FBI: North Korea ‘Responsible’ for Sony Attack

Sony Pictures Hacking Scandal

The FBI announced on Friday that North Korea was “responsible” for the attack on Sony Pictures Entertainment, as authorities concluded that malware used in the massive data breach was linked to the country.

“As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the bureau announced.

The FBI said it based its conclusion on the fact that “technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods and compromised networks.”

It also cited “significant overlap between the infrastructure used in this attack and other malicious cyber-activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.”

North Korea had threatened to retaliate in response to SPE’s plans to release “The Interview,” in which Seth Rogen and James Franco played entertainment journalists enlisted to kill Kim Jung-un. After exhibitors abandoned plans to screen the movie, which was to open on Christmas Day, Sony pulled it from release.

President Obama is expected to address the attack at a press conference today at 10:30 a.m. PT. Some of the key questions will be what kind of action the U.S. will take in response, and whether it constitutes a terrorist attack or threat of terrorism. On Thursday, White House spokesman Josh Earnest said that the government was considering a “proportional” response.

“We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there,” The FBI said.  “Further, North Korea’s attack on SPE reaffirms that cyber-threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber-intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior.”

In their statement, the FBI also relayed the sequence of events that led to the hacking attack.

“The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications.  The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.

“After discovering the intrusion into its network, SPE requested the FBI’s assistance.  Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber-attack. Sony’s quick reporting facilitated the investigators’ ability to do their job and, ultimately, to identify the source of these attacks.”

Update: MPAA chairman Chris Dodd called the hack a “despicable, criminal act” that was “larger than a movie’s release or the contents of someone’s private emails.” He also said that the attack was a work of cyber-terrorism.

His statement: “The FBI’s announcement that North Korea is responsible for the attack on Sony Pictures is confirmation of what we suspected to be the case: that cyber terrorists, bent on wreaking havoc, have violated a major company to steal personal information, company secrets and threaten the American public. It is a despicable, criminal act.

“Disappointingly, that fact has been lost in a lot of the media coverage of this over the past few weeks. This situation is larger than a movie’s release or the contents of someone’s private emails. This is about the fact that criminals were able to hack in and steal what has now been identified as many times the volume of all of the printed material in the Library of Congress and threaten the livelihoods of thousands of Americans who work in the film and television industry, as well as the millions who simply choose to go to the movies.  The Internet is a powerful force for good, and it is deplorable that it is being used as a weapon not just by common criminals, but also sophisticated cyber-terrorists. We cannot allow that front to be opened again on American corporations or the American people.”

Update: For all the growing accusations over the past weeks that North Korea really might have been behind the hacking of Sony, either as a state sponsor, or as actual organizer of the cyber intrusion, the regime has stayed remarkably quiet.

It issued a statement of denial back on Dec. 6, — though called the hacking a “righteous act” – but since that point North Korea has remained silent.

The North has not stopped its daily torrent of invective against the “South Korean puppet government,” nor halted its calls for the U.S. to end its “occupation” of South Korea. On Dec. 17 it solemnly celebrated the third anniversary of the death of long-time leader Kim Jong-il.

But the DPRK has not stoked the fires of the Sony story, either with affirmations or denials. Instead it has let the rumor mills and latterly the U.S. security services to come to their own conclusions without any extra help.

 Here is the complete statement from the FBI:

Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the “Guardians of Peace” claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications. The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.

After discovering the intrusion into its network, SPE requested the FBI’s assistance. Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber attack. Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks.

As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.

The FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential business information. Further, the FBI will continue to work closely with multiple departments and agencies as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source. Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests.

Filed Under:

Want to read more articles like this one? SUBSCRIBE TO VARIETY TODAY.
Post A Comment 15

Leave a Reply

15 Comments

Comments are moderated. They may be edited for clarity and reprinting in whole or in part in Variety publications.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  1. Toni says:

    Sony sould of let us decide if we wanted to go see it.Not make that decision for us we all will stand together.not leave it up to North Koreans to tell us what movies we could go see.united we stand Sony musta forgot that…

  2. Zero Wing says:

    If the North Korean hackers are sophisticated enough to break into Sony’s network and choose what sensitive emails and information to release, they must have a better command of the English language than their laughable, “All your base are belong to us” public declarations demonstrate. Something seems fishy…

  3. Kyra Munger says:

    Great way to share your thoughts infortunatly it’s a little bit confusing ….. however i would like to share my own simple tips to be more productive… check link ==> cort.as/Mquv

  4. Yirmin Snipe says:

    The only question I have is if the NKs are responsible for cyber attacks, why don’t we simply cut the cable to their country. Cut their entire country off from the internet and then let them live their happy life cut off from the rest of the world…. but to allow them access to the internet where they have now been shown to be using it for malicious purposes is stupid. If the FBI catches a kid hacking into computers they ban the kid from computers for years as punishment…. well lets ban NK from the internet for a few decades.

