FBI Formally Accuses North Korea of Sony Pictures Hack - Update

 Pages 1 2 NEXT
 

FBI Formally Accuses North Korea of Sony Pictures Hack - Update

The Interview

The feds have linked malware, infrastructure used in the security breach to other North Korean-linked attacks.

Update: In a press conference this afternoon, President Barack Obama confirmed that "North Korea engaged in this attack," against Sony Pictures Entertainment.

"We cannot have a society in which some dictator someplace can start imposing censorship in the U.S.," said President Obama. "I'm sympathetic that Sony, as a private company, was worried about liabilities. I wish they had spoken to me first. I would have told them, do not get into a pattern in which you're intimidated by these kinds of criminal attacks."

The President also compared the Sony Pictures hack aftermath to the Boston Marathon bombing in 2013, saying that the attack in Boston did not prevent the marathon from happening in 2014.

As for the planned response to the attack? "[North Korea] caused a lot of damage and we will respond proportionally and in a place and time we choose," said President Obama.

Original Story: Shortly after we published a story about George Clooney's failed attempts to rally Hollywood around Sony Pictures, the FBI has formally accused North Korea of hacking into the computer systems of one of Hollywood's largest studios and distributors.

According to the FBI's official statement, the investigation uncovered several links between the Sony Pictures breach, and other computer network security breaches linked to North Korea. "Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed," says the report. "The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea."

The investigation revealed that Sony's attack had "similarities in specific lines of code, encryption algorithms, [and] data deletion methods," to other attacks linked to North Korea, and that tools used in the attack were similar to those used by North Korea against South Korean networks last year.

Going with the FBI's affirmation, the Sony Pictures hack stands as the largest known attack on a non-government U.S. entity (as Sony Pictures is headquartered in Culver City, California) by North Korea.

The full text of the FBI report can be read below.

Sony initially became aware of the network intrusion in late November, and the attack is responsible for leaking thousands of internal documents onto the Web. These documents include sensitive employee data, including Social Security numbers, along with internal emails between Sony Pictures higher-ups and various Hollywood talent and executives.

The Interview, a comedy about assassinating North Korean leader Kim Jong-un starring Seth Rogen and James Franco, spurred the Sony Pictures attack. Sony spent roughly $90 million on The Interview before cancelling its release, and was expecting revenue of $200-plus million.

Several theaters planned screenings of Team America: World Police after The Interview was shelved, but were ordered to cancel the substitute screenings by Paramount.

Source: FBI

Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the "Guardians of Peace" claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

The FBI has determined that the intrusion into SPE's network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees' personally identifiable information and confidential communications. The attacks also rendered thousands of SPE's computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company's business operations.

After discovering the intrusion into its network, SPE requested the FBI's assistance. Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber attack. Sony's quick reporting facilitated the investigators' ability to do their jobs, and ultimately to identify the source of these attacks.

As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
  • We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea's attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea's actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt-whether through cyber-enabled means, threats of violence, or otherwise-to undermine the economic and social prosperity of our citizens.

    The FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential business information. Further, the FBI will continue to work closely with multiple departments and agencies as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source. Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests.

    Permalink

    So this was in doubt at some point?

    Literally the only party with any conceivable reason to actively seek the cancellation of the movie's release... turns out to be the prime suspect of being behind the cancellation of the movie release?

    HERESY! MADNESS!

    Well that's...a can of worms and a half.

    What exactly is going to happen next? What's the response to an attack by a country against a corporation? (Assuming ANY of this can be proven satisfactorily, right now it could still be plausibly denied by NK)

    One company leading a cyber attack against another would be subjected to the laws of the countr(ies) in which the crime was committed. A country attacking another via any means would lead to diplomatic fall-out, UN condemnation, reprisals etc. But this match-up? Who's going to arbitrate this? Unless the US and Japan take it upon themselves to protect their corporations, which I suppose they can - it's their economic interests too - but how do they proceed once NK has received and sent back their strongly worded notes on leaving their citizens and corporations alone...? Somehow tighten yet again the embargo against NK because Sony's systems got breached...? The food and goods the world grudgingly provides NK at this point keeps millions of people alive. Being the cause of yet another famine seems disproportionate to some crashed systems and leaked emails. The US could claim there were terrorist threats, but I wouldn't want to be the diplomat who has to read them out as proof in front of the UN assembly; the 'threat' is as well written as a 419 Scam email and just about as credible.

    Though this will probably just be a storm in a tea-cup by this time next year, I'm really, really hoping I won't be having this talk with my great-grandchild one of these days.

    - So, great-grandma, WW1 started with the assassination of an Archduke, and WW2 was declared when Germany blitzkrieged Poland, but the teacher won't tell us how WW3 started exactly. What happened?

    - Well...there was this very, very silly little monster who lived in the shadow of China...and somebody made a very, very silly little movie about him- look, go play with your robots, why don't you.

