An FBI investigation into the devastating hack on Sony Pictures Entertainment has determined that the North Korean government was responsible and may have acted with help from the Chinese, according to a statement released Friday. North Korea’s involvement has been suspected for weeks, though investigators now believe that the malicious software was either launched from mainland China or that it was disguised to make it appear that it did.
North Korea's mission to the United Nations has denied any involvement in the attack on Sony, which was discovered on Nov. 24, when employees logged on to their computer to find a message from a group calling itself the Guardians of Peace. Fallout from the hack ultimately led to Sony’s decision to cancel the release of “The Interview,” a comedy featuring an assassination plot against North Korean leader Kim Jon Un, from movie theaters, citing terrorist threats.
“Technical analysis of the data deletion revealed links to other malware that the FBI knows North Korean actors previously developed,” the FBI statement said. “For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods and compromised networks.”
The bureau statement went on to cite evidence indicating that Internet protocol addresses known to be affiliated with North Korea were used in the attack. Investigators have also discovered malware used in a similar attack, later blamed on North Korea, deployed against South Korean media outlets and banks.
Investigators believe China is involved in part because the sophistication of the malware, which came in the form of “modules or packets,” has never been seen from North Korea; it has only been seen from Iran, China and Russia. The hack appears to have been deployed only after the perpetrators stole user credentials from a high level source, or sources, inside Sony.
Pyongyang, which is known to conduct cyberoperations within Chinese borders, previously called the act a “righteous deed.”
The hackers, gloating after Sony’s decision to bury “The Interview,” told company executives Thursday night that the disclosures would cease as long as the movie stays under wraps. In emails obtained by CNN, hackers warn executives “we still have your private and sensitive data.”
“Now we want you never let the movie released, distributed or leaked in any form, for instance, DVD or piracy,” they wrote. “And we want everything related to this movie, including its trailers, as well as its full version down from any website hosting them immediately.”
“Guardians of Peace” appears to a stem from a phrase first popularized by former U.S. President Richard Nixon upon visiting China at the height of the Vietnam War. In a speech advocating the U.S. stance against the North Vietnamese Nixon said, “Strong military defenses are not the enemy of peace; they are the guardians of peace.”
“North Korea’s actions were intended to inflict significant harm in a U.S. business and suppress the right of American citizens to express themselves,” the FBI statement went on. “Such acts of intimidation fall outside the bounds of acceptable behavior.”