The U.S. National Security Agency had access to internal North Korean computer networks before the attack on Sony Pictures, according to a report by The New York Times. That access enabled the U.S. to conclude, with confidence, that North Korea was responsible for the hack on Sony.
The report quotes interviews with former U.S. and foreign officials, computer experts briefed on the matter and an intelligence agency document that was recently published by the German news magazine Der Spiegel.
The New York Times doesn’t go into any technical details on the level of access or how it was done, but the document does.
It says that the U.S. managed to get into North Korean computers by using existing secret access points run by South Korean intelligence agencies. The South Koreans had managed to hack computers used by North Korean officials and U.S. piggybacked on those vulnerabilities. It’s unclear if South Korea was aware the U.S. was using the access points, but it appears from the document that they did not.
Using the access, the N.S.A. was able to pull data from North Korean computers and learn more about the north’s computer networks. That enabled the U.S. to begin its own program.
The revelations go a long way to explaining why the U.S. government was able to conclude so quickly that North Korea was responsible for the Sony attack. Attributing cyberattacks to any actor is incredibly difficult, often taking months or not being possible at all, but the F.B.I. made its assertion less than a month after the attack happened.
Hours later, President Obama repeated the allegation and promised the U.S. would respond. Early in January, the U.S. slapped sanctions on several North Korean state actors including the Reconnaissance General Bureau (RGB). The RGB is believed to handle much of North Korea’s traditional and cyber espionage activities.
The speed of the U.S. conclusion, numerous inconsistencies with previous attacks attributed to North Korea, and the lack of any compelling evidence led many to question North Korea’s involvement, including this blog.
North Korea denied the allegations.