×

FBI: North Korea ‘Responsible’ for Sony Attack

The FBI announced on Friday that North Korea was “responsible” for the attack on Sony Pictures Entertainment, as authorities concluded that malware used in the massive data breach was linked to the country.

“As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the bureau announced.

The FBI said it based its conclusion on the fact that “technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods and compromised networks.”

It also cited “significant overlap between the infrastructure used in this attack and other malicious cyber-activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.”

North Korea had threatened to retaliate in response to SPE’s plans to release “The Interview,” in which Seth Rogen and James Franco played entertainment journalists enlisted to kill Kim Jung-un. After exhibitors abandoned plans to screen the movie, which was to open on Christmas Day, Sony pulled it from release.

President Obama is expected to address the attack at a press conference today at 10:30 a.m. PT. Some of the key questions will be what kind of action the U.S. will take in response, and whether it constitutes a terrorist attack or threat of terrorism. On Thursday, White House spokesman Josh Earnest said that the government was considering a “proportional” response.

“We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there,” The FBI said.  “Further, North Korea’s attack on SPE reaffirms that cyber-threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber-intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior.”

In their statement, the FBI also relayed the sequence of events that led to the hacking attack.

“The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications.  The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.

“After discovering the intrusion into its network, SPE requested the FBI’s assistance.  Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber-attack. Sony’s quick reporting facilitated the investigators’ ability to do their job and, ultimately, to identify the source of these attacks.”

Update: MPAA chairman Chris Dodd called the hack a “despicable, criminal act” that was “larger than a movie’s release or the contents of someone’s private emails.” He also said that the attack was a work of cyber-terrorism.

His statement: “The FBI’s announcement that North Korea is responsible for the attack on Sony Pictures is confirmation of what we suspected to be the case: that cyber terrorists, bent on wreaking havoc, have violated a major company to steal personal information, company secrets and threaten the American public. It is a despicable, criminal act.

“Disappointingly, that fact has been lost in a lot of the media coverage of this over the past few weeks. This situation is larger than a movie’s release or the contents of someone’s private emails. This is about the fact that criminals were able to hack in and steal what has now been identified as many times the volume of all of the printed material in the Library of Congress and threaten the livelihoods of thousands of Americans who work in the film and television industry, as well as the millions who simply choose to go to the movies.  The Internet is a powerful force for good, and it is deplorable that it is being used as a weapon not just by common criminals, but also sophisticated cyber-terrorists. We cannot allow that front to be opened again on American corporations or the American people.”

Update: For all the growing accusations over the past weeks that North Korea really might have been behind the hacking of Sony, either as a state sponsor, or as actual organizer of the cyber intrusion, the regime has stayed remarkably quiet.

It issued a statement of denial back on Dec. 6, — though called the hacking a “righteous act” – but since that point North Korea has remained silent.

The North has not stopped its daily torrent of invective against the “South Korean puppet government,” nor halted its calls for the U.S. to end its “occupation” of South Korea. On Dec. 17 it solemnly celebrated the third anniversary of the death of long-time leader Kim Jong-il.

But the DPRK has not stoked the fires of the Sony story, either with affirmations or denials. Instead it has let the rumor mills and latterly the U.S. security services to come to their own conclusions without any extra help.

 Here is the complete statement from the FBI:

Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the “Guardians of Peace” claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications. The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.

After discovering the intrusion into its network, SPE requested the FBI’s assistance. Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber attack. Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks.

As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.

The FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential business information. Further, the FBI will continue to work closely with multiple departments and agencies as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source. Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests.

Popular on Variety

More Biz

  • Hopper Reserve

    Dennis Hopper's Dying Wish: His Own Strain of Marijuana

    Even as celebrity brands are starting to flood the emerging Cannabis market, Hopper Reserve stands out. The brand was launched by Marin Hopper, Dennis Hopper’s daughter from his marriage to Brooke Hayward. Hopper Reserve is a gram of California indoor-grown flower, two packs of rolling papers, a pair of matches and a trading card either [...]

  • Snoop Dogg Weed

    In the Cannabis Business, Not All Star Strains Are Created Equal

    With the cannabis green rush in full swing, many celebrities are jumping into the fray with their own brands, including such well-known stoners as Willie Nelson, Snoop Dogg and Tommy Chong. But as it turns out, not all star strains are created equal, so we assembled a trio of crack experts to put the product [...]

  • Richard Branson Jason Felts

    Kaaboo Festival Acquired by Virgin Fest Owner Jason Felts

    Kaaboo, which says it has “shifted the music festival paradigm by offering a highly amenitized festival experience for adults,” is now under new ownership. Virgin Fest founder and CEO Jason Felts (pictured above with Virgin founder Richard Branson) has fully acquired all of the festival brand assets through an affiliate of Virgin Fest, the music [...]

  • Live Nation Chief Michael Rapino Talks

    Live Nation-Ticketmaster Chief Michael Rapino Talks Dept. of Justice Inquiries

    Back in August, Senators Richard Blumenthal of New Jersey and Amy Klobuchar of Minnesota made the most recent of several requests for an Department of Justice antitrust investigation into competition in the ticketing industry, and it soon became clear that the target of the probe was Live Nation and its 2010 merger with Ticketmaster, which [...]

  • Lowell Smokes Cafe Marijuana

    With Cannabis Lounges, On-Site Consumption, Marijuana-Infused Meals Go Legit

    Can this century’s Roaring ’20s repeat history but with pre-rolled joints instead of whiskey flasks and soccer moms as the new flappers? This month, West Hollywood will see the opening of the nation’s first at least quasi-legal cannabis consumption lounge, officially dubbed Lowell Farms: A Cannabis Café, located at 1211 N. La Brea between Fountain [...]

  • 2020 TV Season Preview

    How 2020's Fall TV Season Is Already Shaping Up

    Aiming to stand out in a crowded field, broadcasters this season have leaned on the stability of their schedules and the return of established hits. But for many of the same reasons, they’ve also begun to seed the ground for next year’s crop of shows, considering that top performers like “How to Get Away With [...]

  • Taylor Swift Talks Scott Borchetta’s ‘Sneaky’

    Taylor Swift Talks Scott Borchetta's 'Betrayal,' 'Sneaky' Deal With Scooter Braun

    While Taylor Swift’s sprawling Rolling Stone cover interview is largely about her music and herself, there’s also plenty about the personal and business dramas of the last three years. And not surprisingly, Scooter Braun and Scott Borchetta — who this summer inked a reported $300 million deal for the Big Machine Records catalog and with [...]

More From Our Brands

Access exclusive content