A presentation by a former NSA analyst revealed it’s feasible for the NSA to hack a large corporation, such as Sony Pictures, and blame it on a foreign country such as North Korea.
Charlie Miller, who spent five years exploiting foreign computers for the NSA, gave a presentation entitled Kim Jong-il and Me: How to Build A Cyber Army to Attack the U.S. in which he explained various hacking methods and how easy it was to blame an attack on another country.
His presentation largely relied on his experience at the NSA.
“I’ll talk about what I know, which is offense,” Miller said to his audience at Defcon.
He explained how targeted computers can be exploited through previously unknown vulnerabilities, but the most revealing part of his presentation was how hackers could easily rout their attack to frame another country.
“Maybe a computer from China is attacking you but really that computer is some Russian dude who’s logged into that computer,” he said. “So you can’t tell if it was Russia or China.”
“On the opposite side, it will make attribution really hard for your opponent because you’ll be able to attack from a thousand different places, and from all over the world and they’re not going to know who you are,” he added.
Miller also mentioned the strategy of dominating cyberspace by controlling as many computer devices around the world as possible, which is a key tactic of the NSA based on the documents leaked by various whistleblowers.
The ability to launch cyber attacks from a controlled network in a foreign country, then attribute the attack to any country or faction which would be hard to disprove are all qualities desirable for a false flag attack and they are all within the capabilities of the NSA.
So it’s not far-fetched to consider the NSA as a potential suspect in the Sony hack which the federal government is now blaming on North Korea.
“It’s easy for attackers to plant false flags that point to North Korea or another nation as the culprit,” Kim Zetter with Wired wrote. “And even when an attack appears to be nation-state, it can be difficult to know if the hackers are mercenaries acting alone or with state sponsorship—some hackers work freelance and get paid by a state only when they get access to an important system or useful intelligence; others work directly for a state or military.”
“Then there are hacktivists, who can be confused with state actors because their geopolitical interests and motives jibe with a state’s interests.”