NSA Penetrating North Korea with Malware

Uploaded on 2015-02-05 in GOVERNMENT-National, GOVERNMENT-Defence, INTELLIGENCE-Hot Spots-North Korea, INTELLIGENCE--USA, NEWS-News Analysis, TECHNOLOGY--Hackers

The NSA has been targeting North Korea and its impenetrable system for a long time. New revelations have been brought to light and the NSA has started to equip the USA for possible digital wars in the near future, using surveillance and digital weapons to enhance its existing power.

Though North Korea has been the prime suspect of the recent Sony Pictures hack last November according to the FBI, there is still great room to doubt such a claim. Especially after the new revelations from Edward Snowden and the reports from Der Spiegel, with the voice of Jacob Appelbaum and others, suspicion has been raised and nobody believes that North Korea is to blame for everything turning bad in the world. It is customary on behalf of the NSA to be linked to tactics of unauthorized surveillance, with the example of last year's report proving that the Agency has backdoors for a number of different devices toward collecting data.

A new wave of documents, leaked by Edward Snowden and published by the Der Spiegel magazine, demonstrates how the NSA has used its servers as hacking platforms (i.e. FOXACID) to hack in the system of foreign governments by implanting a malware. Other components involved in the attacks are Turbine and Turmoil, belonging to the Turbulence family exploitation systems. According to Snowden, the NSA also secretly tapped into South Korean network espionage on North Korean networks to collect information.

"Spurred by growing concern about North Korea's maturing capabilities, the American spy agency drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies, according to former United States and foreign officials, computer experts later briefed on the operations and a newly disclosed N.S.A. document." reports The New York Times.

The NSA hackers compromised the North Korean systems by spreading malicious code through spear phishing campaigns:

"The N.S.A.'s success in getting into North Korea's systems in recent years should have allowed the agency to see the first "spear phishing" attacks on Sony — the use of emails that put malicious code into a computer system if an unknowing user clicks on a link — when the attacks began in early September, according to two American officials."

One of the hacking scenarios described in the documents leaked by Snowden describes how the NSA's Tailored Access Office hijacked a botnet known by the codename "Boxingrumble" that initially was used to target the computers of Chinese and Vietnamese dissidents and was being used to target the DOD's unclassified NIPRNET network.

"The NSA was able to deflect the attack and fool the botnet into treating one of TAO's servers as a trusted command and control (C&C or C2) server. TAO then used that position of trust, gained by executing a DNS spoofing attack injected into the botnet's traffic, to gather intelligence from the bots and distribute the NSA's own implant malware to the targets." reports ArsTechnica.

Based on the new leaks from the world-renowned whistleblower Edward Snowden, the NSA is preparing the USA for digital wars. The Agency has been building its defensive line and asking for people who enjoy breaking things to join their cause. As it seems, thorough preparation is taking place for the digital wars to come – the Internet is certain to play a crucial role to the wars of the future, after all. In order to prevail, they have been aiming to the establishment of the innovative and extremely powerful D weapons (with D referring to Digital), after the Atomic, Biological and Chemical ones of the past.

James A. Lewis is an expert in cyberwarfare working at the Center for Strategic and International Studies in Washington. He commented on the determination and certainty of Barack Obama to accuse North Korea of the recent Sony hack:

"Attributing where attacks come from is incredibly difficult and slow. The speed and certainty with which the United States made its determinations about North Korea told you that something was different here — that they had some kind of inside view."

Such haste and lack of doubt surely raise an eyebrow as to how the United States of America have managed to get solid proof of North Korea's guilt on the matter.

Der Spiegel brought to public attention another top secret document, which reveals that the NSA obtained data from places like North Korea. The document sheds light on the methods used by spying agencies worldwide, with information collected one way or another and data transferred to various destinations. As a result, all the revelations agree that the NSA has been accurate and to the point toward penetrating one of the most powerful systems in the world and that the data collected is meant to help in cases of cyberwarfare.

http://securityaffairs.co/wordpress/32592/intelligence/

« Understanding digital intelligence from a British Perspective
Hacking Paranoia: Switzerland Cashing In By Marketing Itself As A 'Safe Haven' For Storing Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

Watch this webinar to explore the Security orchestration, automation, and response (SOAR) paradigm, its relationship with organization IT practices, and its role in your security strategy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

M5 Network Security

M5 Network Security

M5 Network Security provide cybersecurity services to military, government and large corporations.

Cybrary

Cybrary

Cybrary is an open-source cyber security and IT learning and certification preparation platform.

Sternum

Sternum

Sternum provides reliable and effective endpoint security for any IoT device, using robust technology and seamless integration.

Flipside

Flipside

Information Security training provider specialized in personalized training and security awareness campaigns.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

MCPc

MCPc

MCPc improves the security and well-being of our clients. We protect data, manage the complexity and sustainability of technology, empower employee performance, and ultimately reduce business risk.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

Airgap Networks

Airgap Networks

Airgap is fixing the fundamental flaw of excessive trust. We help enterprises modernize their network for a simple and secure infrastructure.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

Secora Consulting

Secora Consulting

Secora Consulting is a professional services company specialising in tailored cybersecurity assessments and cyber advisory services.