NSA was tracking North Korea back in 2010, docs reveal
The National Security Agency was tracking North Korea’s hackers long before they attacked Sony Pictures, according to report that sheds light on how US officials so quickly concluded North Korea was to blame for the hack.
The NSA used malware to track North Korean hackers as part of a program launched more than four years ago, The New York Times reported on Sunday, citing former US officials, computer experts and a newly released top secret document, (PDF), which was provided to Der Spiegel by NSA whistleblower Edward Snowden.
“Spurred by concerns over North Korea’s maturing capabilities,” the spy agency penetrated North Korea’s networks in 2010 with help from South Korea and other American allies, the Times reported. A classified program evolved into an “ambitious effort” to place malware that could track the internal workers of computers and networks used by the North’s hackers — “a force that South Korea’s military recently said numbers roughly 6,000 people,” the Times reported.
Evidence gathered by what the Times referred to as the “early warning radar” of software reportedly played a role in President Barack Obama’s relatively quick decision to accuse Kim Jong-un’s government of ordering the attack on Sony — a move that raised some eyebrows in the security community.
Brian Hale, a spokesman for the director of national intelligence, said he could not speak to the Times report as it relates to the Sony hack. But he did confirm that the US intelligence community (USIC) is fully aware of North Korea’s many efforts in recent years to “probe and infiltrate US commercial networks and cyber infrastructure.
“The USIC has been tracking North Korean intrusions and phishing attacks on a routine basis. While no two situations are the same, it is our shared goal to prevent bad actors from exploiting, disrupting or damaging US commercial networks and cyber infrastructure, ” he said in a statement. “When it becomes clear that cyber criminals have the ability and intent to do damage, we work cooperatively to defend networks.”