How the U.S. Knew North Korea Was Behind the Sony Hack

Almost a month to the day after the U.S. government first named North Korea as the source for the November hacking attack against Sony Pictures Entertainment, details are starting to emerge about how officials reached that conclusion so quickly.

The New York Times, citing unnamed “officials and experts,” reported that the U.S. National Security Agency penetrated the China-based networks and systems favored by North Korea’s military and spy agency hackers and was tracking the evolution of their capabilities as early as 2010.

The piece purports to answer the myriad criticisms of numerous security experts who have questioned the government’s findings saying the evidence publicly disclosed so far was flimsy at best.

Obama Administration officials, including FBI Director James Comey, have defended the results of the investigation, saying in a speech in New York earlier this month that the hackers were “sloppy” in carrying out their attack and that they had left bread crumbs leading to systems known to have been used by North Korea.

The Times described an “ambitious effort” to place malware on those systems that could track the activities of North Korea’s hacking forces, which, by some estimates, may number as many as 6,000 people. The result was something described as an “early warning radar,” that provided the evidence that gave President Obama the confidence to say publicly that North Korea was behind the attack.

What it doesn’t say is why, if the NSA had so fully penetrated North Korea’s cyber operations, did it not warn Sony that an attack of this magnitude was underway, one that apparently began as early as September.

Officials with the NSA and the White House did not immediately respond to requests for comment about the report. A Sony spokeswoman had no comment.

Sony was the victim of the worst cyber attack in corporate history that first came to light on Nov. 24. Motivated in part by plans to release an R-rated comedy called “The Interview,” about two bumbling TV reporters tapped to assassinate North Korean leader Kim Jong-un, the attackers brought the operations of Sony Pictures’ computer networks to a halt, and proceeded to disclose mountains of sensitive corporate information including emails and business documents.

This article originally appeared on Recode.net.

Will you support Vox’s explanatory journalism?

Most news outlets make their money through advertising or subscriptions. But when it comes to what we’re trying to do at Vox, there are a couple of big issues with relying on ads and subscriptions to keep the lights on:

First, advertising dollars go up and down with the economy. We often only know a few months out what our advertising revenue will be, which makes it hard to plan ahead.

Second, we’re not in the subscriptions business. Vox is here to help everyone understand the complex issues shaping the world — not just the people who can afford to pay for a subscription. We believe that’s an important part of building a more equal society. And we can’t do that if we have a paywall.

So even though advertising is still our biggest source of revenue, we also seek grants and reader support. (And no matter how our work is funded, we have strict guidelines on editorial independence.)

If you also believe that everyone deserves access to trusted high-quality information, will you make a gift to Vox today? Any amount helps.

One-Time Monthly Annual

$5/month

$10/month

$25/month

$50/month

Other

$

Yes, I'll give $5/month

Yes, I'll give $5/month

We accept credit card, Apple Pay, and Google Pay. You can also contribute via