X

NSA was tracking North Korea back in 2010, docs reveal

A New York Times report, triggered by the leak of new documents, sheds light on how US officials so quickly concluded North Korea was the source of the November hacking attack against Sony Pictures.

Michelle Meyers
Michelle Meyers wrote and edited CNET News stories from 2005 to 2020 and is now a contributor to CNET.
Michelle Meyers
3 min read


460687892.jpg
President Barack Obama in December blames North Korean for the Sony hack and vows to respond proportionately. Chip Somodevilla, Getty Images

The National Security Agency was tracking North Korea's hackers long before they attacked Sony Pictures, according to report that sheds light on how US officials so quickly concluded North Korea was to blame for the hack.

The NSA used malware to track North Korean hackers as part of a program launched more than four years ago, The New York Times reported on Sunday, citing former US officials, computer experts and a newly released top secret document, (PDF), which was provided to Der Spiegel by NSA whistleblower Edward Snowden.

"Spurred by concerns over North Korea's maturing capabilities," the spy agency penetrated North Korea's networks in 2010 with help from South Korea and other American allies, the Times reported. A classified program evolved into an "ambitious effort" to place malware that could track the internal workers of computers and networks used by the North's hackers -- "a force that South Korea's military recently said numbers roughly 6,000 people," the Times reported.

Evidence gathered by what the Times referred to as the "early warning radar" of software reportedly played a role in President Barack Obama's relatively quick decision to accuse Kim Jong-un's government of ordering the attack on Sony -- a move that raised some eyebrows in the security community.

Brian Hale, a spokesman for the director of national intelligence, said he could not speak to the Times report as it relates to the Sony hack. But he did confirm that the US intelligence community (USIC) is fully aware of North Korea's many efforts in recent years to "probe and infiltrate US commercial networks and cyber infrastructure.

"The USIC has been tracking North Korean intrusions and phishing attacks on a routine basis. While no two situations are the same, it is our shared goal to prevent bad actors from exploiting, disrupting or damaging US commercial networks and cyber infrastructure, " he said in a statement. "When it becomes clear that cyber criminals have the ability and intent to do damage, we work cooperatively to defend networks."

The cyberattacks against Sony, carried out in November by a group that called itself the Guardians of the Peace, resulted in the leaking of thousands of documents that revealed the inner workings of Sony and its movie deals, including embarrassing email exchanges between executives and personal information of employees and celebrities. Four weeks after the attack, the FBI said it had determined the North Korean government was responsible for the hacks, based on analysis of the software used during the attacks.

Obama signed an executive order early this month to authorize sanctions that allow the US Treasury Department to restrict North Korean officials, entities and supporters from accessing the US financial system. This means Americans are not allowed to do business with them.

Film behind to fury

The controversy centers on the Sony Pictures comedy "The Interview," which stars Seth Rogen and James Franco as a producer and TV personality, respectively, who get the chance to interview Kim Jong-un, the leader of North Korea, and are drawn into an assassination attempt by the CIA.

The hackers threatened to release more private information stolen from Sony Pictures if the movie was released, and they also implied that terror attacks could take place at any theaters screening the film. After the threats, national movie theater chains decided not to screen the movie, and Sony announced it would not release the film. But public pressure mounted against Sony, with consumers, actors and the president criticizing the company for buckling to the hackers' pressure.

"We cannot have a society in which some dictator someplace can start imposing censorship here in the United States," Obama said after Sony's decision not to release the film.

Sony backtracked. Two days before Christmas, the studio said the movie would play at about 200 theaters. Then Sony struck deals to make the movie available for streaming on Christmas Eve through digital channels. It's currently available for streaming through a number of platforms online, and on Wednesday the release was expanded to the In Demand pay-per-view network and Sony's PlayStation gaming network.

By the end of the first week, online audiences had rented or purchased the film -- which had a $44 million budget -- more than 2 million times, bringing in more than $15 million. In theaters, the film brought in about $2.8 million.