Latest in Fbi

Image credit:

FBI confirms North Korea's involvement in Sony hack as attackers talk ceasefire

17 Shares
Share
Tweet
Share
Save

Sponsored Links

After a whole host of unconfirmed media reports, the Federal Bureau of Investigation just officially stated it believes that North Korea was indeed involved with a gigantic Sony hack that saw personal information, unreleased movies and thousands of emails leaked online. According to a release issued by the Bureau, an investigation revealed "significant overlap" between the means of attack against Sony and previous hacks conducted by the North Korean government. Earlier reports also suggested that the FBI would identify China as a potential participant (either directly or through use of its network infrastructure) in the attack, but no mention of the country was made in this first announcement.

"North Korea's actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves," the Bureau's statement reads.

The FBI went on to say that a deep technical analysis of the "destructive malware" used in the attacks was critical in tying North Korea to the hack. There were apparently no shortage of "similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks" to malware used in the past by North Korean agents, not to mention the fact that IP addresses tied to the regime's infrastructure was hard-coded into the program. Talk about a smoking gun.

Even though federal authorities now have a target in its crosshairs, Sony still seems more than willing to play by the hackers' rules. Late last night, the Guardians of Peace (or a party claiming to be the Guardians) issued another message to Sony Pictures execs promising that no new leaks would follow if the studio essentially disavowed The Interview. That means no theatrical release, no video-on-demand streams, no physical DVDs and -- ironically -- no leaks. Sony's been pretty willing to play ball so far: Its decision to call off the movie's Christmas release already earned it some kudos from the hackers themselves, and the movie's website has already been pulled in accordance with North Korea's wishes. Still, it can't just be Sony that does all the responding here. White House spokesperson Josh Earnest said yesterday that the country's national security brass was cognizant of the need for a "proportionate response," and a press conference to be held today by President Barack Obama at 1:30 Eastern time seems the perfect avenue to lay such a response out.

The full text of the FBI's update follows:

Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the "Guardians of Peace" claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

The FBI has determined that the intrusion into SPE's network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees' personally identifiable information and confidential communications. The attacks also rendered thousands of SPE's computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company's business operations.

After discovering the intrusion into its network, SPE requested the FBI's assistance. Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber attack. Sony's quick reporting facilitated the investigators' ability to do their jobs, and ultimately to identify the source of these attacks.

As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

▪ Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

▪ The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.

▪ Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea's attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea's actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt-whether through cyber-enabled means, threats of violence, or otherwise-to undermine the economic and social prosperity of our citizens.

The FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential business information. Further, the FBI will continue to work closely with multiple departments and agencies as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source. Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests.

In this article: fbi, hack, korea, northkorea, sony
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
17 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
‘Fortnite’ is getting a Batman crossover

‘Fortnite’ is getting a Batman crossover

View
What's it like cooking your own Impossible Burger?

What's it like cooking your own Impossible Burger?

View
Windows 10 Insider build simplifies Bluetooth pairing

Windows 10 Insider build simplifies Bluetooth pairing

View
Fox Sports will broadcast Thursday Night Football in 4K

Fox Sports will broadcast Thursday Night Football in 4K

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr