The NSA has been spying on North Korea via Chinese networks for over four years. They found a zero day exploit that the country had been using against other nations, and turned the situation around to work in their favor. So for years the US government has had a clear view of the North Korean government’s cyber activities.
North Korea is a Cyber Threat
North Korea’s computers are connected to the Internet and the world through certain Chinese networks. These networks were penetrated by NSA spies in 2010, and have been monitored for suspicious activity ever since. It is not a surprise that the NSA elected to spy on such a country as North Korea. They pose a threat because of their politics, military, and secretive nature. So it is also no surprise when the US government so easily points their fingers at North Korea after a huge cyber attack. Too bad they couldn’t warn anyone since they should have been aware that an attack was underway.
What may be surprising is that it was only in 2010 that the US government and the NSA realized that North Korea posed a threat in the cyber world. Der Spiegel is the news agency that published the documents on the NSA’s program targeting North Korea’s so-called cyber army. It describes the catalyst for the targeting of this largely Internet starved nation as being a zero day vulnerability that its cyber army was very successfully manipulating. The NSA then decided to take the zero day and reengineer it to work for them. The agency was very proud of this, calling it a great victory.
How the US is Handling It
The NSA developed the remodeled North Korean zero day to inject malware into the country’s computer networks. The agency was also able to target computers that they discovered were being used by the infamous cyber army. The NSA felt that targeting specific machines was necessary because the government’s cyber crew was believed to be composed of about six thousand full time members. And the move has proved to be very productive since the US was, for the very first time, able to determine the precise origin of an attack without involving speculation. The attack on Sony Pictures was attributed to North Korea without any doubts in the mind of President Obama.
The remodeled zero day and the malware that was developed alongside it allows the NSA to effectively track and monitor the activities of the North Korean cyber army. It allows them to gain enough specific information on the activities being run on different computer systems to anticipate the group’s next targets. They knew, in other words, that Sony was being targeted. The irritating part is that they did nothing to try to prevent it. All they did was wait for the attack to be completed so they could accuse North Korea of being behind it. And for all the intricacies of the spy program, the US determined that North Korea was responsible simply because of the easily faked IP addresses associated with the attack.
The North Korean monitoring system of the NSA is sophisticated to the degree that the first signs of the attack on Sony were clear as early as September last year. The agency should have spotted the spear phishing attack, executed via emails, which was the preliminary stage of the planned larger attack. The American officials who were criticized for doing nothing responded by saying that the phishing exploit did not appear to be a threat. This is despite the numerous examples of huge attacks being successfully executed due to initial assaults using phishing emails. The US government claims that it only knew about the attack after Sony informed the FBI about it. Of course, the FBI could also not confirm whether North Korea was really behind it.
Without due warning that could have prevented the attack altogether, an administrator account was hijacked and used to get unrestricted access to Sony’s systems. Still, the government kept mum. Beyond this, the government had about two months during which they could have contacted Sony to inform them of the breach. The suspected North Korean group continued to collate data on the company’s computer files and systems without interference. By Thanksgiving, they had a solid plan in place for how they were going to take down Sony’s servers and terminals. Perhaps the US officials in charge of the operation simply decided to go on vacation early. Perhaps, like others put in positions of authority in matters of cyber security, they are simply not up to the task. Either they don’t care about attacks or they really did not understand what was happening.