Sony Pictures hack: US had hacked North Korea first, leaked documents show

NSA's monitoring of North Korean computer networks was intended to provide an “early warning radar” for any aggressive cyber-activity

Click to follow
The Independent US

The US was confident accusing North Korea of involvement in the recent devastating cyber-attack on Sony Pictures, because the National Security Agency had hacked North Korea first, according to documents found among the Edward Snowden leaks.

As reported by the New York Times, the NSA broke into the isolated state’s computer systems as long ago as 2010, via the Chinese networks used by Pyongyang’s elite to connect to the worldwide web. The effort involved secreting malware in computers used by North Korea’s cadre of trained hackers, which South Korea estimates consists of some 6,000 people.

The NSA’s monitoring of North Korean computer networks was intended to provide an “early warning radar” for any aggressive cyber-activity, though in the case of the Sony hack it proved less a preventative measure than an investigatory tool, to trace the attack back to Pyongyang.


In December President Barack Obama publicly asserted that the cyber-attack – the most damaging ever inflicted on a company on US soil – had been carried out by or at the behest of Kim Jong-un’s government . It marked the first time the US had ever explicitly accused a foreign government of launching a cyber-attack on American interests. This month, the US began its retaliation strategy, imposing new economic sanctions on North Korea, targeted at several of the country’s most prominent individuals and organisations.

US investigators have reportedly concluded that the attack on Sony began with a series of apparently innocuous “spear-phishing” attacks, which persuaded unsuspecting users to download malware. That allowed hackers to break into Sony’s computers, after which they spent two months studying the studio’s systems, preparing to cripple its network and leak thousands of sensitive files.

“They were incredibly careful, and patient,” a source familiar with the investigation told the New York Times, adding that the US intelligence agencies “couldn’t really understand the severity” of the cyber-attack being planned until it began on 24 November.