The National Security Agency was in the networks of North Korea long before the Sony Pictures Entertainment cyberattack.
The NSA broke into the Chinese networks that connect North Korea to the outside in 2010 because of worries about the country’s maturing capabilities, the New York Times reported Sunday, citing former U.S. and foreign officials, computer experts who later found out about the breach and a newly disclosed agency document.
The U.S. was able to pick through connections in Malaysia enjoyed by North Korean hackers with the help of both South Korea and other American allies. The NSA also aimed to put malware into the North Korean computer systems that could track the internal movements of the computers and networks, according to anonymous officials and experts familiar with the operation.
President Obama was able to accuse North Korean leader Kim Jong Un and his government of the Sony cyberattack thanks to the evidence gathered by the tracking malware, the sources said.
The first goal of accessing the North Korean networks in 2010 was to focus on its nuclear program and its leadership, as well as potential attacks aimed at U.S. military in South Korea, one former official told the Times.
However, the fact that the U.S. had previously penetrated the North Korean systems and failed to be able to better foresee the Sony attack does raise questions.
Though investigators are now aware that the hackers spent more than two months — mid-September to mid-November 2014 — prepping for the attack, it did not look unusual when it happened because North Korea had stolen the “credentials” of a Sony systems administrator, allowing the hackers to easily be inside Sony’s systems without looking suspicious.
