When the FBI said definitively last month that North Korea was "responsible" for the hack of Sony Pictures, there were those who doubted the veracity of the report.

How could North Korea, a country not exactly known for being a high-tech hub, pull off such a complex hack? And how did the U.S. conclude so quickly that the secretive nation was behind the attack?

As it turns out, the U.S. had some inside information. According to reports from Der Spiegel and The New York Times, the U.S. knew that North Korea hacked Sony because the U.S. had hacked North Korea.

The National Security Agency (NSA), in fact, has had access to North Korean networks and computers since 2010, the Times said. Officials wanted to keep tabs on the country's nuclear program, its high-ranking officials, and any plans to attack South Korea, according to a document published by Der Spiegel.

North Korea did attack South Korea in 2013, crippling several of the nation's leading financial and media organizations. At one point, however, the hackers revealed their IP addresses - the same I.P. addresses that popped up again in the Sony hack.

Of course, it's relatively easy for a skilled hacker to spoof IP addresses. Some reports suggested that a disgruntled (and tech-savvy) former Sony employee was behind the breach, and was simply leading officials on a wild goose chase.

But U.S. officials seemed sure; the FBI put out a press release and even President Obama said he was confident that North Korea was behind the attack, leading him to later approve sanctions against the country.

As the Times pointed out, the move "was highly unusual: The United States had never explicitly charged another government with mounting a cyber attack on American targets."

If the U.S. had insider information, why did it not warn Sony? According to the Times, the spear-phishing attacks that North Korea used to infiltrate Sony Pictures were nothing new and did not immediately ring any alarms until it was too late. "Only in retrospect did investigators determine that the North had stolen the 'credentials' of a Sony systems administrator, which allowed the hackers to roam freely inside Sony's systems," the paper said.

Further Reading

Security Reviews