Interesting report by Joseph Menn of Reuters:
The United States tried to deploy a version of the Stuxnet computer virus to attack North Korea’s nuclear weapons program five years ago but ultimately failed, according to people familiar with the covert campaign.
The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran’s nuclear program in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uranium. Reuters and others have reported that the Iran attack was a joint effort by U.S. and Israeli forces.
According to one U.S. intelligence source, Stuxnet’s developers produced a related virus that would be activated when it encountered Korean-language settings on an infected machine.
But U.S. agents could not access the core machines that ran Pyongyang’s nuclear weapons program, said another source, a former high-ranking intelligence official who was briefed on the program.
By the sound of things this wasn’t actually the Stuxnet worm, but a different piece of malware (perhaps sharing similar code) that was specifically targeting North Korean systems.
The Reuters report claims that a key reason the attack on North Korea’s nuclear programme failed was because – unlike Iran – the country was too disconnected from the rest of the net.
Of course, it is – as usual – unnamed sources who contribute to this report. Which isn’t perhaps surprising when you consider how upset the White House was over their involvement in the Iranian Stuxnet attack leaking out.
The NSA has declined to comment on the claims of an attack on North Korea. But then it dodged answering questions about the United States’ malware campaign against the Natanz nuclear facility in Iran too.
Isn’t an odd world where America can get seriously uppity over allegations North Korea hacked a movie company, but may have been secretly attempting something much more serious against North Korea’s own nuclear programme?
What should a country take more seriously – attacks against systems involved in nuclear weapons programs, or hacks that break into an entertainment company and reveal what executives think of Angelina Jolie?
Of course, let’s not be fooled. I would be surprised if any advanced country wasn’t using malware to spy across the internet on their enemies (and sometimes even their friends).
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.