FBI: New Intelligence Pinpoints North Korea as Culprit Behind Sony Cyber Attack

( [email protected] ) Jan 08, 2015 06:13 PM EST
FBI Director James Comey has defended his bureau’s conclusion that North Korea was behind the cyber-attack against Sony and revealed new evidence to back the claims.
Although North Korea has officially denied any involvement with the hacking of Sony Pictures Entertainment, experts in Washington have placed responsibility on Pyongyang. hackNY via Flickr

The FBI Director James Comey has said there is "little doubt" North Korea was behind the cyber-attack against Sony Pictures Entertainment and has shared previously undisclosed evidence revealin the "sloppiness" of the hackers.

In November, a cyber attack on Sony Pictures saw the leak of sensitive documents, and the brief shelving of The Interview, a comedy about the attempted assassination of  North Korean leader Kim Jong-un.

Prior to the November attacks, Sony was threatened in a series of messages posted to a Facebook account set up by a group calling itself "Guardians of Peace." However, after Facebook closed the page, the group began sending threats in emails and on the anonymous posting site Pastebin.

In June, North Korean officials wrote in a letter to the United Nations alleging that "The Interview," a Sony comedy about two journalists hired to assassinate its leader, Kim Jong-un, was an "act of terrorism."

Since then, private-sector cybersecurity analysts have criticized the U.S. government's claim that North Korea was behind the attacks, arguing that it may have been an inside job by a former Sony employee. North Korea has also denied responsibility, although hailing the attack as a "righteous deed."

However, speaking at Fordham Law School cybersecurity conference on Wednesday, Comey said he has "very high confidence" Pyongyang was behind it and shared some formerly undisclosed details regarding the case. He cited some of the sources of his evidence, such as a behavioral analysis unit of FBI experts trained to analyze enemies based on their writings and actions, BBC News reports.  

"In nearly every case, [the Sony hackers known as the Guardians of Peace] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy," Comey revealed. "Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using...were exclusively used by the North Koreans."

"They shut it off very quickly once they saw the mistake," he added. "But not before we saw where it was coming from."

Comey added that while he'd like to share more about the analysis that led the FBI to Sony, most of it remains secret for security reasons. "I want to show you, the American people, as much as I can about the why, but show the bad guys as little as possible about the how," he said. "This will happen again and we have to preserve our methods and our sources."

Comey also emphasized that the intelligence community has agreed with the FBI's analysis. "There is not much in this life that I have high confidence about," he said. "I have very high confidence in this attribution, as does the entire intelligence community."

According to Fox News, when the FBI first implicated North Korea, the bureau primarily pointed to malware that had links to other malware developed by the North Koreans, and similarities between this and an attack in March 2013 by North Korea against South Korean companies.

Comey's comments come after the Obama administration on Friday imposed new sanctions against three North Korean organizations and 10 individuals in retaliation for the attack.