The National Security Agency (NSA) failed to grasp the seriousness of North Korea's alleged November attack on Sony Pictures as it unfolded despite having penetrated the country's networks as far back as 2010, a report by the New York Times has suggested.
Judging from the anonymous sources lined up by the newspaper as well as a short Der Spiegel document released from Edward Snowden's cache, the US program was fairly successful at burrowing into the North Korea 's cyber-systems from about four years ago, detecting the Chinese and Malaysian networks used by its expanding cyber-army.
From the Spiegel document, it appears that both the US and South Korea were able to implant malware on the mailboxes of specific North Korean officials. The US even detected and hijacked a third-party campaign (most likely by China) that hacked North Korea "with great success" using a zero day flaw.
As to how the US used intelligence gathered during this period to trace the Sony attacks to North Korea only after the fact, the New York Times is tantalisingly vague. Again, we hit the usual wall.
"Fearing the exposure of its methods in a country that remains a black hole for intelligence gathering, American officials have declined to talk publicly about the role the technology played in Washington's assessment that the North Korean government had ordered the attack on Sony," said the NYT.
Why didn't the US spot the attacks in advance if they had broken into North Korea's systems? In fact it appears they did to some extent but underestimated their seriousness. For instance, the NSA did not know that the attackers had used a spear phishing attack to successfully gain access to the admin account needed to do much of the damage.
The attackers spent two months from mid-September to mid-November roaming around the firm's network, plotting their destructive attack in more detail, the newspaper briefings said.
The US even put a name to the Sony attack - Reconnaissance General Bureau commander, Kim Yong-chol, who allegedly oversaw the attacks.
Sceptics will find little to add to the small hill of circumstantial evidence so far presented to back up the assertion that North Korea planned the Sony Pictures attack. Although it is starting to look as if the US genuinely believes that attack was carried out by North Korea, a single piece of compelling evidence that ties the attack to the country remains just out of reach.
On the other side, no evidence has appeared that convincingly blames anyone else either, even the reported insiders blamed by Norse Security at the end of December. Further evidence to back up that (in some quarters) popular theory has so far not been forthcoming.
Sign up for Computerworld eNewsletters.