NSA Hacks Back Into North Korean Networks, Confirms Sony Attack Involvement
We all know how strong the foundations of the U.S. National Security Agency are, and how it has been secretly spying on multiple governments. A new report in The New York Times revealed that NSA has also had a secret foothold in North Korea’s networks for years and the agency detected signs of the Sony Pictures Entertainment attack in their systems. So far it has only identified its reach and depth.
The spy agency has worked for at least four years to infiltrate networks inside North Korea and even those in China and Malaysia favored by the country’s hackers, according to the news report and a disclosed NSA document published by Der Spiegel.
This revelation makes sense as it explains why the U.S. had so confidently and quickly blamed North Korea for the attacks, even though the general computer security professionals were still highly skeptical about pointing fingers so quickly, as they said only circumstantial evidence pointed to the country’s involvement.
Last year in November, Sony Entertainment was attacked in the worst and biggest security breach we have seen so far, as a group of hackers, “Guardians of Peace” claimed responsibility for it. The group stole terabytes of sensitive documents, personal emails, information of employees and even pre-release copies of films. It then wiped the files with malicious software, rendering the thousands of affected computers completely useless.
As if the stealing wasn’t enough, GoP then released the data on file sharing sites for the public, specifically reaching out to the journalists.
Initially, the group’s intention was believed to be blackmail, but as the dots connected up to North Korea, the intention of disrupting the release of “The Interview” became evident. The movie is satirical and focused on assassination of the North Korean leader.
The FBI also dug up more clues earlier this year, regarding North Korea’s involvement with the Sony attacks, saying the hackers failed to to mask their IP addresses. This was figured out through the emails sent from the hackers to Sony employees, which came from Internet connections used by the North.
However, there were faults on both sides as the NSA had detected spear phishing emails sent to Sony in early September, but were ignored as they did not look unusual. Phishing emails typically try to get people to open malicious attachments that can install malware or reveal login credentials for attacks.
It was after the attack that NSA figured out that North Korea had stolen the account credentials of a Sony administrator. The hackers were “incredibly careful, and patient,” according to the report, as they spent more than two months inside Sony’s network, identifying critical files and planning out the attack on the computers.