Seriously? NSA Knew North Korea Hacked Sony Because It Hacked North Korea First
What’s wrong with this picture?
We all famously know the U.S. government directly blamed North Korea for the Sony hack, allegedly in retaliation for the sad Seth Rogen “comedy” The Interview. Serious questions arose almost immediately about how the U.S. could be so sure it was the boys from Pyongyang at fault, and not some outside hacking group pretending to be North Korea, or a disgruntled Sony insider. After all, the initial contacts between the hacker and Sony mentioned nothing about The Interview, and of course, even after the movie was released, nothing happened.
Snowden Docs Suggest an Answer
According to new Edward Snowden documents published by der Spiegel and others, the source of the U.S. government’s confidence may be simple: the NSA claims to have inserted malware into North Korea’s computer systems in 2010, years before the hack even happened, creating backdoor access. The malware was targeted specifically at North Korea’s own hackers, not necessarily the government their per se. The NSA was watching North Korea’s geeks the whole time.
So Where was the NSA?
Assuming that U.S. malware tale is true, it begs the question: if the NSA had such broad access to North Korean hacking resources, why didn’t they know about the Sony hack and warn the company? It seems unlikely that the North Koreans just plopped down one day and zoomed into Sony’s networks, hoovering up the mass of data someone got a hold of.
It appears that whoever hacked into Sony took their time. The New York Times reports the first step was a simple “spear phishing” attack on Sony, the use of emails that insert malicious code into a computer system if an unknowing user clicks on a link. This took place in early September 2014. The intruders then stole the credentials of a Sony systems administrator, which allowed them to roam freely inside Sony’s systems. Investigators have concluded that the hackers spent more than two months, from mid-September to mid-November, mapping Sony’s computer systems, identifying critical files and planning how to destroy computers and servers. The damage only began on November 24.
One counter-argument offered is that the NSA did not want to disclose their access into North Korea over something as small as Sony. The response is quite obvious. All that needed to be done is for someone to make a quick call to Sony and say “Hey, don’t ask who I am or how I know, but you might want to take a look at XYZ on your network. Bye!” Like the way the NSA uses the FBI and DEA as cut outs to pass data to local law enforcement, nobody at the receiving end knows how or why the lucky information fell into their laps.
Another counter-argument is that the NSA was focused on protecting U.S. government systems and did not see anything all that important about Sony. The first thing wrong with the idea is that one of NSA’s stated missions is cybersecurity for the U.S. as a whole, not just Federal systems. The other argument is that if Sony being hacked was just not that big a deal, the rest of the U.S. government sure acted like it was. And all over a movie.
So Seriously, Where was the NSA?
So where was the NSA? With claimed access directly into North Korea’s systems, access that made attributing the Sony hack post-facto a supposed slam dunk, where was the NSA when it came to stopping the attack? This question is the one looming over the entire world-wide spying operation the NSA has become, given its stated purpose of protecting things. Where was the NSA ahead of the Boston Bombings? Ahead of the attacks in France? Ahead of all the shootings and lone wolves wandering around America? Ahead of the much more financially-damaging hacks against the credit card processing systems of Target and Home Depot?
The question remains thus begged: if all the money spent, and civil liberties shunted aside, in the name of protection, doesn’t protect us when it matters, then what is the point of the NSA?
We’ll call that a rhetorical question.