Exactly one month ago, the FBI declared North Korea was definitely behind the Sony Pictures hack, but aside from saying their hackers got “sloppy” and revealed that they were using IP addresses “exclusively used by the North Koreans,” they haven’t offered many details on why they’re so sure. Today the New York Times shed some light on how the U.S. knows it wasn’t some extremely disgruntled employee: Five years ago, the NSA hacked North Korea, and they’ve been watching the evolution of their nefarious online activities ever since. In fact, there were even signs that the North Koreans were hacking Sony back in September, but the U.S. government failed to warn the company.
The Times, citing U.S. officials and documents exposed by the Edward Snowden leak, reports that for about a decade the U.S. has been planting “beacons,” which can map a computer network, surveillance software, and sometimes malware in foreign enemies’ computer systems. In 2010, the U.S. began breaking into North Korea’s systems and tracking the online operations of the country’s roughly 6,000 hackers. The original purpose was to gather information about North Korea’s nuclear program and potential military attacks, but after the 2013 hack that took South Korean banks and media companies offline for several days, the U.S. began focusing on their online capabilities.
The software implanted in North Korea’s systems is referred to as “early warning radar,” but if U.S. officials were aware of what was happening at Sony before skulls showed up on employees’ screens in November, there’s no evidence that they let the company know. Two U.S. officials said the agency should have been able to see the “spear phishing” attacks aimed at Sony in September, but they only pieced together the clues after the fact. North Korea apparently stole a Sony systems administrator’s log-in information and spent months patiently mapping their computer systems. One person briefed on the investigation said the NSA “couldn’t really understand the severity” of what was coming in the November attack.
The “early warning radar” did help U.S. investigators track down the culprits, and it reportedly convinced President Obama to accuse Kim Jong-un of ordering the attack. So if North Korea does pull off another extremely damaging attack on a U.S. institution, rest assured that the government will be able to point the finger pretty quickly.