NSA Hacked North Korea Long Before Sony Cyberattack: Report
In the continued fallout of the Sony hack, a new report by the the New York Times—citing U.S. intelligence officials and documents previously leaked by Edward Snowden—puts the NSA inside North Korea's computer system as early as 2010. This previous hack, officials say, is how the United States apparently determined North Korea was responsible for the cyberattack on Sony.
The United States, "spurred by growing concern about North Korea's maturing capabilities," infiltrated North Korean networks to monitor hackers in the country:
A classified security agency program expanded into an ambitious effort, officials said, to place malware that could track the internal workings of many of the computers and networks used by the North's hackers, a force that South Korea's military recently said numbers roughly 6,000 people. Most are commanded by the country's main intelligence service, called the Reconnaissance General Bureau, and Bureau 121, its secretive hacking unit, with a large outpost in China.
U.S. intelligence has apparently been using "beacons" for "about a decade" to map and track computer networks of its enemies (primarily China). These beacons were supposedly a linchpin in attacks on Iran's nuclear program.
This software also, the Times reports, "proved critical" in the Obama administration's decision to call out North Korea for the cyberattack on Sony. Two anonymous officials told the Times that these previous hacks on North Korea's networks, "should have allowed the agency to see the first 'spear phishing' attacks on Sony." Or not:
But those attacks did not look unusual. Only in retrospect did investigators determine that the North had stolen the "credentials" of a Sony systems administrator, which allowed the hackers to roam freely inside Sony's systems.
In recent weeks, investigators have concluded that the hackers spent more than two months, from mid-September to mid-November, mapping Sony's computer systems, identifying critical files and planning how to destroy computers and servers.
Naturally, U.S. intelligence agencies have denied that they had any previous knowledge of North Korea's alleged intentions to hack Sony. One official told NBC News "that the first the government learned of the Sony attack was on Nov. 24, when the company alerted the FBI's cyber unit."
That North Korea was behind the cyberattack has been disputed: leading theories include an inside job hatched by a disgruntled employee (or ex-employee) or another group masquerading as North Korea.
[Image via AP]