NSA inside N Korean computer systems ahead of Sony attack

Washington knew North Korea was the culprit in the Sony Pictures hack because the NSA had already infiltrated the country's computer system four years ago according to a New York Times report today.

Following a destructive cyber-attack on South Korean banks in 2013, the NSA – with the help of South Korea and other allies - “penetrated directly" into the North's systems via Chinese networks and connections in Malaysia used by North Korean hackers, having previously focused on gathering information about the country's nuclear programme.

The NYT report cites a newly disclosed N.S.A. document (which suggests GCHQ involvement) as well as US officials and experts, who spoke on the condition of anonymity about the classified NSA operation. It claims that there are roughly 6,000 hackers working for Kim Jong-un's government, mostly commanded by the country's main intelligence service, called the Reconnaissance General Bureau, and Bureau 121, its secretive hacking unit, with a large outpost in China.

The result was the US's first explicit attribution of a cyber-attack to another government, and the first explicit retaliation for cyber-attack, including economic sanctions.

It is believed that no early notice was given to Sony about the attack, despite Pyongyang's warning that release of the movie, “the Interview' ridiculing Kim Jong-un would be an act of war, as the US did not want to expose its information-gathering activities and methods used in North Korea, and had under-estimated the likely seriousness of any attack.

The attackers are believed to have been inside Sony's computer systems from mid-September to mid-November last year, mapping and identifying critical files and planning how to destroy computers and servers.

FBI director, James B Comey commented at a recent conference: “We could see that the IP addresses that were being used to post and to send the emails were coming from IPs that were exclusively used by the North Koreans.”  Some of these were reportedly traced to an “attack base” the northeastern Chinese city of Shenyang, where there are many North Korean-run hotels and restaurants.

Nonetheless, North Korea has denied responsibility for the atttack and threatened its own retaliation, while many experts remain skeptical about North Korean involvement and have suggested it was a disgruntled Sony employee or ex-employee or others making it appear as if the attack came from North Korean hackers.