Report: Inside North Korea's network, NSA saw signs of Sony attack

But the agency didn't expect that an attack with such devastation was impending, The New York Times reported

The U.S. National Security Agency has had a secret foothold for years in North Korea's networks and saw signs of the Sony Pictures Entertainment attack but only in retrospect grasped its reach and depth, The New York Times reported Sunday.

The spy agency has worked for at least four years to infiltrate networks inside North Korea and those in China and Malaysia favored by the country's hackers, the newspaper reported, citing former U.S. and foreign officials and a newly disclosed NSA document published by Der Spiegel.

The revelation explains why the U.S. quickly blamed North Korea for the attacks despite widespread skepticism from the computer security community, which said only circumstantial evidence pointed to the country's involvement.

The hackers were "incredibly careful, and patient," the Times reported, citing a person who had been briefed on the investigation.

The Sony attack stole terabytes of sensitive documents, including a salary spreadsheet for 6,000 employees, internal emails, pre-release copies of films and vast amounts of personnel data. It also broke thousands of the organization's computers by using a destructive type of malicious software that wipes files.

A group calling itself the Guardians of Peace claimed responsibility for the attacks, releasing the data piecemeal on file-sharing sites and reaching out directly to journalists with links to the material.

It initially appeared the group wanted to blackmail Sony. Only later did the North Korean connection emerge in part due to Sony Pictures' plan to release "The Interview," a comedy centered on an absurd campaign by two Americans to assassinate North Korean leader Kim Jong Un.

After the U.S. blamed North Korea in mid-December, it was silent on what evidence led to the conclusion. On Jan. 2, President Barack Obama authorized sanctions against North Korea, adding to those in place for years against the secretive nation.

It's the second time the U.S. has directly blamed another country for cyberattacks. In the first legal action of its kind in May 2014, federal prosecutors charged five members of the Chinese Army with stealing trade secrets from U.S. organizations over eight years. China denied the accusations.

FBI Director James Comey offered more clues for the Sony attacks on Jan. 7, saying the hackers failed to to mask their IP addresses. That revealed some emails from the hackers to Sony employees came from Internet connections used by the North.

The NSA saw spear phishing emails sent to Sony in early September, but the attacks did not look unusual, the Times reported. Phishing emails typically try to get people to open malicious attachments that can install malware or reveal login credentials for attacks.

Only later did the NSA figure out that North Korea had stolen account credentials for a Sony administrator. Investigators now believe the Sony hackers spent more than two months inside Sony's network, mapping its systems, identifying critical files and planning to destroy computers, the Times reported.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags securityU.S. National Security Agency

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?