Since Sony fell victim to a major cyberattack last year, there's been a lot of discussion over who really pulled off the hack. The FBI and the president both seem convinced that North Korea was behind the attack, and now we know why. The NSA actually hacked North Korea long before the Sony attack and could have inside knowledge about the country's hacking plans.
In 2010, the NSA accessed North Korean networks and computers and installed software to keep track of potential threats to the U.S. At first, the NSA program focused on North Korea's nuclear and military programs but eventually it began looking at North Korea's hacking capabilities.
The evidence gathered by the “early warning radar” of software painstakingly hidden to monitor North Korea’s activities proved critical in persuading President Obama to accuse the government of Kim Jong-un of ordering the Sony attack, according to the officials and experts, who spoke on the condition of anonymity about the classified N.S.A. operation.
The government has not come out and said that it used this technology to connect North Korea to the attack, though. That's probably because it doesn't want to reveal how it's keeping tabs on enemy countries. It's used tactics like this for about 10 years to watch countries like China and Iran.
It's likely that the NSA knew something about the spear phishing attempts that used emails loaded with malware to try to gain access to Sony's networks. But, it appears the government still didn't see the full scope of the attack coming.
But those attacks did not look unusual. Only in retrospect did investigators determine that the North had stolen the “credentials” of a Sony systems administrator, which allowed the hackers to roam freely inside Sony’s systems.
It looks like the North Korean hackers were able to hide their intentions for quite a while to avoid being detected.
“They were incredibly careful, and patient,” said one person briefed on the investigation. But he added that even with their view into the North’s activities, American intelligence agencies “couldn’t really understand the severity” of the destruction that was coming when the attacks began Nov. 24.
As I noted at the end of last year, I think cyberattacks against corporations will only become more common in 2015. Hopefully, next time an enemy country attempts a hack, the NSA's technology will spot it earlier, so it can be stopped.