NSA tracked North Korea computer systems before Sony hack

The National Security Agency has had “beacons” monitoring North Korea’s computer network since 2010 and used them to pin the Sony Pictures hack on the reclusive East Asian regime, The New York Times reported.

The revelation has shed new light on the U.S. government’s accusation that Pyongyang was behind the cyberattack, which many in the cybersecurity community viewed with skepticism.

ADVERTISEMENT
It’s also raised questions about why the government did not warn Sony about a possible cyberattack.

According to the NSA’s monitoring system, North Korea was launching preliminary attacks on Sony as far back as September. Hackers were sending out “spear phishing” attacks — fake emails designed to get recipients to click on a link that installs malicious code.

The destructive digital assault on Sony caused the film studio’s computer network to crash in late November, exposed the company’s internal documents and emails, and almost caused the cancellation of a multimillion-dollar comedy, “The Interview.”  Pyongyang supposedly ordered the hit on Sony in retaliation for the film, which depicts the assassination of North Korean leader Kim Jong Un.

According to the Times, the NSA did not notice anything unusual about the initial North Korean cyber assaults on Sony. Only while looking into the major attack in November did investigators realize Pyongyang hackers had stolen the login credentials of a Sony network administrator through the September spear phishing attacks.

Those credentials allowed North Korea’s elite cyber unit, Bureau 121, to roam around the film studio’s networks for two months, learning the structure of Sony’s computer systems. That knowledge meant the unit could not only take Sony offline, but destroy critical documents and files as well.

“They were incredibly careful, and patient,” one person briefed on the investigation told The Times.

But even if the NSA had been aware of this reconnaissance work leading up to the major cyberattack, it still wouldn’t have been able to “really understand the severity” of what was being planned for late November, the person said.

The administration has taken countermeasures against North Korea in retaliation for the digital assault. President Obama recently announced a new round of economic sanctions targeting Pyongyang's arms dealers. 

Obama administration officials have also said more actions are in the works.