FBI blames North Korea for Sony cyber-attack

The US government is now officially blaming the North Korean governments for the cyber-attacks against Sony Pictures.

ICYMI: Praise for Operation Tovar, Vodafone transparency & Open SSL problems
ICYMI: Praise for Operation Tovar, Vodafone transparency & Open SSL problems

Following on from reports on Thursday, the FBI issued a statement late on Friday in which it said that the Sony breach was down to the deployment of ‘destructive' malware, an attack that rendered ‘thousands' of Sony Pictures computers inoperable, forcing the company to take its entire computer network offline.

The FBI went onto praise Sony for being a ‘great partner' in the investigation and for responding to the incident in hours, rather than days or weeks as is more customary as far as data breaches are concerned.

But most crucially the report notes: “As a result of our investigation, and in close collaboration with other US government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions.”

“While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber-activity the US government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber-attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

“We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea's attack on SPE reaffirms that cyber-threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber-intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart.

“North Korea's actions were intended to inflict significant harm on a US business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behaviour. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.”

More analysis to follow on Monday, including on the rise of tech-savvy terrorist groups…