Skip to main content

The irony of the US government's cyber security policy

While the news of the recent Sony hack has died down, it certainly isn't forgotten. The simple fact remains that we still have no clear answer on who was responsible. The US government blamed North Korea and initiated sanctions on the nation, though no real evidence was put forth to support this alleged misdeed, leaving the move to reek of political motivation.

The simple fact that the hackers originally asked for money, as if it were a hostage situation, seems to point away from state-sponsored wrongdoing, but we simply don't know the real truth, and perhaps never will. All we really know is there's a lack of evidence for this case. We'd be safe in speculating a jury would be unlikely to convict the country.

Security researchers at F-Secure have something to say on this. The firm states that the US government hacked at least three Taiwanese companies -- CMedia, JMicron and Realtek. The firm states a very simple and plausible reason for these attacks -- "And why did the United States hack three Taiwanese technology companies? To steal digital certificates in order to sign drivers used by Stuxnet and Duqu".

You may recall that Stuxnet was the "virus" that took down Iranian nuclear facilities. The US and Israel were immediately suspects for this event. Since it happened, though, the US has ended up the one pinned with committing the act.

F-Secure doesn't give any further information, simply concluding that "Now where do you suppose the DRPK got the crazy idea it was okay to hack companies and to steal data from?" The conclusion suggests guilt, something most experts aren't ready to claim.

Image Credit: alphaspirit/Shutterstock