URGENT >> BULLETIN >> MOVING: The “North Korean government” is responsible for the catastrophic hack at Sony Pictures Entertainment last month, the FBI says.
As pressure mounts for the United States to retaliate, President Obama is expected to take questions on the matter at 1:30 p.m. today.
The FBI said it was “deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States.
“Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.”
Threats of 9/11-style terrorist attacks against movie patrons and theaters that screened a comedic film that mocks North Korea leader Kim Jong Un and depicts him as an assassination target first caused theaters to bail on “The Interview,” a Sony film scheduled to open Christmas Day. Sony itself later withdrew the film, triggering an avalanche of criticism that it had caved into the demands of terrorists.
As the situation evolved, it became clear that the United States viewed the attack on Sony as an attack against the country itself.
The actual hacking of Sony appears to have occurred in November, with “Guardians of Peace” taking credit. Troves of private emails and records were stolen, Sony and its employees were threatened and Sony’s computers effectively were rendered inoperable. Sony has been in PR damage-control mode for weeks, even as the firm’s intellectual property such as films not yet released fell into the hands of the hackers.
Sony quickly reported the incident to the FBI, and the swiftness aided in the probe, the agency said.
Here’s more from the FBI’s statement (italics added):
As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:
- Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
- The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
- Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.