FBI Names North Korea As Responsible for Sony Hack Attack

FBI declares Kim Jong-un regime responsible for ordering cyberterrorist attack in retaliation for Seth Rogen-James Franco comedy “The Interview”

Sony Pictures

North Korea was behind the devastating hack attack on Sony Pictures Entertainment, the FBI announced on Friday.

The FBI said in its statement: “North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior.”

The announcement confirmed mounting evidence that the North Korean dictatorship, incensed by a comedy that depicted the assassination of its leader Kim Jong-un, took the extraordinary move to attack a Hollywood studio and attempt to force the withdrawal of the movie.

The attack was crippling, and the attack succeeded, as Sony this week pulled “The Interview” from its scheduled Christmas Day release.

The leaks began on Nov. 24, resulting in terabytes of private company data being released online. The leaks and a subsequent threat against theaters planning to show “The Interview,” led Sony to cancel the release of film at the center of the hack.

The FBI further issued this statement:

As a result of our investigation, and in close collaboration with other U.S. Government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions.  While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

·         Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed.  For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

·         The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. Government has previously linked directly to North Korea.  For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.

·         Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

“This is almost unprecedented, that they’re able to say this publically so soon,” said CNN reporter Evan Perez following the announcement.

In a statement from the Department of Homeland Security later on Friday, Secretary Jeh Johnson said the hacking was not just an attack against a company and its employees, “it was also an attack on our freedom of expression and way of life.

“This event underscores the importance of good cybersecurity practices to rapidly detect cyber intrusions and promote resilience throughout all of our networks. Every CEO should take this opportunity to assess their company’s cybersecurity. Every business in this country should seek to employ best practices in cybersecurity.”

Johnson went on to stress that the DHS seeks to raise the level of cybersecurity in both the private sector and civilian government against cyberthreats, and encouraged businesses and other organizations “to use the Cybersecurity Framework to assess and limit cyber risks and protect against cyber threats.”

Meanwhile, Sony received a new email threat overnight, calling the cancellation of the film “a wise” move, and demanding now that trailers for the film disappear as well.

TheWrap had previously reported that an insider was believed to have worked with North Korea to accomplish the devastating attack, and  Perez said Friday:  “The hackers stole the credentials of a systems administrator, somebody who had the keys to the kingdom at Sony pictures, the entire computer system. That way they were able to get in there and lurk around really for months.”

A group calling itself #GOP or the Guardians of Peace, took credit for the cyberattack. On Tuesday, along with the latest dump of Sony information, the hackers threatened a 9/11-style attack on theaters showing the comedy.

The film stars Seth Rogen and James Franco as U.S. journalists who are asked by the CIA to assassinate North Korean leader Kim Jong-un. North Korea last summer warned that the film’s release would be an “act of war that we will never tolerate,” and said that the United States will face “merciless” retaliation. Its government on Dec. 6 denied it was behind the Sony hacking, but called the cyberattack “a righteous deed” and said that it could be the work of its supporters.

The message included with the release of a hacked emails warned theatergoers in broken English to “recommend you to keep yourself distant.”

Sony and theater owners took the threat seriously, and several chains pulled out of showing the film, which was set to hit theaters on December 25. Sony quickly followed suit and yanked the comedy altogether.

“In light of the decision by the majority of our exhibitors not to show the film ‘The Interview,’ we have decided not to move forward with the planned December 25 theatrical release,” the studio said in a statement to TheWrap on Wednesday. “We respect and understand our partners’ decision and, of course, completely share their paramount interest in the safety of employees and theater-goers.”