TIME intelligence

FBI Accuses North Korea in Sony Hack

North Korean leader Kim inspects the Artillery Company under the KPA Unit 963, in this undated photo released by North Korea's KCNA in Pyongyang
KCNA/Reuters North Korean leader Kim Jong Un inspects the Artillery Company under the Korean People's Army Unit 963 in Pyongyang on Dec. 2, 2014

Fallout led Sony to pull The Interview

The FBI on Friday accused the North Korean government of being behind the devastating hack on Sony Pictures Entertainment that eventually prompted it to cancel the release of The Interview, the first formal statement that the U.S. government has concluded the isolated nation is responsible for the cyberattack.

“The FBI now has enough information to conclude that the North Korean government is responsible,” the bureau said in a statement. “Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart.”

President Barack Obama, asked Friday about Sony’s decision to pull The Interview, said: “Yes, I think they made a mistake”

The FBI said it determined North Korea was responsible based on an analysis of the malware involved and its similarities to previous attacks the U.S. government has attribute to North Korean-allied hackers, including an assault on South Korean banks and media outlets in 2013. These include “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” the FBI said in its statement. According to the FBI, the malware used in the attack communicated with known North Korean computers. The FBI didn’t furnish evidence to back its assertion that North Korea was involved. North Korea has denied being behind the hack.

Read more: The 7 most outrageous things we learned from the Sony hack

Bureau investigators have been working for weeks with Sony executives and private security experts to investigate the scale and origins of the attack. For Sony, the hack has been devastating: It crippled the studio’s infrastructure, leaked sensitive documents about tens of thousands of employees and contractors, embarrassed executives and resulted in the studio’s decision to pull, The Interview, a movie whose plot centers around the assassination of North Korean leader Kim Jong Un. The film incensed the North Korean government.

Read more: 4 things every single person can learn from the Sony hack

The FBI did not say whether the attack was coordinated from within North Korea or through allies outside the hermit kingdom. The FBI said it could only provide limited information to the public to protect its sources and methods.

President Barack Obama is expected to address the incident on Friday afternoon in a White House news conference. On Thursday, White House Press Secretary Josh Earnest said the administration was treating the incident as a “serious national security matter.”

White House officials have convened daily meetings to discuss the attack and to devise options for a “proportional response,” Earnest said, not ruling out an American counter-attack on North Korean systems.

“The FBI’s announcement that North Korea is responsible for the attack on Sony Pictures is confirmation of what we suspected to be the case: that cyber terrorists, bent on wreaking havoc, have violated a major company to steal personal information, company secrets and threaten the American public,” Chris Dodd, who heads the trade group Motion Picture Association of America, said in a statement. “It is a despicable, criminal act.”

See the full FBI statement:

Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the “Guardians of Peace” claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications. The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.

After discovering the intrusion into its network, SPE requested the FBI’s assistance. Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber attack. Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks.

As a result of our investigation, and in close collaboration with other U.S. Government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

· Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

· The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. Government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.

· Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt – whether through cyber-enabled means, threats of violence, or otherwise – to undermine the economic and social prosperity of our citizens.

The FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential business information. Further, the FBI will continue to work closely with multiple departments and agencies as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source. Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests.

Tap to read full story

Your browser is out of date. Please update your browser at http://update.microsoft.com


Dear TIME Reader,

As a regular visitor to TIME.com, we are sure you enjoy all the great journalism created by our editors and reporters. Great journalism has great value, and it costs money to make it. One of the main ways we cover our costs is through advertising.

The use of software that blocks ads limits our ability to provide you with the journalism you enjoy. Consider turning your Ad Blocker off so that we can continue to provide the world class journalism you have become accustomed to.

The TIME Team