    (Just kidding. I hope. China are well set to win the economic war over the next few decades, they'd have no stakes in starting a real one nobody would win.)

    I'm honestly impressed. I didn't think North Korea had it in them. I mean how many computers do they have? 100? Maybe?!
    Yes yes, I know, outside of Korea blah blah blah. Still, that someone in Bad Guy Korea has the modern knowledge to know hacking was even possible? Pretty damn impressive.

    There are the new demands to eradicate the existence of the film, which I just hope is the wake up call to just not take these people seriously.

    This is bad and serious and could become VERY bad I know but a small part of me wants the US to call their bluff. Just come out and say that they are showing the movie. If even one thing happens to a movie theater showing this movie the US will consider it an act of war by North Korea at which point they send in the Navy.

    It will not happen and if it did it would be beyond bad but to be a fly on the wall when that is passed on to the NK leadership.

    I don't get it, what's the point in North Korea hacking Sony Pictures if they don't admit that they did it? If they had claimed ownership of the attack from the start, it'd make sense as a sort of publicity stunt, the kind NK does all the time. Why perform an impressive (for NK) cyber-attack and then just deny it? It pisses off the US without making North Korea look any less insignificant, where's the gain?

    How pathetic does your computer security have to be to be beaten by NORTH KOREA?
    Apparently, Sony bad.
    You would think someone would have stuck a foot somewhere dark and tender after the major intrusion of PSN 3 years back.

    Atmos Duality:
    How pathetic does your computer security have to be to be beaten by NORTH KOREA?
    Apparently, Sony bad.
    You would think someone would have stuck a foot somewhere dark and tender after the major intrusion of PSN 3 years back.

    You are seriously underestimating North Korea here. According to South Korean military intel, North Korea has over 5,000 military-trained hackers at its disposal. (Source: http://www.newyorker.com/news/news-desk/north-korea-hack-sony)

    We all like to make jokes about Team America and North Korea, but let's be clear: North Korea devotes an incredible amount of resources to its standing army, which counts one million-plus soldiers in its ranks. And within the last several years, cyberwarfare resources have been a very deliberate focus.

    -Devin Connors

    JennAnge:
    Well that's...a can of worms and a half.

    What exactly is going to happen next? What's the response to an attack by a country against a corporation? (Assuming ANY of this can be proven satisfactorily, right now it could still be plausibly denied by NK)

    Well, there's likely precedent. A couple of years ago, a bunch of US defence contractors got hacked, it was believed by China. Even if that wasn't the case that time, it'd certainly happen.

    This is a bit of an odd one, though.

    (Almost hoping that NK formally encourages its citizens to steal movies from Sony, so we have copyright privateers)

    80 years from now...

    "Grandma, grandpa... you were there at the start of World War 3. How did it happen?"
    "Well, er, you see... James Franco and Seth Rogan made a stoner comedy that North Korea didn't like...."

    That's going to be some embarrassing history to put in the history books.

    IF this is true, North Korea has found the one weapon they can use against the world. Their army is large, yes, but it is malnourished, under trained and ill equiped. They have everything from early WWII biplanes to early Cold War guns and jets, all held together by duct tape and prayers to Eternal President. Their leaders know this. That's why they have been so aggressive vocally but haven't' done anything physical to anyone outside of their own borders. Now they can push the same political doctrine they have for years on their own citizens on the world with ambiguous threats they can't actually pull off.

    Lunncal:
    I don't get it, what's the point in North Korea hacking Sony Pictures if they don't admit that they did it? If they had claimed ownership of the attack from the start, it'd make sense as a sort of publicity stunt, the kind NK does all the time. Why perform an impressive (for NK) cyber-attack and then just deny it? It pisses off the US without making North Korea look any less insignificant, where's the gain?

    They might have learned from other hacking events that the best thing to do is remain anonymous. Without accepting the blame, they can get away with more shenanigans before any retaliation takes places. If the US can not prove they did the attack yet still lashes out against them specifically, it makes the US looks worse than their typical saber rattling they've done for decades.

    Devin Connors:

    You are seriously underestimating North Korea here. According to South Korean military intel, North Korea has over 5,000 military-trained hackers at its disposal. (Source: http://www.newyorker.com/news/news-desk/north-korea-hack-sony)

    Perhaps, but what strikes me as odd is a country notorious for its terrible education system is suddenly in command of a large proportion (per capita) of elite hackers.

    5000 is a drop in the bucket compared to their neighbors in cyber-crime, Russia and (especially) China; both of whom pilfer from other developed countries on a daily basis across a much broader spectrum (their governments largely turn a blind eye towards cybercrime perpetrated against other countries) for over a decade.

    North Korea is either hiring from outside sources, or someone is supplying them with talent and training.
    Because no country makes that kind of EQ turnaround on tech that fast.

