NSA hacked North Korean cyberspace prior to Sony attacks
Mon 19 Jan 2015
The unusual certainty with which the U.S. administration attributed blame for last November’s cyber-attacks on Sony now seems attributable to the National Security Agency (NSA) obtaining access to the DPRK network as early as 2010. The New York Times provides a newly-released NSA document [PDF] which details how its own operatives used South Korea as a network point-of-access to the North:
“Yes, there was a project that I was working last year with regard to the South Korean CNE program. While we aren’t super-interested in SK (things changed a bit when they started targeting us a bit more), we were interested in North Korea and SK puts a lot of resources against them. At that point, our access to NK was next to nothing but we were able to make some inroads to the SK CNE program. We found a few instances where there were NK officials with SK implants in their boxes, so we got on the exfil points, and sucked back the data. That’s fourth party (TS//SI//REL).
“However some of the individuals that SK was targeting were also part of the NK CNE program. So I guess that would be the fifth party collect you were talking about. But once that started happening, we ramped up efforts to target NK ourselves (as you don’t want to rely on an untrusted actor to do your work for you). But some of the work that was done there was able to help us gain access.”
The unknown interviewee goes on to detail the ‘repurposing’ of another ‘actor’s’ zero-day exploit against the same target, summarising the excursion as a “big win”.
The New York Times cites ‘officials and experts’ who assert that President Obama’s uncharacteristic conviction about the provenance of the attacks on Sony – which have already led to sanctions against North Korea – is due to the absolute certainty that the NSA’s prior work on North Korean cyberspace provided him.
Considering that North Korea only has 1024 IP addresses active, and that it is – for tactical and political reasons – probably the least-networked developed nation on the planet, it is hard to understand why the U.S. administration would give up this information to the public at this stage – unless it has just lost its now-vaunted advantage for some unknown reason, and is seeking capital with the public regarding ongoing retaliation against North Korea.