The FBI director revealed new details Wednesday about the stunning cyberattack against Sony Pictures Entertainment Inc., part of the Obama administration’s effort to challenge persistent skepticism about whether North Korea’s government was responsible for the brazen hacking.
Speaking at the International Conference on Cyber Security at Fordham University, FBI Director James Comey revealed that the hackers “got sloppy” and mistakenly sent messages directly that could be traced to IP addresses used exclusively by North Korea. Comey said the hackers had sought to use proxy computer servers, a common ploy hackers use to disguise their identities and throw investigators off their trail by hiding their true locations.
“It was a mistake by them,” he said. “It made it very clear who was doing this.”
The Associated Press reported Dec. 20 that the FBI had discovered that computer internet addresses known to be operated by North Korea were communicating directly with other computers used to deploy and control the hacking tools and collect the stolen Sony files. The FBI previously said its evidence also included similarities to other tools developed by North Korea in specific lines of computer code, encryption algorithms and data-deletion methods.
“I have very high confidence about this attribution to North Korea, as does the entire intelligence community,” Comey said.
North Korea has denied it was involved in the hacking.
Comey said the Sony attack had “clear links” to malware developed by North Korea. The same tools were used in an attack last year on South Korean banks and media outlets, he said.
Finally, the FBI’s Behavioral Analysis Unit studied statements and threats purporting to be from Guardians of Peace and compared them to other known attacks by the North Koreans, Comey said. The unit told him, “Easy for us – it’s the same actors,” Comey said.
Comey said the evidence should undermine persistent skepticism by some cyber experts that individual hackers or a disgruntled insider were the culprits behind a hack that sabotaged the wide release of a satirical comedy film about a plot to kill North Korean leader Kim Jong Un.
“They don’t have the facts that I have, don’t see what I see,” he said.
Comey said he was hesitant to reveal more about how U.S. officials learned that North Korea was the source “because it will happen again, and we have to preserve our methods and sources.”
Earlier Wednesday, Director of National Intelligence James Clapper also warned that North Korea will continue the attacks against American interests unless the United States “pushes back.”
Clapper told the audience of government and private cybersecurity experts that he had gained insight into North Korea’s anti-American mindset while dining with a top North Korean general last year when he went there to negotiate the release of two U.S. prisoners. The general would have been the one to give the green light for the attack on Sony, he said.
North Koreans “really do believe they are under siege from all directions,” and “are deadly, deadly serious about affronts to the supreme leader,” he said.
Earlier this week, Sony CEO Kazuo Hirai broke his silence about the attack, saying his employees were victims of a “vicious and malicious cyberattack,” while adding that he’s proud of them for standing against “the extortionist efforts of criminals.”