Comments by top U.S. officials, including President Barack Obama, that blamed North Korea for the Sony Pictures Entertainment cyberattack were apparently rooted in a top-secret penetration of North Korea's computer systems by the National Security Agency, according to a New York Times report independently confirmed by NBC News.
The Times reported that the penetration occurred before the hack of Sony, but U.S. intelligence officials would not discuss the report Sunday or confirm its details. But the Times report says the evidence gleaned from the U.S. penetration of North Korean government hackers' activities persuaded Obama and other top officials that North Korea was behind the attack.
NBC News has been told that the U.S. intelligence agencies did not have any warning of the Sony hacking through its monitoring of North Korean computers, and that the first the government learned of the Sony attack was on Nov. 24, when the company alerted the FBI's cyber unit.
FBI Director James Comey said at a cyber conference at Fordham University on Jan. 7 that the North Koreans had become "sloppy" in hiding their tracks, adding:
"We could see that the IP [Internet protocol] addresses that were being used to post and to send the emails were coming from IPs that were exclusively used by the North Koreans."
Gen. James Clapper, former director of the NSA and current Director of National Intelligence (DNI), described his trip to North Korea on Nov. 6 and 7 — to bring back Kenneth Bae and Matthew Todd Miller, two Americans in prison there — at the same Fordham conference, including his dinner with the head of North Korean intelligence, who is in charge of Pyongyang's hacking unit. His trip preceded Sony's notification to the FBI that it had been hacked.
The DNI's office told the Times and NBC News:
The purpose of Director Clapper's trip to North Korea was solely to secure the release of the two detained U.S. citizens. As you know, it was a success.
There was no set agenda prior to his departure and he was not told who he was going to meet with until his arrival. So his interaction with General Kim was not a formal or pre-scheduled engagement to meet with his North Korean intelligence counterparts to discuss intelligence matters. Because of the sensitivities surrounding the effort to obtain Bae and Miller's release, the DNI [director of national intelligence] was focused on the task and did not want to derail any progress by discussing other matters.
While we will not specifically address the Sony matter beyond what was stated publicly by the DNI and FBI Director Comey last week, Director Clapper is (and was) fully aware of North Korea's many efforts in recent years to probe and infiltrate U.S. commercial networks and cyber infrastructure. The USIC [U.S. intelligence community] has been tracking North Korean intrusions and phishing attacks on a routine basis. While no two situations are the same, it is our shared goal is to prevent bad actors from exploiting, disrupting or damaging U.S. commercial networks and cyber infrastructure. When it becomes clear that cyber criminals have the ability and intent to do damage, we work cooperatively to defend networks.