The hackers responsible for infiltrating Sony Pictures Entertainment, leaking a trove of sensitive and embarrassing corporate information and ultimately delaying the theatrical release of “The Interview,” had Internet addresses that were “exclusively used” by North Korea, FBI Director James Comey said Wednesday.
His announcement was meant to put to rest lingering skepticism among cybersecurity experts that U.S. authorities were correct to blame Pyongyang for the high-profile hack. The FBI determined with “very high confidence” that North Korea orchestrated the attack, Comey said, citing multiple occasions when the hackers failed to re-route their connection through proxy servers. The group, known as the Guardians of Peace, “got sloppy,” the director said at an event at Fordham University in New York City.
Comey said the evidence indicates the hackers infiltrated Sony by spearphishing (fraudulent emails which attempt to point specific individuals to a dangerous link).
The FBI formally blamed North Korea for the hack on Dec. 19, citing similar malware and methodology previously used to carry out hacks against South Korea. “For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods and compromised networks,” the bureau said in a statement at the time.
U.S. President Obama backed up the FBI’s assertions later that day, but technical experts immediately warned that, based on the evidence made public by the FBI, there was reason to doubt North Korea’s involvement. North Korea isn’t traditionally associated with major cyberoperations, some said, and the Korean dialect discovered within the malware code may have been planted in an effort to misdirect investigators.
That narrative gained steam when an executive at Norse cybersecurity told the Security Ledger that his firm concluded at least one disgruntled Sony employee may have been involved. Comey responded to the criticism Wednesday, telling reporters that the experts “don’t have the facts I have.”