US and North Korea. Image courtesy of Shutterstock.
Naked Security Naked Security

Why the US was so sure North Korea hacked Sony: it had a front-row seat

A newly released, top-secret document traces the NSA's infiltration of North Korean systems back to 2010, when it piggybacked on South Korean "implants" on North Korea's networks and "sucked back the data".

US and North Korea. Image courtesy of Shutterstock.We may finally know why the US was so confident about identifying North Korea’s hand in the Sony attack: it turns out the NSA had front-row seats to the cyber carnage, having infiltrated computers and networks of the country’s hackers years ago.

According to the New York Times, a recently released top-secret document traces the NSA’s infiltration back to 2010, when it piggybacked on South Korean “implants” on North Korea’s networks and “sucked back the data”.

The NSA didn’t find North Korea all that interesting, but that attitude changed as time went on, in part because the agency managed to intercept and repurpose a 0-day exploit – a “big win,” according to the document.

Unidentified officials told the New York Times that the program snowballed, to the point that malware was placed to track the internal workings of many of the computers and networks used by North Korea’s cyber forces: an army that South Korea’s military recently said has about 6,000 elite hackers.

The million-dollar question, of course, was why the NSA’s “early warning radar” of planted spyware failed to give Sony Pictures Entertainment (SPE) a heads-up about the recent attack, even though it provided a trail of evidence convincing enough for President Obama to take the unprecedented step of accusing a nation of cyberattack.

The NSA should have seen the first spear-phishing attacks, which, two US officials told the NYT, North Korea threw against Sony beginning in early September.

But, the New York Times reports, there was nothing remarkable about the attacks, and only in retrospect did investigators figure out that the phishing was successful in stealing credentials of a Sony systems administrator, which allowed the attackers to get inside Sony’s systems and roam freely.

According to a person briefed on the investigation, that gave North Korea two months to thoroughly map Sony’s systems, identify critical files and plot how to rip it to shreds.

The New York Times quotes him:

They were incredibly careful, and patient. [But even with their view into the North’s activities, US intelligence agencies] couldn’t really understand the severity [of the forthcoming destruction].

NBC News further reports that the first the government learned of the Sony attack was on 24 November 2014, when Sony alerted the FBI’s cyber unit.

The latest twist in the Sony saga supports those who’ve been arguing that the US must have had a lot more evidence shoring up its confident accusations of North Korea.

Will it convince those who believe that the attack was unleashed by a disaffected former employee working with hacktivists?

Readers, does it convince YOU? Please let us know in the comments section below.

Image of US and North Korea courtesy of Shutterstock.