    Wouldn't it be the weirdest form of irony if an attempt to prevent the release of a movie about him getting assassinated actually gets him assassinated?

    Devin Connors:

    Atmos Duality:
    How pathetic does your computer security have to be to be beaten by NORTH KOREA?
    Apparently, Sony bad.
    You would think someone would have stuck a foot somewhere dark and tender after the major intrusion of PSN 3 years back.

    You are seriously underestimating North Korea here. According to South Korean military intel, North Korea has over 5,000 military-trained hackers at its disposal. (Source: http://www.newyorker.com/news/news-desk/north-korea-hack-sony)

    We all like to make jokes about Team America and North Korea, but let's be clear: North Korea devotes an incredible amount of resources to its standing army, which counts one million-plus soldiers in its ranks. And within the last several years, cyberwarfare resources have been a very deliberate focus.

    -Devin Connors

    Exactly. This is basically North Korea's only legitimate teeth. In every other way it is just a paper tiger so they have honed these few teeth to a razor finish.

    It would be erroneous to think that thousands of trained soldiers in North Korea with specialized training could not accomplish what we've been seeing a handful of hackers do in various places around the world.

    Every once in a while Barack steps up to the plate and says something that reminds me why I ever thought he was worth voting for.

    Atmos Duality:
    How pathetic does your computer security have to be to be beaten by NORTH KOREA?
    Apparently, Sony bad.
    You would think someone would have stuck a foot somewhere dark and tender after the major intrusion of PSN 3 years back.

    It Only Does Everything WrongTM.
    Seriously though, this will probably end up with Kim Jong-un wishing he'd just ignored the movie instead of pissing off America.

    Once again this is conclusive proof that North Korea is the best Korea

    josh4president:
    So this was in doubt at some point?

    Literally the only party with any conceivable reason to actively seek the cancellation of the movie's release... turns out to be the prime suspect of being behind the cancellation of the movie release?

    HERESY! MADNESS!

    Because officially naming another country as a suspect of something isn't something you can do even REMOTELY lightly. This kind of thing is extremely serious and needs to be based on far more than "well we're pretty sure they did it."

    ...Is it wrong that I hope this ends up biting North Korea in the ass eventually?

    Trishbot:
    80 years from now...

    "Grandma, grandpa... you were there at the start of World War 3. How did it happen?"
    "Well, er, you see... James Franco and Seth Rogan made a stoner comedy that North Korea didn't like...."

    That's going to be some embarrassing history to put in the history books.

    God, if this winds up starting World War III... I don't want to live on this planet anymore.

    What I'm getting out of this is that the movie needs to be uploaded to every site hosted by every nation in the world. Even put the full movie on the official page of the white house.

    I'm counting the days until I can say Seth Rogan and James Franco started World War III

    josh4president:
    So this was in doubt at some point?

    Literally the only party with any conceivable reason to actively seek the cancellation of the movie's release... turns out to be the prime suspect of being behind the cancellation of the movie release?

    HERESY! MADNESS!

    There is still plenty of doubt actually. They might have better evidence that they haven't shared yet, but the problem is that hackers are frequently anarchists that don't always care who gets the credit. This is actually where doxxing originated because hackers frequently only care if their real identity gets credit. Since that means jail time.

    Hackers always pretend to be people that they are not.

    Picture this scenario. You're a hacker who wants to see the most extravagant level of chaos available. You just happen to have Sony's entire network rooted so completely that you've been make a steady stream of cash off for some time. But you're board, and North Korea just happens to be foaming at the mouth over some movie you were thinking about pirating. Then maybe Sony said something about hackers you didn't like, or you have an axe to grind about a firmware patch that bricked your PS3.

    So you take the 100 Terabytes that you've been slowly taking out of their network, and expose it to the light of day. Give North Korea the credit so if by some means they find the Command and Control software on your machine you just have to have a dummy on your machine that seemingly sends data to Korean IP addy's. Making it look like you were hacked instead.

    What has unfolded is exactly what a Loner Anachist Hacker would want. So is there doubt? Yes, and to prove otherwise the US Government would need to Doxx the "GOP" (Guardians of Peace).

    [quote="JennAnge" post="7.867379.21696457"
    Though this will probably just be a storm in a tea-cup by this time next year, I'm really, really hoping I won't be having this talk with my great-grandchild one of these days.
    [/quote]

    Actually, the fallout from this will be astronomical. The theaters backing down and pulling the movie has forever changed the way we tell stories. Someone writes a book that criticizes another country? All that country has to do now is threaten an attack and that book will be pulled. North Korea has ensured censorship of the world.

    Gizmo1990:
    This is bad and serious and could become VERY bad I know but a small part of me wants the US to call their bluff. Just come out and say that they are showing the movie. If even one thing happens to a movie theater showing this movie the US will consider it an act of war by North Korea at which point they send in the Navy.

