been knee-deep in the country’s computers and networks for many years.
According to the New York Times, US spooks began infiltrating the Chinese networks that connect North Korea to the rest of the world back in 2010.
A recently released Top Secret document reveals how the spy agency wasn’t initially interested in North Korea until it “realized there was another actor that was going against them and having great success because of a 0 day they wrote.” The document goes on to disclose how the NSA was then able to repurpose the zero-day, something it described as a “big win”.
Unnamed officials told the New York Times that the program then quickly grew with malware subsequently being placed on many computers and networks known to be used by North Korea’s cyber army, thought by South Korea to be 6,000 strong.
This “early warning radar” of malware that allowed the NSA to track the internal workings of many of the target devices allowed President Obama to take the unprecedented step of pointing his digits firmly in the direction of a particular country, the first time the US has ever directly accused another government of involvement in a cyber attack against its interests.
Of course the curious side of the American leader’s conviction is the fact that no-one, as far as we are aware, thought to tip off Sony.
The New York Times wrote how two American officials should have seen the initial attack on Sony in September which came via spear phishing emails. They noted, however, that the attacks did not look particularly remarkable and only retrospective investigation revealed how North Korea had swiped a Sony administrator’s login credentials, giving the attackers the means to access the company’s systems with impunity.
The investigation further revealed how the hackers had two clear months of access from mid-September to mid-November during which time they carefully and patiently mapped Sony’s computer assets, identifying files of interest and planning how they would later destroy terminals and servers.
A New York Times source said that even with the NSA’s unique insight into North Korean cyber activity, intelligence agents “couldn’t really understand the severity” of the attacks that began on 24 November.
According to NBC News, US government knowledge of the attack only came on that very day – when Sony itself contacted the FBI’s cyber unit.
But at least we know who did it. Right?
Not so fast reader – some doubt does still remain.
Sceptics and experts alike have posited that the ‘smoking gun’ – the fact that the attacks came from known North Korean IP addresses – could be less relevant than some may think. After all, it doesn’t take an elite hacker to spoof an IP address.
Add to that the fact that FBI director James Comey refused to reveal any further evidence to confirm the origin of the attack and you have the makings of what could arguably be described as a conspiracy theory.
Featured image: Wikimedia Commons (image has been modified)