U.S. Spies Tapped North Korean Computers Prior to Sony Hack

U.S. spies began monitoring North Korean government Internet activity years before that country’s suspected hack of Sony Pictures Entertainment, according to people familiar with the surveillance and a document that is part of a cache of newly disclosed materials casting light on American cyber-espionage efforts.

People familiar with the espionage, who asked not to be identified discussing classified activities, say some of it backtracked through servers used by North Korea in China, Southeast Asia and elsewhere. The document, which the German magazine Der Spiegel said came from former National Security Agency contractor Edward Snowden, indicates that U.S. intelligence officials began by piggybacking onto computer spying already being done by South Korea.

U.S. efforts to penetrate North Korea’s computer network have taken on increased prominence in the aftermath of the Sony attack last year. In a matter of weeks, President Barack Obama’s administration blamed the North Korean government and vowed retaliation.

The U.S. intelligence community “has been tracking North Korean intrusions and phishing attacks on a routine basis,” said Brian P. Hale, a spokesman for Director of National Intelligence James Clapper, said in an e-mail. “While no two situations are the same, it is our shared goal to prevent bad actors from exploiting, disrupting or damaging U.S. commercial networks and cyber infrastructure.”

Sony Attack

The NSA’s years of work eventually let it place software on computers used by North Korean hackers, the New York Times reported Jan. 18. Evidence gathered from that software helped persuade Obama to accuse North Korea of responsibility for the attack on Sony, the paper said.

Multiple calls to North Korean mission to United Nations in New York went unanswered.

The Sony attack, which became public in November, was overseen by North Korea’s Reconnaissance General Bureau and is the most serious digital assault ever on America, Clapper said in a speech to a cybersecurity conference earlier this month. North Korea’s government has denied involvement.

The attack exposed Hollywood secrets, destroyed company data and caused the movie studio to initially cancel the release of a comedy about a fictional assassination of North Korea’s leader, Kim Jong Un. It rendered thousands of computers inoperable and forced Sony to take its entire network offline.

Internet Interupted

A week after Obama promised retaliation, North Korea’s Internet went down for several hours. U.S. officials did not acknowledge any involvement.

More recently, the Obama administration tightened economic sanctions on North Korean officials and organizations in what it said was a response to the attack on Sony, which has touched off a debate about the role of the U.S. government in protecting private companies.

Snowden began exposing secret intelligence programs in 2013 by leaking documents to journalists. He fled to Russia and faces charges in the U.S.

The newly revealed documents, posted to Der Spiegel’s website, indicate a broad U.S. effort to counteract state-sponsored computer hacking. One document describes some of the work that led to the indictment last year of five members of the Chinese People’s Liberation Army for allegedly penetrating the networks of U.S. companies.

Access to North Korean computers was “next to nothing” until U.S. spies found an inroad through South Korea, according to one document detailing a discussion among intelligence officials.

Then, “we found a few instances where there were NK officials with SK implants on their boxes,” one participant in the discussion said. Americans then “sucked back the data,” the person said.

Before it's here, it's on the Bloomberg Terminal.