US was monitoring N Korean hackers prior to Sony strike: report
NSA spent years building surveillance network to watch Pyongyang’s cyber-elite
The speed with which US investigators were able to discern North Korea's involvement in November's cyber-attack on Sony Pictures Entertainment was partially explained yesterday, as anonymous insiders told The New York Times of a five-year-old surveillance programme targeting North Korean hackers.
The US paper said sophisticated cyber tools were used by the US National Security Agency to tunnel through Chinese networks into North Korean infrastructure and drop surveillance and attack malware onto sensitive networks. The same tools were reportedly used to mount the joint US-Israeli attacks on Iran's nuclear infrastructure using the Stuxnet worm.
In the Sony incident, because the North's attack began with innocuous spear-phishing emails, the monitoring system did not pick up on the hackers' move to obtain sys admin credentials. Once the correct login was acquired, attackers could move freely within the network without alerting anyone.
Pyongyang's government went on record in June 2014 with its displeasure over an upcoming Sony Pictures comedy depicting the assassination of the North's leader, Kim Jong Un. Media outlets around the world were already alleging North Korean involvement before President Obama publicly accused the hermit nation of involvement.
Pyongyang issued a series of vehement denials and some security researchers questioned the ability of North Korean hackers to carry out the attack unaided. One company even suggested an alternative suspect to the FBI: a disgruntled ex-Sony employee who had intimate knowledge of the company's network. Others said it would be an easy task for any such attacker to disguise itself as using an IP reserved for North Korea, which was the principle evidence used by US officials in blaming Pyongyang for the Sony attack.
But South Korean officials have previously insisted that its northern arch-rival has built a formidable force of around 6,000 cyber specialists, most of whom serve either in the Reconnaissance General Bureau or top-secret hacking unit, Bureau 121, which has a major operating station in China.