Friday, 07 September 2018 07:51

Ex-NSA hacker says naming N. Korean in complaint a rights issue Featured

Jake Williams: "We must stop conflating criminal action and diplomatic action. It absolutely will come back to bite us." Jake Williams: "We must stop conflating criminal action and diplomatic action. It absolutely will come back to bite us." Supplied

Former NSA hacker Jake Williams has again slammed the US Government for naming individual attackers from other countries, with his comments this time directed at the FBI for naming a North Korean in a criminal complaint.

Williams, it may be recalled, made a similar statement after the US Justice Department issued an indictment in July naming 12 Russians for alleged hacking offences connected to the 2016 US presidential election.

The FBI complaint named one Park Jin Hyok, a North Korean citizen, as being behind a number of digital break-ins, including one in November 2014 directed against Sony Pictures Entertainment, the theft of $81 million from Bangladesh Bank in 2016, and allegedly authoring the WannaCry ransomware which was used in attacks in May 2017.

Said Williams: "Charging individual North Korean Government hackers as individuals is a human rights issue. Assuming the intrusions have been correctly attributed to Park (not a given), unlike me, he likely had zero choice in his actions. This is not okay."

In April last year, a group known as the Shadow Brokers named Williams in a number of tweets, since deleted, and provided details about his involvement in a number of hacks that he had been part of during his days as a member of the NSA's Tailored Access Operations unit (which has since been disbanded and absorbed in 2016 into the agency’s new Directorate of Operations).

Until then, Williams had not disclosed the fact that he had worked for the TAO during his NSA days.

"People living in North Korea don't get a choice when the government comes calling," Williams wrote on Twitter. "There are countless stories of atrocities where whole families are imprisoned (or worse) for defying the orders of the government. We know what would have happened if Park refused to hack Sony.

"Park's only crime is his talent. Because he was selected to be educated in Computer Science (probably based on aptitude), his trajectory was set. Now that he faces indictment, his trajectory is likely set too. Park will never be turned over to the US for trial."

Williams stands out among the ex-NSA crowd in that he is willing to go on the record without hiding his identity. There are others who make statements without allowing their names to figure in the media.

"Long before DPRK extradites him, they'll make him disappear," Williams said. "If he tries to defect, the DPRK government will imprison or kill his family. Some will say we must prosecute crime 'to send a message'. But what message is being sent? I think it's 'we don't care about his life'.

"Look at the nations where we're charging government hackers. Russia, Iran, China, and now DPRK. Notice a pattern? It's a history of human rights abuses. Do you really think that more well-mannered nations aren't hacking? If so, I've got bad news for you.

"Do you think we haven't found other nation's hackers in our networks? I bet we have. But we have other diplomatic means to handle those issues. We must stop conflating criminal action and diplomatic action. It absolutely will come back to bite us."

After Williams was outed by the Shadow Brokers, he had to cancel a number of planned trips outside the US for fear that he might be apprehended in one of these countries for being involved in operations against them. He has his own company Rendition Infosec and is in demand as a infosec trainer.

"Another thing those countries share in common is that they will never extradite their people to the US to face those charges," Williams said. "In terms of justice, these charges are entirely symbolic.

"I don't say things lightly: if you're involved in this particular set of charges, you have blood on your hands. I had a choice in my participation in government hacking operations. You have a choice to participate in these actions. Park did not. Period."


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments