It's official

FBI: Sony hack was North Korea’s work

The U.S. Federal Bureau of Investigation has officially pointed to North Korea as the culprit behind the hacking of Sony Pictures Entertainment — an incident that was allegedly connected with a now-pulled film called The Interview, about the assassination of North Korean dictator Kim Jong-Un.

Although recent days have seen several stories in which unnamed U.S. officials said North Korea was to blame, this is the first time the authorities have openly said as much. According to the FBI, the malware used in the attack “revealed links to other malware that the FBI knows North Korean actors previously developed,” including similarities in the code, encryption algorithms and data deletion methods.

The FBI also said that the malware included hard-coded IP addresses that had communicated with IP addresses “associated with known North Korean infrastructure.” The agency said that the “destructive nature of this attack” — apart from the movie’s planned release being cancelled following threats to theaters, loads of [company]Sony[/company] Pictures strategic and commercial information and employees’ personal information was dumped onto the web — set it apart from other types of online attacks.

“North Korea’s actions were intended to inflict serious harm on a U.S. business and suppress the right of American citizens to express themselves,” the FBI said. “Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt – whether through cyber-enabled means, threats of violence, or otherwise – to undermine the economic and social prosperity of our citizens.”

The agency also praised Sony Pictures for reporting the incident “within hours”, which it said helped the FBI’s investigators to do their work.

However, North Korea has reportedly denied being behind the attack. It has denied involvement before, though it did call it “righteous”.

Also on Friday, CNN reported that the hackers, who had previously identified themselves only as the “Guardians Of Peace”, had emailed Sony Pictures after it pulled The Interview to say it had been a “wise decision”, and to urge the studio to pull its trailers and ensure the Seth Rogen comedy was never released. Sony has indeed taken down the film’s trailers from YouTube.

Cinemas have reversed plans to re-screen the decade-old, Kim-family-baiting film Team America, and studios have also been scrapping plans to release anything that might irk North Korea, with New Regency canceling a Steve Carell project called Pyongyang before filming even started.

Culture aside, defectors from North Korea told Reuters that the country ultimately wants to target infrastructure — a more serious kind of attack that was demonstrated by someone who, according to a German government report this week, damaged a German steel plant earlier this year.

Update at 11:35 AM PST: President Obama confirmed what the FBI detailed this morning during a press conference saying that the U.S. “will respond proportionally” to the hack against Sony, but he did not say what the U.S. government is planning to do and he did not give a timeframe as to when some sort of action will occur.

Obama indicated that he was upset with Sony’s decision to cave into the hackers’ demands by not releasing The Interview.

“I wish they had spoken to me first,” said Obama. “I would have told them do not get into a pattern in which you are intimated by these types of criminal attacks.”

This article was repeatedly updated to add further information.

2 Responses to “FBI: Sony hack was North Korea’s work”

  1. A few things:
    1) I’m not entirely sold on this being an entirely DPRK operation. It makes sense there was someone on the inside. I mean, Sony was hemorrhaging employees – are you to say there wasn’t a single person who gave them some keys and let them run rampant?
    2) There’s been the typical Hollywood “zomg free expression!” things from actors, who as we all know, are deep geopolitical thinkers. They have a point, but some are failing to realize that this movie just looks absolutely horrible. I mean, all the reviews have been brutal and Seth Rogen and James Franco are as funny as a colon polyp.
    3) I really can’t believe Sony Pictures execs haven’t quit out of shame. Every email makes them look that much stupider.
    4) I really can’t wait for the Christmas surprise this “Guardians of Peace” have promised. It should be awesome in a trainwreck sort of way.

    • David Meyer

      I know what you mean about attribution – I was previously deeply skeptical about it being North Korea, and I remain mildly so. But now that the government has gone on the record about this, I can’t see what they would have to gain by doing so under false pretenses, especially as this was a private company and not some major piece of infrastructure that would demand blaming another nation state. That said, watch out for any new “cyber” policy that may result…