NSA hacked North Korea long before Sony Pictures debacle, but was still caught out

20 Jan 2015

New documents released about the US National Security Agency (NSA)’s spying activities show it had been tracking North Korea long before the hack on Sony Pictures Entertainment.

It turns out that, originally by piggybacking on South Korea’s surveillance activities on its northern neighbour, the NSA got into Pyongyang’s hacking programme, poked around and learned pretty much all there is to learn.

Called “fourth party collection”, the NSA essentially lets other surveillance organisations do the leg work, and just needs to monitor them at first before establishing who or what to specifically target.

Indeed a recent report in German newspaper Der Spiegel claims the digital spies of the Five Eyes alliance – comprised of the US, Britain, Canada, Australia and New Zealand – view any other state as a potential targets for this “non-traditional technique – Even Germany”.

Ooh, baby you’re a fool to spy

“It’s absurd: As they are busy spying, the spies are spied on by other spies. In response, they routinely seek to cover their tracks or to lay fake ones instead,” reads Der Spiegel’s report on documents leaked by former CIA contractor Edward Snowden.

It details how the US surveillance programme is being used, in part, to prepare the country for any future internet-based international disputes.

As concerns grew that North Korea was establishing a professional hacking outfit, the NSA drove into the few networks that connect North Korea with the outside world, through China, “picked through connections in Malaysia favoured by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies,” according to The New York Times.

Surprisingly, though, the hacking of Sony Pictures Entertainment caught everyone by surprise. However, due to the NSA’s knowledge of North Korea’s activities, the FBI felt confident in blaming the reclusive state soon after the incident.

Since Edward Snowden blew the lid on the NSA’s emphatic surveillance programme, the fallout has been widespread. Image via Shutterstock

Sloppy work leaves a sloppy trail

Earlier this month, FBI head James Comey attributed blame due to some “sloppy” errors by Bureau 121 – North Korea’s hacking division – which revealed its original IP addresses.

“Several times they got sloppy. Several times, either because they forgot or they had a technical problem, they connected directly and we could see (the IP address),” he said at the time.

Indeed it’s the same way South Korea discovered those behind its own great banking hack in 2013, which brought down tens of thousands of computers and servers in South Korea for several days at five banks and television broadcasters.

Der Spiegel’s report shows detailed reconnaissance undertaken by the NSA to discover what North Korea’s online capabilities were, and are.

Through acquiring the surveillance undertaken by other states, the NSA gained a fairly substantial picture of what was going on, but failed to spot the gravity of what North Korea was up to from September to November last year.

Making maps and missing the trail

In those months, North Korea hackers mapped Sony’s computer systems, identifying critical files and working out how to destroy computers and servers.

“They were incredibly careful, and patient,” said one person The New York Times attributed to the investigation. Circumstance, however, went against the US when an opportunity did arise to sort the issue out before it happened.

The US director of national intelligence James Clapper Jr was in Pyongyang just before the hack and sat down for an impromptu dinner with his North Korean counterpart.

The hacking scenario was not discussed, though, as the visit was solely to secure the release of two US prisoners in the country, therefore standing out as an unfortunate missed opportunity, although one with a quaint detail included.

Clapper, at the time, praised the food he shared with his counterpart in the 12-course dinner, before being presented with a bill for his share of the meal.

NSA image via Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com