  5. Michael Trangaris says:

    Screw the pompous north Korean dictator and his lack of a sense of humor. Lets screen the movie and have a big laugh! We have suffered this piss ant’s insults and threats long enough. It is time for regime change!

  6. JOE S HILL says:

    And while this fact is really no big surprise here,Sony Pictures Studio,despite being the victim of these Cyber attacks,had it coming! all of these Sony people should’ve all known better,in deciding to make a
    movie,which essentially says that we wanted to kill Kim Jong Un-and i’m sorry,,but comedy or not,this
    movie crossed a dangerous line! since the Cyber Attacks,many actors and supporters of “THE INTERVIEW” have been making these big sounds,about how all of them were violated,and how this
    attack has all demoralized them-i disagree! while we in America have great freedoms to do many things,
    this particular movie pretty much made it clear,about what we think of the North Korean dictator-and provoking this man,and his country,despite our mutual dislikes,puts US at great fault! now unless Kim Jong Un recently did something so bad and repulsive to warrant Sony into making this comedy before the Cyber attacks,then WE are at fault! the freedom of Free Speech and other creative expressions which have been mentioned by the people,who are indignated by these Cyber Attacks,is understandable,but
    this movie clearly says what it said,,and i think that the Sony executives,and the producers and writers
    were also aware of the risk that they took,so i don’t really see anybody here,being the good guys! this studio acted unwisely,and in doing so,started this response by the North Koreans,or whoever it was,that
    acted out these Cyber actions on their behalf! i’m certainly not advocating for North Korea,,but like it or not,Sony Studios crossed a dangerous line! and when you provoke a war,especially by deliberately
    offending a person,under the guise of Free Speech,then i don’t see how this makes the studio an innocent party! these attacks could’ve been WAY more serious,and people could’ve gotten hurt,which is why Sony chose to remove the movie,which,despite how many of you feel,was still a WISE idea! but
    what may anger many here,is that no matter how much freedoms we in America have,we still need to be very careful,because this movie was both irresponsible,and in one plain word,STUPID! if our freedoms
    include seriously offending someone,and especially from an unstable government,which has enough weapons to cause World War III,then we better be very careful here! oh yes,,the Hollywood community is pissed and angry,because the Hackers did some serious damage-but let this be a serious lesson,that
    despite all our freedoms in America,we either use them wisely,or we can behave in a very irresponsible
    and arrogant manner,and risk starting a conflict,that could cause way more damage the next time! and in the case of Sony Studios,they made a BAD call-its costing them,and from what i understand,this is a 75 million dollar loss-i hope that they’ll be a little more careful about how they decide to make their movies
    in the future,,or better yet,the Japanese owners can always pull out of the movie making business,and
    return the studio back to just being Columbia/TriStar-either way,i sure hope this lesson didn’t go wasted!

  7. Janoy says:

    Too many lies in this otherwise badly written article. What should have done Iran, for example, when a member of the NATO (Israel maybe?) deployed malware to spy on the government? Another war? US grow and stop being childish.

  8. John Shea says:

    NORTH KOREA is responsible!? How surprising! I never guessed!

  9. Alex says:

    Great Article… Hope FBI will not only ‘talk’, yet shall DO something about it !!! Please pass this message to the MASSES. US controls most of the World’s Internet – why not TURN North Korea OFF for 6 months !!! Let them be WITHOUT IT, and then, create criteria with what they could re-join, until then.. NO INTERNET ACCESS.. for the ENTIRE COUNTRY !! That would be a GREAT LESSON to them.. and the fact that WE are in Control of them… and NOT the other way around !!! But.. of course… we shall only talk.. and do NOTHING… as in prior similar cases…. Anything with BALLs in our Government ????? Why our Population is so STRONG… yet our Government so weak ??????

    Sincerely,
    .Alex.

  10. Tim says:

    This is not an attack on Sony but an attack on the American people.

  11. sr says:

    Well then, North Korea isn’t as stupid as this administration and government has made them out to be. The fact that Sony has bent under pressure to not release “The Interview” is a reflection of this administration’s foreign policy….it is nonexistent. It kowtows to terrorists, muslims, illegals, gang bangers, al sharpton, jesse jackson and similar ilk. A glance as to whom we have approved to hold positions of power speaks volumes as to the ineptitude of obama, holder, jeh, biden, pelosi, reid, conyers, waters, bannion, kerry, hitlery, et al

    • homosezwutt says:

      Hell Yeah! – We Need another team like Bush, Cheney, Rice, Rumsfeld who now how to bomb those bastards back to hell or wherever their stupid religion comes from & drive gas prices up again. We need to update the Patriot Act & start pulling every Asian face out of line at the airports to question them and maybe get some more use out of all of those secret torture camps & EITs developed with billions of our tax dollars that are starting to gather moth balls. – Put America back to work & send in the troops! – Now hiring: VA nurses & Commando Coders for 2015! – Team America Hell yeah!

More Biz News from Variety

Loading