NSA knows North Korea hacked Sony, because it hacked North Korea years ago
When the White House publicly accused North Korea of being responsible for the recent cyber attacks on Sony, many cyber security experts were surprised and doubtful, due in part to the speed and certainty with which the government responded. It turns out that the White House may have had good reason for its self-assurance.
Long before North Korea could hack Sony, the National Security Agency hacked North Korea.
According to classified NSA documents obtained by Spiegel, and later analyzed by the NY Times, the NSA first took action against North Korea as far back as 2010. It didn’t realize at the time that the Sony attacks were coming, but looking back it is confident that North Korea was responsible, and it has the evidence to back it up.
Hacking North Korea
Due to the rising threat of North Korea’s nuclear program, in 2010 the NSA drilled into the Chinese networks that connect North Korea to the rest of the world. Then with the help of South Korea and others, the agency analyzed lines in Malaysia that the North Koreans used. From there, the NSA began to place malware that could track the North Korean computer network, and specifically its cyber warfare divisions.
According to South Korean military estimates, the North Koreans employ some 6,000 hackers, split between its Reconnaissance General Bureau and the elite and secretive hacking unit, Bureau 121, which partly operates out of China. The NSA set up an “early warning radar” of software, carefully hidden to monitor North Korean cyber activities without letting the country know it was being tracked. It is because of this that the White House was confident enough to act.
Governments rarely openly accuse a country of cyber warfare, even though it happens all the time. Cyber incursions are notoriously difficult to prove. Even when the identity of the culprit is almost certain, there is enough doubt that most officials aren’t prepared to condemn a nation for it.
The speed and certainty of the White House’s actions are a big part of why so many cyber security firms, including Norse, were quick to doubt the claim. There were other questions as well, enough that Norse and others believed that the FBI was either wrong, or there was a “smoking gun” that the government was keeping to itself.
Enter the NSA.
The smoking gun
Based on the new information, the NSA was monitoring North Korea long, long before its hackers began “spear phishing” Sony. Details on the NSA’s monitoring are – unsurprisingly – classified, but the report claims that the NSA may have seen the attempts to obtain Sony passwords from admins by getting them to unwittingly click on malware, as nothing particularly out of the ordinary. Phishing attempts happen all the time, from all over the world.
It was only after Sony was hacked, supposedly because of the film The Interview, that investigators realized the North Koreans were successful.
At some point, North Korea managed to get a hold of the credentials that granted the hackers free reign of Sony. Even with the credentials, the hacks were said to be sophisticated, so much so that some believe North Korea could not have been responsible. The more likely explanation, many feel, is that the hacks begin and end with a disgruntled Sony employee that may have had help.
According to FBI director James Comey though, the North Koreans were “sloppy” in hiding their tracks, and that they were “connected directly and we could see them.”
“And we could see that the I.P. addresses that were being used to post and to send the emails were coming from I.P.s that were exclusively used by the North Koreans,” he said.
Even so, critics claim that another person or group could have made it look like the North Koreans were responsible. Comey claims that there is more evidence that he can’t discuss, however, and NSA director Admiral Michael S. Rogers said essentially the same thing before stating that he has “high confidence” that North Korea was responsible. That doesn’t necessarily mean North Korea acted alone, but it was responsible.
The attacks are being considered the largest destructive attack against an American target in history, large enough that a response was not only merited, it was necessary.
In retaliation, the White House issued a new round of sanctions against North Korea further isolating the country. And more reprisals are expected.