When Sony Pictures was hacked late last year, there was considerable speculation as to the groups–or nation–that was responsible for the cyber-attack.
After the FBI became involved, the agency quickly announced that North Korea was behind the hack, citing the use of malware associated with previous cyber-strikes conducted by Pyongyang. But other security experts disagreed, claiming the “evidence” offered by the FBI was skimpy, at best, and suggested that “hacktivist” groups might be responsible.
We took a slightly different approach, noting that the bureau had access to information unavailable to other experts.
Fact is, the FBI maintains a close working relationship with NSA on cyber-security issues and can draw upon that agency’s vast expertise in that field. In fact, some members of the FBI’s cyber division are stationed at NSA HQ at Fort Meade, MD, to facilitate liaision efforts between the organizations. It’s a safe bet the FBI’s “North Korea” analysis was based, at least in part, on data provided by NSA, and so far, the feds have said virtually nothing about the role of the SIGINT agency in the Sony investigation. If the assessment is based on NSA data, it would add more credence to the North Korean angle.
In fact, the NSA has active partnerships with a number of tech firms, allowing it to probe for potential weaknesses and monitor activity from various hacker groups, including those sponsored by nation-states. Author Shane Harris recently detailed the extent of these relationships in his book @War: the Rise of the Military-Internet Complex:
The NSA helps the companies find weaknesses in their products. But it also pays the companies not to fix some of them. Those weak spots give the agency an entry point for spying or attacking foreign governments that install the products in their intelligence agencies, their militaries, and their critical infrastructure. Microsoft, for instance, shares zero day vulnerabilities in its products with the NSA before releasing a public alert or a software patch, according to the company and U.S. officials. Cisco, one of the world’s top network equipment makers, leaves backdoors in its routers so they can be monitored by U.S. agencies, according to a cyber security professional who trains NSA employees in defensive techniques. And McAfee, the Internet security company, provides the NSA, the CIA, and the FBI with network traffic flows, analysis of malware, and information about hacking trends.
Companies that promise to disclose holes in their products only to the spy agencies are paid for their silence, say experts and officials who are familiar with the arrangements. To an extent, these openings for government surveillance are required by law. Telecommunications companies in particular must build their equipment in such a way that it can be tapped by a law enforcement agency presenting a court order, like for a wiretap. But when the NSA is gathering intelligence abroad, it is not bound by the same laws. Indeed, the surveillance it conducts via backdoors and secret flaws in hardware and software would be illegal in most of the countries where it occurs.
Today’s edition of The New York Times offered additional insights into the NSA’s cyber-capabilities, disclosing that the spy agency first penetrated North Korea’s on-line networks as early as 2010:
It’s no consolation to Sony, but if the company had been a public utility or in the financial sector, it would have likely received great assistance, and at an earlier juncture in the attack. But as we’ve learned in recent weeks, attacks on non-critical targets can also create havoc. Accordingly, the nation must decide how much help it needs from organizations like the NSA and what it is willing to give up in the name of cyber defense.