Sony Hack: FBI Stands by Conclusion That North Korea Was Behind Attack

Sony Pictures Entertainment Studio Gate
Christopher Polk/Getty Images

With a major security firm casting doubt on whether the massive hacking attack on Sony Pictures Entertainment was carried out by North Korea, the FBI and the White House are standing by their assessment that the attack was a state-sponsored hit.

“There is no credible information to indicate that any other individual is responsible for this cyber-incident,” an FBI spokesman said in a statement on Tuesday. “The FBI is committed to identifying and pursuing those responsible for this act and bringing them to justice. While it remains an ongoing investigation, no further information can be provided at this time.”

A spokesman for the White House’s National Security Council said, “The administration stands by the FBI assessment.”

In recent days, the security firm Norse Corp. unveiled its assessment of the attack in which it raised the possibility that a former SPE employee with the technical background and knowledge helped carry out the attack, along with at least five others described as pro-piracy “hacktivists,” according to a Norse company blog post.

Norse officials met on Monday with the FBI to present their findings, according to CNN.

On Dec. 19, the bureau announced its conclusion that North Korea was responsible for the hacking attack. The FBI cited, among other things, links between the malware used in the attack to “other malware that the FBI knows North Korean actors previously developed.”

Since then, some cyber-security professionals have raised doubts about that assessment, in part because of the speed with which SPE’s network was breached, and because the release of information seemed to have an awareness of internal studio and Hollywood politics. Moreover, the initial messages in the attack made no mention of the movie “The Interview,” the movie cited as the source of North Korea’s motive for targeting the studio.

Norse cited an unidentified former employee, noting “angry posts she made on social media about the layoffs and Sony,” and her links to hacking groups in Europe and Asia, according to Security Ledger. One of the individuals was linked to a server with an early version of the malware used in the attack.

Norse officials said that it was up to federal authorities to follow through on their findings.

“As far as whether it is proof that would stand up in a court of law? That’s not our job to determine, it is theirs,” Kurt Stammberger, senior VP at Norse, told Security Ledger.

But the FBI spokesman reiterated that the bureau “has concluded the government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the U.S. intelligence community, DHS, foreign partners and the private sector.”

Filed Under:

Want to read more articles like this one? SUBSCRIBE TO VARIETY TODAY.
Post A Comment 11

Leave a Reply


Comments are moderated. They may be edited for clarity and reprinting in whole or in part in Variety publications.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  1. Jason Cook says:

    If the FBI are so sure why does nothing come out of North Korea? You need electricity to run computers right? all the attacks come from China, why would North Korea bother to spoof IP addresses they don’t care anymore, right?

  2. John Q says:

    From the email, Lyton contacted Bruce Bennett 6/19/14. Bennett works for Rand as a NK ‘specialist’, although from reading the emails, I’m not that impressed with his background.

    Anyway they talk about NK’s response, the UN response, it’s dull stuff but it lays the groundwork for Sony using the hack as publicity stunt.

    Get the emails read them yourself.

  3. John Q says:

    After more research from the documents and emails, it becomes obvious that Lynton and yes-team need to be fired.

    Lynton has no vision for the future of SPE. If it hadn’t been for the intervention of Dan Loeb, SPE would still be wallowing around like the bloated corporate entitty it is.

    Even though SPE was reluctant and completely unprepared for any kind of meeting with investors let alone Loeb. For a publically listed entity, the lack of infrastructure for investor relations borders on corporate negligance.

    Initially when Loeb was in the press about Sony/SPE,

    From Nicole Seligman, July 16, 2014, 7:48 PM
    As a place holder, Michael would like to send a note saying “Dan, I am in town that week. Let me just touch base with investor relations. I look forward to seeing you”.

    From the emails, it is obvious Lynton didn’t have a clue about who the hell investor relations were.

    From Daniel Loeb, July 22, 2014, 7:30:30 AM
    “What is the date of the sony pic investor day so that I can put on my calendar and we can get an update on objectives set forth last year?”

    From Michael Lyton, July 22, 2014, 10:50 AM
    “not sure how I should answer this, didn’t think we were having this.”

    Seligman, Nicole wrote on April 16, 2014
    “My instinct is to stay off his radar. Let me talk to Justin about both since he has had the most contact recently. ”

    Lynton’s first instict is to try and get on Loeb’s good side instead of evaluating Loeb’s ideas.

    From: Lynton, Michael
    Sent: Wednesday, April 16, 2014 10:03 PM
    “Question. Should we invite him to the Spiderman premier. Should I try and see him when I am in NYC next Thursday?”

    The emails continue between Nicole Seligman and Lynton about how to handle Loeb. It’s clear Lynton hasn’t a clue or experience to handle someone like Loeb.

    Any why Jon Avnet would be involved in corporate decisions is beyond me.

