Western cyber intelligence isn’t as impotent as it seems, according to two news reports.
The New York Times said Monday that with the help of unnamed allies the National Security Agency (NSA) had infiltrated at least some North Korean computer systems as far back as 2010. That’s one reason why President Barak Obama was persuaded that the outlier country was behind the mammoth Sony Pictures Entertainment attack.
Separately, the German magazine Der Speigel reported Sunday that the NSA has the ability to hijack botnet networks of hackers to inject its own malware when it wants. Here’s a version of that story from Computerworld U.S.
Combined, the two reports may cheer security pros that in the nation-state cyber war Western countries have the tools to fight back.
However, that doesn’t mean enterprises will soon be safer from attack. After all, despite the supposed knowledge of the NSA, the Sony attack was unblunted. Admittedly, the Americans couldn’t directly warn Sony without giving away its secret. On the other hand, it’s more likely that the NSA didn’t know exactly what the attackers had in mind.
While it might have been possible for the agency to detect North Korea was snooping Sony – and the Times article doesn’t say that it did, only that the NSA had the capability to track traffic— it couldn’t foresee the strategy of destroying Sony files.
In fact the Times story quotes an unnamed person that U.S. investigators only realized after the attack that hackers spent more than two months mapping the Sony network, and the way they gained entry was by stealing the credentials of a Sony system administrator.
Is that disinformation to hide NSA capability? It wouldn’t be the first time the press has been used. In one sense it doesn’t matter: CIO s and CSOs should be warned by the Sony attack to step up staff awareness training and to keep a closer eye on traffic going outside the firewall.