    It will not happen and if it did it would be beyond bad but to be a fly on the wall when that is passed on to the NK leadership.

    The US doesn't have that right.

    Sony Pictures is a Company. It has no ties to any US government. Although an American Company, it's simply a subsidiary of the Japanese Sony company. So it more has to listen to Japan than it ever does America.

    Apl_J:
    I'm counting the days until I can say Seth Rogan and James Franco started World War III

    It would definitely be a weird thing, but not completely unbelievable. This movie debacle could very well be the cause of the fall of North Korea under the boot of America. Wouldn't it be funny? Seth Rogan's movie about a plot to kill Kim Jong Un being the cause of the death of Kim Jong Un. That would be irony of EPIC proportions!

    the CIA is gonna email Kim Un a youtube link - it will be a rickroll

    ObsidianJones:
    The US doesn't have that right.

    Sony Pictures is a Company. It has no ties to any US government. Although an American Company, it's simply a subsidiary of the Japanese Sony company. So it more has to listen to Japan than it ever does America.

    Actually they have more of a right then you might think. Sony or America may very well be a subsidiary of a Japanese company but that doesn't really matter. The company is based in America, pays American taxes, is beholden to American law, employs Americans, and perhaps most damning is that it is an established part of the US economy. One could make the argument that this attack was against not only an economic attack against SoA but the US as well.

    Like it or not, companies that have enough economic sway are considered vital to the survival of the US. *cough* fucking auto industry *cough*

    CrazyGirl17:
    God, if this winds up starting World War III... I don't want to live on this planet anymore.

    Don't worry. If this ends up starting World War III, you probably won't.

    "I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones."

    Sarge034:

    ObsidianJones:
    The US doesn't have that right.

    Sony Pictures is a Company. It has no ties to any US government. Although an American Company, it's simply a subsidiary of the Japanese Sony company. So it more has to listen to Japan than it ever does America.

    Actually they have more of a right then you might think. Sony or America may very well be a subsidiary of a Japanese company but that doesn't really matter. The company is based in America, pays American taxes, is beholden to American law, employs Americans, and perhaps most damning is that it is an established part of the US economy. One could make the argument that this attack was against not only an economic attack against SoA but the US as well.

    Like it or not, companies that have enough economic sway are considered vital to the survival of the US. *cough* fucking auto industry *cough*

    All of that is true, but it's still a company. A subsidiary of a Japanese company.

    Gizmo, who I was quoted, mentioned that the US should call the North Korean bluff and show the movie.

    It wasn't US's decision to pull the movie. It was Sony's. Again, maybe an American Company, but still a company.

    My favourite part of this news article is the part where the president pretty much openly calls Sony a bunch of pussies for caving in to terrorism.

    The Associated Press has actually come out saying that the evidence of North Korean involvement has appeared to be "largely circumstantial:"

    http://hosted.ap.org/dynamic/stories/U/US_SONY_HACK?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2014-12-18-16-05-14

    While we're at it, let's just remember the last time a president jumped out on stage claiming to have hidden evidence of a state's involvement with terrorism against America's interests. A decade later and there are *still* people who take the US government's word at face value when assigning blame. Fuck knows why.

    Whoah, whoah, whoah, hold on there Barack.
    Don't you know it isn't censorship?
    Quick someone combine all those not-a-censorship posts about removing GTA from Target Australia, Hatred from Steam and early news about cancelling of Interview into one glorious explanation that private company can do whatever they want.

    ObsidianJones:

    Gizmo1990:
    This is bad and serious and could become VERY bad I know but a small part of me wants the US to call their bluff. Just come out and say that they are showing the movie. If even one thing happens to a movie theater showing this movie the US will consider it an act of war by North Korea at which point they send in the Navy.

    It will not happen and if it did it would be beyond bad but to be a fly on the wall when that is passed on to the NK leadership.

    The US doesn't have that right.

    Sony Pictures is a Company. It has no ties to any US government. Although an American Company, it's simply a subsidiary of the Japanese Sony company. So it more has to listen to Japan than it ever does America.

    I do understand that and I would not want them to even if they could. As I said it is just a small part of me that would love to see the look on the faces of the NK leadership if something like that ever did happen, when they are finaly forced to deal with something they have no control over.

    So.. is this an opening statement prior to declaring war on North Korea? I have very mixed, leaning towards negative, feelings if that is the case.

    All those hacker groups out there should do something useful with their time and start hacking NK instead of game companies and such.

     Pages 1 2 NEXT

    Reply to Thread

    Log in or Register to Comment
    Have an account? Login below:
    With Facebook:Login With Facebook
    or
    Username:  
    Password:  
      
    Not registered? To sign up for an account with The Escapist:
    Register With Facebook
    Register With Facebook
    or
    Register for a free account here