David Sanger and Martin Fackler write in the NYT that the NSA “drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies,” and also placed malware in North Korean computer systems “that could track the internal workings of many of the computers and networks used by the North’s hackers.” This malware created an “early warning radar” that supported the attribution of the Sony hack to North Korea.
Glenn Greenwald tweets of this story that “Anonymous NSA & WH officials leak details about surveillance on NK, but it's OK because it's designed to help the WH.” Not quite, at least according to the NYT reporters, who describe their sources as “former United States and foreign officials, computer experts later briefed on the operations and a newly disclosed N.S.A. document.” These former U.S. officials might or not be from the NSA and White House – we don’t know. But Greenwald’s basic point still holds. The USG does not to go after "helpful" leakers nearly as robustly as it goes after those deemed "unhelpful."
Is this a helpful leak? I am sure many in the intelligence community are furious for what it reveals about USG techniques and capabilities. I am also sure that this revelation will blow the effectiveness of these methods to some uncertain, and probably large, degree. On the other hand, it strengthens the case for the North Korean attribution. And it will also have to some uncertain degree a general deterrent effect on cyberattacks against the USG, for it reveals yet again how good the NSA is at penetrating foreign networks and watching plots against the USG. Our adversaries must assume that no matter what precautions they take, the NSA might be watching.
On the attribution front, the truth is that this story provides no more “evidence” of attribution to North Korea than did the earlier FBI statements. And yet I suspect this story will lay the attribution question to rest. This information seems more credible, both because of the nature of the information revealed, and because it is being printed with the NYT’s 3d-party imprimatur. Ben and I discussed this and similar mysteries of attribution in our podcast discussion.
Finally, as I have noted before about similarly revealing David Sanger cyber stories, this article reveals how much the norms surrounding publication have changed. Like dozens of others stories published about USG cyber and surveillance, this one flies in the teeth of the publication prohibition in 18 U.S. Code §798. It is quite clear that the USG no longer considers enforcing this provision against journalists. It is also clear, in light of DOJ’s Risen stand-down and the Attorney General’s change of guidelines for issuing subpoenas against journalists, that the Justice Department – in this administration, but perhaps forever – is not going to go after reporters for their sources, at least in the national security context. Also, despite the hysteria over leak prosecutions against U.S. officials by the Obama administration, DOJ has gone after a very tiny fraction of leakers, and has not been terribly effective in doing so. The combination of rampant leaking, the USG stand-down against reporters, the difficulty of successful prosecution of “bad” leakers, and the failure to prosecute “useful” leakers, will only further contribute to the norm of impunity for leaking high-level classified information, which in turn will contribute to the ready flow of classified information to the public.