How was North Korea able to pull off a successful cyberattack against Sony?  What was the secret exploited by the North Koreans?

Well, the New York Times is reporting that it was no secret at all.

people

It was good old fashioned spearphishing which deceived a Sony employee. That deception compromised system admin credentials. With the system admin credentials in hand, the North Koreans:

spent more than two months, from mid-September to mid-November, mapping Sony’s computer systems, identifying critical files and planning how to destroy computers and servers.

There are two secrets. The first secret is that the US Government was monitoring North Korea’s hackers and saw the spearphishing emails when they were sent in early September. The other secret is just how hard it is to connect the dots to figure out what bad guys are doing.  Even monitoring what the North Koreans were doing was little help in incident response and remediation.

“They were incredibly careful, and patient,” said one person briefed on the investigation. But he added that even with their view into the North’s activities, American intelligence agencies “couldn’t really understand the severity” of the destruction that was coming when the attacks began Nov. 24.

We are reminded yet again that deceiving users with spearphishing is an excellent means to infiltrate systems. Without SP Guard, personnel receiving spearphishing emails are left to guesswork in determining if the email should be trusted. That guesswork is made in a decision space that is manipulated by the attacker. With SP Guard installed, IT is able to provide personnel with real-time identification of trusted senders.

Users will decide which emails to trust. That decision can be guesswork or it can be guided by IT.