FBI outlines its hacking evidence against North Korea

Friday 19 December 2014 at 5:23pm

The computers of Sony Pictures were breached ahead of its release of a film about the assassination of North Korean leader Kim Jong Un. Credit: REUTERS/Toru Hanai

The FBI has directly named the North Korean government as the source of last month's hacking of Sony Pictures following an investigation into the cyber attack.

The agency confirmed a group calling itself "Guardians of Peace" had claimed responsibility for the attack and subsequent threats made to Sony, its employees and cinemas that distribute its movies.

An FBI statement said the true identity of the attackers was the administration in Pyongyang.

The investigators cited three key areas that helped lead them to their conclusion.

Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the US Government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

The FBI said its evidence supported the claim of the White House that the Sony hacking was a "matter of national security".

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea's attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea's actions were intended to inflict significant harm on a US business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt - whether through cyber-enabled means, threats of violence, or otherwise - to undermine the economic and social prosperity of our citizens.

The agency pledged to support any other companies targeted by future cyber attack and track down those responsible.

A-listers slam Sony for pulling The Interview