FBI: North Korea responsible for Sony cyber attack

By Chad Hemenway on December 21, 2014

The FBI on Friday said it is able to conclude the North Korean
government is behind the cyber attack on Sony Pictures entertainment.

In a statement, the FBI said it has come to its conclusion in part because:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

“Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart,” the FBI said. “North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior.”

ALSO READ: Report finds Sony Pictures’ cyber insurance will likely be drained | Sony Pictures tells employees all info may have been stolen in massive breach

The FBI said it worked with other government departments and agencies in coming to its conclusion and will continue to do so, “as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source.”

“Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests,” said the FBI.

The bureau commended Sony for its cooperation and prompt reporting of the incident.

“Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks,” the FBI said.

The movie The Interview seems to have provided the inspiration the Sony Pictures hacking by a group calling itself the “Guardians of Peace.” The movie, a comedy, includes a plot to assassinate North Korean leader Kim Jong Un. Millions of files were stolen, including emails and employees’ personally identifiable information. Undetectable wiper malware rendered computers inoperable. The group has subsequently threatened theaters scheduled to show the movie, as well as movie-goers.

Sony Pictures decided to pull the December 25 release of the film, leading to heated debates.

In interviews, President Obama said he does not think the attack was an act of war. On CNN’s State of the Union Obama said the cyber attack was “an act of cyber vandalism,” and he said Sony’s decision not to release the film undermined the US’s principle of free speech.

According to reports on Sunday, North Korea issued additional statements downplaying the role of the movie as a motivation of the cyber attack.  The statement includes allegations the US government was behind the making of the film and calls the FBI’s conclusion a “fabrication.”

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or chemenway@advisen.com.