Information Warfare: How The NSA Knew About North Korea


February 10, 2015:   Recently leaked documents and admissions by the NSA (American National Security Agency) confirmed that that the United States had penetrated and clandestinely monitored North Korea’s Internet as early as 2010 and described how this led to determining that North Korea was indeed behind the recent hacking of the Sony Corporation’s computer networks.  That North Korea was behind the Sony hack was long suspected. That the U.S. had long ago penetrated and was monitoring the North Korean networks was always thought possible, but there was never any proof.

Apparently these early American hacks of North Korean systems involved planting monitoring software that enabled the NSA to monitor what North Korean hackers were up to. Thus when it was revealed that the Sony network has been hacked all NSA had to do was go and analyze the activity logs and data dumps from the North Korean systems to prove or disprove that the North Koreans were behind the hack. Because hackers don’t send all captured data back to their own systems and often have some of the “command and control” systems operating from a PC in some other country, not all the details of the Sony hack or the data that hack retrieved, would be inside North Korea. But there would be enough evidence captured within North Korea to determine what they were up to after-the-fact.

It appears that the U.S. released some of the details here to both convince skeptics that it was indeed North Korea behind the Sony hack and get ahead of Internet security researchers and data leaks eventually proving that this was a North Korean hack and that the U.S. had apparently hacked the North Koreans beforehand to be so sure that the North Koreans were the culprits. Of course that raised the question of why NSA did not warn Sony about the hack. In fact the NSA did, many times, by warning American corporations to improve their security in specific ways. Sony later admitted that it did not want to spend the money to do that because their executives believed it would be cheaper to clean up after a hack rather than prevent one. Those executives admit they were wrong but that won’t undo the damage the Sony hack has already done (and more that may occur in the future.)





Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close