FBI director James Comey, expressing “very high confidence” that North Korea was behind the cyber-attack on Sony Pictures Entertainment, revealed more details on Wednesday of how the bureau established the link to Pyongyang.
“The Guardians of Peace would send emails threatening Sony employees and would post online various statements explaining their work,” Comey said at a cybersecurity conference in New York. “In nearly every case, they would use proxy servers to disguise where they were coming from … But several times they got sloppy, either because they forgot or because they had a technical problem. They connected directly, and we could see them, and we could see that the IP addresses that were being used to post and to send the emails were coming from IP [addresses] that were exclusively used by the North Koreans.”
Comey’s comments came after private security experts raised substantial doubt that North Korea was behind the attacks. Last week, officials from cybersecurity firm Norse Corp. met with FBI officials to go through its own evidence of the cyber-attack, blaming not North Korea but an ex-employee who calls herself “Lena”and at least six outside hackers.
But the FBI said they had “no credible information to indicate that any other individual is responsible for this cyber-incident.” The White House announced additional sanctions on North Korea on Friday.
At the conference, Comey said he has “very high confidence about this attribution, as does the entire intelligence community.” But he added: “I want to show as much as I can to the American people about the why, and I want to show the bad guys as little as possible about the how, how we see what we see. Because it will happen again, and we have to preserve our methods and our sources.”
Comey said he did urge the intelligence community to declassify additional information about how the FBI identified IP addresses.
“It was a mistake [by the hackers] that we haven’t told you about before that was a very clear indication of who was doing this,” he said. “They would shut it off very quickly once they realized the mistake but not before we saw and knew where it was coming from.”
James Clapper, the director of national intelligence, also spoke at the conference, held at Fordham University. He named North Korean general Kim Yong-chol as responsible for overseeing the attack. The general heads North Korea’s Reconnaissance General Bureau.
“Cyber is a powerful new realm for them,” Clapper said, adding that it provides “maximum influence at minimal cost.”
Clapper said that over the weekend he saw “The Interview,” the movie said to be the motive for North Korea’s action. “It’s obvious to me the North Koreans don’t have a sense of humor,” he said.