clock menu more-arrow no yes mobile

Filed under:

How the U.S. Knew North Korea Was Behind the Sony Hack

So why didn't they warn Sony?

National Security Agency / Wikipedia

Almost a month to the day after the U.S. government first named North Korea as the source for the November hacking attack against Sony Pictures Entertainment, details are starting to emerge about how officials reached that conclusion so quickly.

The New York Times, citing unnamed “officials and experts,” reported that the U.S. National Security Agency penetrated the China-based networks and systems favored by North Korea’s military and spy agency hackers and was tracking the evolution of their capabilities as early as 2010.

The piece purports to answer the myriad criticisms of numerous security experts who have questioned the government’s findings saying the evidence publicly disclosed so far was flimsy at best.

Obama Administration officials, including FBI Director James Comey, have defended the results of the investigation, saying in a speech in New York earlier this month that the hackers were “sloppy” in carrying out their attack and that they had left bread crumbs leading to systems known to have been used by North Korea.

The Times described an “ambitious effort” to place malware on those systems that could track the activities of North Korea’s hacking forces, which, by some estimates, may number as many as 6,000 people. The result was something described as an “early warning radar,” that provided the evidence that gave President Obama the confidence to say publicly that North Korea was behind the attack.

What it doesn’t say is why, if the NSA had so fully penetrated North Korea’s cyber operations, did it not warn Sony that an attack of this magnitude was underway, one that apparently began as early as September.

Officials with the NSA and the White House did not immediately respond to requests for comment about the report. A Sony spokeswoman had no comment.

Sony was the victim of the worst cyber attack in corporate history that first came to light on Nov. 24. Motivated in part by plans to release an R-rated comedy called “The Interview,” about two bumbling TV reporters tapped to assassinate North Korean leader Kim Jong-un, the attackers brought the operations of Sony Pictures’ computer networks to a halt, and proceeded to disclose mountains of sensitive corporate information including emails and business documents.

This article originally appeared on