    From Jon Avnet 10/22/14 12:50 PM
    To Michael Lynton

    I hope the departure of mr. loeb makes things a little more pleasurable.

  4. John Q says:

    Once you start looking at the HR documents, one gets the idea of why some non-execs SPE personel would be pissed off. There is a distinct class of have and have-nots.

    Lyton comes off as aloof and unengaged. He’s so disjointed from the reality of the workers, it’s a wonder how this he can look in the mirror. He’s seemed more concerned with buying a property in London, buying artwork, playing golf and tennis then about the economic condition or future of the studio. He seems only to care about fluff of being a studio boss, being on the board at Getty, talking up people at Harvard, doing interviews/speeches, traveling, being able to contact performers, bands, etc.

    Two examples;
    Lynton and his lackies arguing about who gets 300 ft office space vs 150 ft space and where (and complaining why there are no more private exec bathrooms), while discussing layoffs of the workers.

    Aetna denied twice a claim for a trivial medical device for Lynton as being not covered. HR stepped in to pay over $9,000 and then when Aetna denied claims by other people for lessor amounts but in more medical need HR sent out the standard denial form letter. Lyton makes $3+ million in pay/stocks/compensation.

  5. John Shea says:

    Well, OF COURSE the peace-loving North Korean government and its glorious and immortal leader Kim Jong-Un could not POSSIBLY be behind the Sony hack! Thanks to Norse Corporation and my fellow commenters for pointing that out.

    • freeagent37 says:

      The only ones still blaming N. Korea are those who are programmed to Hate them. It does not matter how sick N. Korea is, this does not make it ok to provoke and make up BS. All this is doing is making it more dangerous for many on this planet. How unprofessional and desperate the leaders of our nation.

  6. John Q says:

    The FBI has a political interest in blaming NK. It gives credence to NSAs spying/wiretapping. It’s the “cyber boogie man” so we need keep collecting everyone emails.

    The security firms have no axe to grind, they have believability and street cred than any lettered agency. If the Russians or a goverment sponsored agency did it, you would never know. They are that good. They don’t send emails or post online chatrooms, saying you’ve been hacked.

    It looks like an inside job from disgruntled employees and from the docs and emails I’ve read, Sony’s management is has only to look in the mirror and blame itself. It’s bad mismanagement at SPE and starts at the very top. This is karma coming back to bitch slap SPE. Sony Japan needs to clean house in Culver City.

    No I don’t work for or have any affiliation with Sony nor would I want to. Their creative/management tank is empty and this is the first time that a studio has “jumped the shark.”

  7. Joel Emmett says:

    Whether an insider assisted or not, there may be other reasons which suggest North Korea is responsible, which appears to have motive, ability, and opportunity.

    This is not a big deal for me, but I just had to add something before the North Korean-based commenters overwhelmed the comments, as they appear to do everywhere the story appears.

  8. freeagent37 says:

    Doubt? Do Americans know what “unequivocally” means? And there IS 2 american SECURITY FIRMS THAT DID THE INVESTIGATION, not just one, and they said “unequivocally” N. Korea DID NOT do the HACK. How despicable and embarrassing this Government is, even with Proof that N. Korea did NOT do the HACK, the IGNORANT US LEADERS and Hollywood go along with their own Agenda, PRETENDing that N. Korea did the Sony Hack. DISGRACEFUL!!!! UNPROFESSIONAL, DANGEROUS, IGNORANT, and STUPID people in power that need to be exterminated from our SYSTEM. Stirring up fights and endangering lives. Obama owes N. Korea A BIG Apology!!!! You cant be this blatantly dumb and ignorant and expect a good outcome for mankind. Even the writers of the Mainstream news outlets, including this piece of Reverse Psychology being pushed on the Working American Minds… using Terms like Doubt to make it seem like there is still a chance their FAT lie is the Truth, after demonizing others to get the Dumb uninformed Americans to ignorantly Yell! Go America! and Down with North Korea. Children playing with others peoples lives. How Sick are little world is.

  9. GKN says:

    Yes it did sound very sophisticated re the who’s who of Hollywood since the beginning, for Korea. I’ve half suspected that blaming them has been a bit of a publicity stunt all along, to get red-blooded Americans indignant and butts in theater seats – esp since the early reviews were so dismal. And it worked.What a way to save a lame film. Good grief.

  10. TJ Kesolits says:

    in my past life, before getting into acting, I was responsible for assessing cyber threats. The one common denominator is that very few if not any of these threats can take place unless some insider on the targeted system, either an ignorant insider or a trusted insider with a gripe. Considering the dept of what was released and what was accessed, I feel there must have been some insider action. I am not going to comment on this being a publicity stunt, but disgruntled employees have had a history of opening doors do hack attacks.

More Biz News from Variety