The FBI said Friday that North Korea was responsible for the massive hack against Sony Pictures that led to embarrassing leaks of company secrets and the cancellation of a comedy movie. The accusation raised the question of whether the United States would be willing and able to respond to a foreign cyberattack on a private company.
After weeks of speculation, the FBI formally blamed the regime of Kim Jong-un for orchestrating the attack that destroyed the systems of Sony Pictures. “The FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the agency said in a statement.
North Korea had been under suspicion from the start because it had criticized Sony’s comedy The Interview, which imagines the assassination of its reclusive leader. After leaking troves of corporate secrets, the hackers threatened violence against theaters that showed the movie, prompting Sony to cancel the film’s Christmas Day opening.
Before the FBI’s announcement on Friday, Sony executives reportedly received an email from the hacker group, which calls itself Guardians of Peace and has never publicly acknowledged a link to North Korea. The hackers praised Sony for pulling The Interview from theaters and offered to stop leaking Sony data if the movie remained shelved.
The FBI cited three major pieces of evidence that led to its conclusion…..
The FBI cited three major pieces of evidence that led to its conclusion that North Korea was behind the hacking, though it indicated it had additional evidence that it was not making public. The agency said the data deletion malware that was used to disable thousands of Sony computers was similar to other malware developed by “North Korean actors.” In addition, IP addresses “associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.”
The FBI also pointed to similarities between the attack on Sony and a March 2013 attack on South Korean banks and media outlets, called DarkSeoul, which was blamed on North Korea. Those similarities were already widely reported.
President Barack Obama was expected to address the situation in his end-of-year press conference at 1:30 p.m. ET on Friday.
Anonymous U.S. officials had already told several news outlets that the government had found a link to North Korea, but they did not provide any evidence before the FBI’s statement on Friday. That prompted experts to doubt — again — the veracity of the accusation.
Nicholas Weaver, a computer science researcher at Berkeley University, noted that the FBI was probably basing its assessment on other intelligence it was not sharing.
Note that FBI statement is moderate on evidence, but VERY strong on attribution, suggests other sources as well.
— Nicholas Weaver (@ncweaver) December 19, 2014
Other cybersecurity experts were still cautious about pinning the blame on North Korea.
FBI release is not unexpected. My stance is the same – where is the supporting evidence and how do we prove it? We need to be careful here.
— Dave Kennedy (ReL1K) (@HackingDave) December 19, 2014
Jaime Blasco, the director of security firm AlienVault Labs, said he wasn’t surprised by the FBI’s announcement after independently analyzing some of the malware used in the Sony hack.
“It’s an intelligence work, that’s their job,” he told Mashable. “From a technical point of view, we already said it was possible that it was North Korea, given the indicators contained in the malware and the similarities with previous attacks like the DarkSeoul one, which was already attributed to North Korea.”
The new evidence published by the FBI on Friday, namely the link between the attack and North Korean IP addresses and infrastructure, did not necessarily prove that the hackers were employees of the North Korean government. Some analysts have speculated that the hackers were mercenaries or sympathizers for Kim’s regime.
But it was clear that the FBI viewed the attack as coming from a foreign government. “North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves,” the agency said. “Such acts of intimidation fall outside the bounds of acceptable state behavior.”
Though Sony Pictures is a private company whose corporate parent is based in Japan, the U.S. government made clear that American interests were targeted. “The cyber attack against Sony Pictures Entertainment was not just an attack against a company and its employees,” said Department of Homeland Security Secretary Jeh Johnson. “It was also an attack on our freedom of expression and way of life.”
It’s not year clear how the U.S. will respond to a major cyberattack on a company within its borders. Experts say the U.S. has a limited set of tools at its disposal to strike back at North Korea. The two countries have no formal relations, making embargoes or diplomatic reprisals difficult to carry out.
-mashable