N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say (NYT)

James Clapper, DNI, courtesy of the NYT

James Clapper, DNI, courtesy of the NYT


This article contends that the National Security Agency gained access to North Korea internet connections through China as early as 2010. Moreover, the information gained from this act led the Federal Bureau of Investigation and President Barack Obama to blame North Korea for the Sony hack.  Moreover Director of National Intelligence James Clapper blamed the commander of the Reconnaissance General Bureau, Kim Yong-chol, whom he had dinner with in Pyongyang, as the leader behind the hacking attack,

See the full report at: http://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html?_r=0

2014 National Security Strategy.


The Office of the Director of National Intelligence released its “2014 National Security Strategy” on September 18, 2014. This document is “the blueprint that will drive the priorities for the nation’s 17 Intelligence Community components over the next four years.”

Key aspects of this report include:

“China, Russia, North Korea and Iran will continue to challenge U.S. interests.”

“global power is also becoming more diffuse.”

“New alignments and informal networks, outside of traditional power blocs and national governments, will increasingly have significant impact in global affairs.”

“Competition for scarce resources such as food, water and energy is growing in importance as an intelligence issue as that competition exacerbates instability, and the constant advancements and globalization of technology will bring both benefits and challenges.”

“The seven ‘mission objectives’ are: 1) strategic intelligence; 2) anticipatory intelligence; 3) current operations; 4) cyber intelligence; 5) counterterrorism; 6) counterproliferation; and 7) counterintelligence.”

“The six ‘enterprise objectives’ are: 1) integrated mission management; 2) integrated enterprise management; 3) information sharing and safeguarding; 4) innovation; 5) our people; and 6) our partners.”

DNI James R. Clapper concluded this threat environment sets up “a perfect storm.”


NIS Roadmap, courtesy of the ODNI

NIS Roadmap, courtesy of the ODNI

For more information, see:

Lawfare.The 2014 National Intelligence Strategy Roadmap.” September 30, 2014. Accessed December 26, 2014.

NYT. “James Clapper Jr.” November 17, 2014. Accessed December 26, 2014.

ODNI. “DNI UNVEILS 2014 NATIONAL INTELLIGENCE STRATEGY.” September 18, 2014. Accessed December 26, 2014.

ODNI. “The National Intelligence Strategy of the United States of America.” 2014. Accessed December 26, 2014.

Strauss, Robert. “Office of the Director of National Intelligence: The View from the Top.” Youtube. October 23, 2014. Accessed December 26, 2014.

A Proportional Response? North Korean Internet Jammed

North Korea’s internet has become jammed because of a possible DDoS attack in response to DPRK’s alleged involvement in the Sony Hack. As of December 22, 2014, the entire DPRK routing system through China has gone dark. This incident may be President Obama’s proportional response to the Sony hack.

NK Internet Traffic Jammed

NK Internet Traffic Jammed

Estes, Adam Clark. “North Korea’s Internet Is Totally Screwed Right Now.” Gizmodo. December 22, 2014.

Fung, Brian. “North Korea’s Internet is going suspiciously haywire.” WaPo. December 22, 2014.

Kleinman, Alexis. “North Korea’s Internet Might Be Under Attack.” HP. December 22, 2014.

North Korea Tech. “North Korea’s Internet link is flaky today.” December 22, 2014.

Perlroth, Nicole and David E. Sanger. “Attack Is Suspected as North Korean Internet Collapses.” NYT. December 22, 2014.

Robertson, Jordan. “North Korean Internet Goes Dark in Wake of Sony Hack.” Bloomberg. December 22, 2014.

Obama: North Korea’s hack not war, but ‘cybervandalism’ – CNN

GOP hacking notice to Sony

GOP hacking notice to Sony


“President Barack Obama says he doesn’t consider North Korea’s hack of Sony Pictures ‘an act of war.’

‘It was an act of cybervandalism,’ Obama said in an interview with CNN’s Candy Crowley that aired Sunday on ‘State of the Union’.”

See the full article at: http://www.cnn.com/2014/12/21/politics/obama-north-koreas-hack-not-war-but-cyber-vandalism/

Repost: FBI Update on Sony Investigation

Washington, D.C.

December 19, 2014

FBI National Press Office

(202) 324-3691

Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the “Guardians of Peace” claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications. The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.

After discovering the intrusion into its network, SPE requested the FBI’s assistance. Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber attack. Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks.

As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.

The FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential business information. Further, the FBI will continue to work closely with multiple departments and agencies as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source. Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests.

See the press release at: http://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation

See the BBC’s evaluation of the evidence at: http://www.bbc.com/news/technology-30554444