North Korea: Spyware vs. Spyware

Still from The Interview

by John Feffer

The cyberattack on Sony Pictures last month was a classic whodunit. The FBI, playing the role of Sherlock Holmes, visited the virtual crime scene, gathered up the evidence, and tried to piece together the motives of the potential culprits.

As a result of the FBI investigation, the Obama administration declared that North Korea was the instigator. The U.S. government claimed to have irrefutable evidence that North Korean hackers were responsible for breaking into Sony’s servers and vacuuming up private emails and information about executive salaries. Released to the press, this information proved a great embarrassment to the company.

The motive, meanwhile, was clear. North Korea was unhappy about the Sony picture The Interview, which portrayed the assassination of North Korean leader Kim Jong Eun. The hackers had also threatened to coordinate attacks against theaters premiering the film.

So: an open-and-shut case. The Obama administration imposed yet another set of sanctions against North Korea, and congressional hardliners pressed for the United States to return the country to the terrorism list.

Then the doubts began, as industry experts began to challenge the Obama administration’s assertions about North Korea’s culpability. Hackers were notorious in their ability to disguise their tracks and pin the responsibility on an innocent third party. A note sent to a journalist included a line in Korean that was ungrammatical and, worse, didn’t use the proper honorific for Kim Jong Eun. Other potential culprits – including disgruntled Sony employees and a mysterious cybercrime outfit called the Lizard Squad – began to complicate the picture of North Korea as the brains behind the operation. Skeptics, myself included, demanded that the FBI present all the evidence.

That’s when The New York Times revealed a big twist in the plot – and all whodunits need a twist to keep the attention of readers.

The United States had in fact been the first to hack into North Korea. It had done so preemptively, and as far back as 2010. The National Security Agency wasn’t just snooping around. It installed malware on North Korean computers to monitor the activities of such entities as Bureau 121, which is allegedly responsible for cyberattacks.

This is not the first time that the United States has engaged in the same kind of cyberoperations that it criticizes other countries for sponsoring. Washington deployed several destructive viruses against Iran’s nuclear industry. And it has gone head-to-head against China in this new arms race in the digital realm. A good defense, as the saying goes, is a good offense.

And we likely know only the tip of the iceberg when it comes to U.S. cyberwar activities. The U.S. objective of maintaining “full spectrum dominance” extends to cyberspace. The Pentagon has been bringing in experts from the private sector to help maintain this dominance, for instance through “Plan X,” a Pentagon initiative to make cyberwarfare as easy for the average military official as playing a video game.

There are some interesting holes in the story of the preemptive U.S. strike on North Korea, however. For instance, if the NSA was monitoring North Korean activities, why didn’t it alert Sony to the threat? Perhaps the U.S. government was more interested in assessing the capabilities of North Korea than they were in helping to plug a hole in Sony’s defenses.

Another interesting question mark in the story is the role of South Korea. According to the Times report, the NSA hacked into North Korea with the help of South Korea. But other documents released by Edward Snowden suggest that the NSA actually infiltrated South Korea’s spy systems and in that way made its way to the North. So, which was it: was South Korea an ally or a target?

And therein lies the most provocative challenge of the cyberworld. Everyone is an object of surveillance. Yes, the United States treats its allies differently than its adversaries when it comes to official foreign and economic policy. But intelligence agencies are often just as interested in an ally’s secrets as an adversary’s. And in the business world, there is no such thing as friend and foe. Everyone is a competitor.

That’s why Edward Snowden’s revelations were so devastating. The Germans learned about the hacking into Chancellor Angela Merkel’s cell phone, just as the Brazilians found out about the surveillance of President Dilma Rousseff’s email and phone calls. Germany and Brazil are U.S. allies. But they are also countries that pursue their own national interests. So, as far as the United States is concerned, they need to be monitored.

Moreover, as the Snowden documents revealed, the United States has felt the need to conduct surveillance on Americans themselves – just in case the private interests of U.S. citizens don’t intersect with the national interests of the country.

Snooping on foreign leaders? Monitoring its own citizens? Suddenly, the United States was sounding a lot like North Korea. After all, North Korea is renowned for maintaining tight surveillance of its own citizens. The North Korean government is also deeply suspicious of the behavior of even its erstwhile allies, like China and Russia.

But, of course, it was the United States that launched its hacking attack on North Korea before North Korea had turned its sights on the United States.

The Sony hack has been held up as an example of North Korea’s specialty: asymmetrical warfare. It usually relies on the weapons of the weak against strong adversaries like the United States. But there was a dangerous symmetry lurking in the cyberworld all along. Spyware, it seems, is everywhere.

This article was first published in the South Korean newspaper Hankyoreh. Photo of James Franco and Randall Park in The Interview.

John Feffer

John Feffer is the director of Foreign Policy In Focus at the Institute for Policy Studies. He is also the author, most recently, of Aftershock: A Journey into Eastern Europe's Broken Dreams (Zed Books). He is also the author of the dystopian Splinterlands trilogy (Dispatch Books). He is a former Open Society fellow, PanTech fellow, and Scoville fellow, and his articles have appeared in The New York Times, Washington Post, Los Angeles Review of Books, Salon, and many other publications.



  1. I heard that only about 1000 people had internet access in North Korea. Hardly a hotbed of nerdom.

  2. Ah yes, and another one bites the dust. This gives the private sector more ammunition to sell the Government more of its software, whether or not if it works. Of course, its the private contractors who along with the insiders, who will make the decisions to buy what ever is offered. One only has to look at the DoD’s so-called cyber-security needs and the wants to see all the sharks drooling for the $$$$$ that will be thrown their way by the stooges in congress this session. As for the F.B.I. getting anything right, they couldn’t stop 9-11, so why should we believe them now about what they say? As for “O” and his theatrics, it’s damned if he does, damned if he doesn’t. Next, we’ll be hearing the Repuglicon battle cry of “where’s Clarence Thomas when we need him to run in 2016 for POTUS?

  3. Korea is the gift that keeps on giving to the Pentagon. The idea is to keep the fifty year war going, complete with US soldiers in country and periodic provocations. The Korean people, many of them, would like to get their united country back but the US won’t hear of it. It gives the US airbases one air-hour from Shanghai and Beijing, for one thing. South Korea is fully capable of defending itself, but the US masters of their military won’t leave.

Comments are closed.