Skip to main content

Sony Hackers' Methods Led FBI to Trace Attack to North Korea

Sony Pictures Entertainment Inc. studios in Culver City, Calif
Bloomberg  Chris Strohm
U.S. investigators were able to trace the hacking of Sony Pictures Entertainment to North Korea’s intelligence agency because of sloppy tradecraft used by the attackers, according to FBI Director James Comey.

The hackers sent e-mails to Sony employees and posted material online using Internet addresses known to be used exclusively by the North Korean government, Comey said in a speech today at a cybersecurity conference in New York.

“I have very high confidence about this attribution, as does the entire intelligence community,” Comey said.

The attack, which became public in November, was overseen by North Korea’s Reconnaissance General Bureau and is the most serious digital assault ever on America, U.S. Director of National Intelligence James Clapper said in a separate speech at the conference. North Korea’s government has denied involvement.

The comments by Clapper and Comey are part of an effort by President Barack Obama’s administration to explain why it has pinned blame on North Korea. A group calling itself the Guardians of Peace has claimed responsibility for the attack, which rendered thousands of computers inoperable and forced Sony to take its entire network offline.

The attack exposed Hollywood secrets, destroyed company data and caused the movie studio to initially cancel the release of a comedy about a fictional assassination of North Korea’s leader, Kim Jong Un.



‘Sloppy’ Tradecraft

The group often routed their e-mails and Internet communications through servers that hid their true Internet Protocol addresses, Comey said. Sometimes, however, they “got sloppy,” he said. He offered previously unreleased evidence to bolster attribution to North Korea.

“Several times, either because they forgot or they had a technical problem, they connected directly and we could see them,” Comey said. “We could see that the IP addresses that were being used to post and to send e-mails were coming from IPs that were exclusively used by the North Koreans.”

It’s also likely the hackers used so-called spearphishing attacks, or targeted e-mails laced with malicious code, to gain initial entry into Sony’s networks, Comey said at the conference, hosted by the Federal Bureau of Investigation and Fordham University.

He said U.S. investigators are still exploring exactly how the hackers got into Sony’s computer network.

Public Pushback

The Sony hack caused “potentially hundreds of millions of dollars in damage,” Clapper said. The Obama administration tightened sanctions on North Korean officials and state organizations in response,

For the first time, Clapper explained why the U.S. quickly and publicly attributed the Sony attack to the North Korean government, which contrasts with other hacks that have taken years to determine who was responsible or have gone unattributed.

Clapper said the U.S. had to “push back” in order to deter North Korea from carrying out similar attacks.

“Cyber is a powerful new realm for them where they believe they can exert maximum influence at minimum cost,” Clapper said.

Clapper warned that North Korea would be encouraged to carry out similar hacking attacks for the international attention and recognition.

“This recent episode with Sony has shown that they can get recognition for their cybercapabilities,” Clapper said. “If they get global recognition at a low cost and no consequence, they will do it again and keep doing it again until we push back.”

Different Philosophy

The attack “was driven by an entirely different philosophy” in North Korea, Clapper said.

“They really do believe they are under siege from all directions, and painting us as an enemy that’s about to invade their country every day is one of the chief propaganda elements that’s held North Korea together for the past 60 years,” he said. They are deadly serious “about affronts to the supreme leader, whom they consider to be a deity.”

Clapper said he saw the movie that appeared to have been the impetus for the hacking. “I watched ‘The Interview’ over the weekend and it’s obvious to me the North Koreans don’t have a sense of humor.”

Korean Insight

Clapper said he gained insight into the thinking of North Korean officials when he traveled to Pyongyang in November to secure the release of two American prisoners -- Kenneth Bae and Matthew Miller.

Clapper said he had a private dinner with the commander of the Reconnaissance General Bureau, General Kim Yong Chol. He is “the guy that ultimately would have to OK the cyber-attack against Sony,” Clapper said.

The interaction with the commander became tense at one point, Clapper recalled.

“He kept leaning toward me, pointing his finger at my chest and saying U.S. and South Korean exercises are a provocation of war,” Clapper said. “Of course, not being a diplomat, my reaction was to lean back across the table and point my finger at his chest and respond that shelling South Korean islands wasn’t the most diplomatic course of action they could take either.”

“He really is, I think, illustrative of the people we’re dealing with in the cyberrealm in North Korea,” Clapper said.

To contact the reporter on this story: Chris Strohm in Washington at cstrohm1@bloomberg.net To contact the editors responsible for this story: Jon Morgan at jmorgan97@bloomberg.net Elizabeth Wasserman, Romaine Bostick


MSN NEWS

Comments

Popular posts from this blog

Cinema 4D: Understanding Camera Calibration

Cinema 4D:Waxed Happy New Year Typography

ART– AN EYE INTO ANOTHER WORLD

For some reason, I have always been a fan of the arts. The ability to create something from nothing, the ability to bring to life what was once but only a figment of one’s imagination to me, is to dare to rival the gods, if you believe in them. I consider the artist to be a gift to man to constantly remind him that he is possible of anything! This piece is more of a show than tell as I am certain that it would not be proper to write an article on art and tell more words than I show works. I have therefore had to steal from a friend, a classmate and most of all, a talented artist as I, myself, am not so gifted as to put up my works for display but still, I shall humour you eventually with my rendition of a popular cartoon that you may recognise if you grew up watching ‘Looney Tones’. Nevertheless, gift is not a necessity to appreciate beauty and the plethora of magna opera (The many great works). Mr Joshua Zirigbe (9β) is a Nigerian from Delta State and he has given us the opportunit...