According to the report that the NSA began placing malware in North Korean systems in 2010. Originally, the purpose of the surveillance was to gain insight into North Korea’s nuclear program, but after a large cyber attack on South Korean banks and media companies in 2013, they began to track North Korea’s cyber warfare attempts.
A classified security agency program expanded into an ambitious effort,
officials said, to place malware that could track the internal workings
of many of the computers and networks used by the North’s hackers, a
force that South Korea’s military recently said numbers roughly 6,000
people. Most are commanded by the country’s main intelligence service,
called the Reconnaissance General Bureau, and Bureau 121, its secretive
hacking unit, with a large outpost in China.
In the case of the Sony Pictures hack, which knocked nearly the entire company’s system offline, investigators believe that the North had stolen the “credentials” of a Sony systems administrator, which enabled them to spend two months familiarizing themselves with Sony’s network and plotting how to destroy files, computers, and systems.
“They were incredibly careful, and patient,” said one person briefed on
the investigation. But he added that even with their view into the
North’s activities, American intelligence agencies “couldn’t really
understand the severity” of the destruction that was coming when the
attacks began Nov. 24.
Attributing where attacks come from is incredibly difficult and slow,” said James A. Lewis, a cyberwarfare
expert at the Center for Strategic and International Studies in
Washington. “The speed and certainty with which the United States made
its determinations about North Korea told you that something was
different here — that they had some kind of inside view.”
Indeed, the level of sophistication of the Sony attacks saw many security experts
question the Administration’s claim of North Korean guilt. Many suggested that Sony insiders, disgruntled ex-Sony employees or outside hacking groups pretending to be North Korea were behind the attack. And that is despite the fact that F.B.I. director, James B. Comey, released some of the evidence that North Korea was the culprit.
And we could see that the I.P. addresses that were being used to post and to send the emails were coming from I.P.s that were exclusively used by the North Koreans,” he said. Some of those addresses appear to be in China, experts say.
The skeptics say, however, that it would not be that difficult for hackers who wanted to appear to be North Korean to fake their whereabouts. Mr. Comey said there was other evidence he could not discuss. So did Adm. Michael S. Rogers, the N.S.A. director, who told the Fordham conference that after reviewing the classified data he had “high confidence” the North had ordered the action.
This kind of surveillance is what the NSA is supposed to be doing, rather than spying on Americans. Obviously there is more to be discovered about the Sony attack and now that the NY Times has opened the door, look for new information soon.