As new evidence emerges to back up US claims of North Korea's involvement in the Sony Pictures hack, more questions arise about why the NSA was unable to prevent the attack.

Ever since Barack Obama came out and explicitly accused Kim Jong-un and North Korea of carrying out a devastating cyber-attack on Sony Pictures, there have been many in the security industry and beyond who have raised doubts about the validity of the accusation.

The reason for these doubts is the lack of concrete evidence produced by the FBI beyond the fact that the IP addresses used in the attacks came from North Korea, something which could easily have been spoofed by other parties.

Now, however, there is a new explanation for the rapid speed at which the FBI has been able to pin the blame on Kim Jong-un's regime - something which is traditionally a slow and difficult process.

According to a newly leaked document, the NSA has been monitoring North Korean computer networks since 2010, a claim backed up by former United States and foreign officials and computer experts later briefed on the operations who spoke to the New York Times.

Elite hackers

The suggestion is that since 2010 the US has been able to plant malware on the computer systems used by the North Korean hackers said to be behind the Sony Pictures attack.

At the time, the US was becoming wary of the increasing level of sophistication which this group of hackers was showing and wanted to track their activities. According to South Korea, the North's cyber-army now numbers 6,000 with most operating out of the main intelligence service called the Reconnaissance General Bureau and Bureau 121, a highly secret group of elite hackers who are based mainly in China.

The NSA was able to access the North Korean computer systems by tapping into the Chinese networks that the country uses to connect to the outside world, according to the anonymous officials speaking to the New York Times.

However, despite this seemingly compelling new evidence of how the US was able to so quickly attribute the attack on Sony to North Korea, there are still some serious questions to be answered.

"Attacks did not look unusual"

The most obvious is why, if they were constantly monitoring the activity of North Korean hackers, did the NSA analysts not prevent the Sony attack from happening?

The spear-phishing attacks which allowed the hackers to infiltrate the Sony Pictures systems would have been seen by the NSA, yet the hackers were allowed to continue, steal huge troves of sensitive data, and cause chaos within the studio for weeks.

US government monitored North Korean hackers since 2010
The Interview - the film which is said to be the reason North Korea hacked Sony Pictures Sony Pictures

The New York Times says investigators have now concluded the hackers spent two months inside the studio's network "mapping Sony's computer systems, identifying critical files and planning how to destroy computers and servers."

The excuse given by investigators is that the "attacks did not look unusual" and they were unaware the hackers had stolen the credentials of a Sony systems administrator.


While the new "evidence" will back up the claims made by Obama, there are still likely to be many questioning the validity of these accusations.

In an editorial written at the beginning of the month, Glenn Greenwald questioned why the media - and the New York Times in particular - regurgitated without questions the US government's claims:

The US Government's campaign to blame North Korea actually began two days earlier, when The New York Times – as usual – corruptly granted anonymity to "senior administration officials" to disseminate their inflammatory claims with no accountability. These hidden "American officials" used the Paper of Record to announce that they "have concluded that North Korea was 'centrally involved' in the hacking of Sony Pictures computers." With virtually no skepticism about the official accusation, reporters David Sanger and Nicole Perlroth deemed the incident a "cyberterrorism attack" and devoted the bulk of the article to examining the retaliatory actions the government could take against the North Koreans.

There are many others who don't believe that North Korea is behind the attack, with former anti-virus pioneer John McAfee last week telling this website that he was in contact with the hackers behind the attack, and while he wouldn't name them, he said it was 100% not North Korea.

The US has imposed economic sanctions on North Korea in the wake of what is the first public accusation against another country for carrying out a cyber-attack against a US target.

However, the US government last year did charge five Chinese government hackers with carrying out cyber-attacks against six US companies, including one which builds nuclear plants.