North Korea “Responsible” For Sony Hack, FBI Confirms

By Dominic Patten, David Lieberman

The FBI said this morning that the government of North Korea instigated the massive cyberattack on Sony Pictures Entertainment and threats against movie theaters over The Interview, the now-cancelled satire about an imagined assassination of North Korean leader Kim Jong-un. “As a result of our investigation, and in close collaboration with other U.S. Government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the Bureau said. “North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves.” (Read the full statement below.)

Today’s confirmation by the feds follows the pulling of the James Franco and Seth Rogen film on December 17 and an expected statement from Washington D.C. about North Korea’s role from law enforcement. As the bludgeoning data breach at the studio continued during the past few weeks, some have wondered whether the attack by a mysterious group that called itself Guardians of Peace was an inside job or coming from another source. However, the Democratic People’s Republic of Korea’s authoritarian regime remained the prime suspect since the hit on SPE on November 24.

Although the North Korean government denied any involvement, it called the attack a “righteous deed” against a company whose film was “an act of war.” North Korea’s National Defense Commission said, “What we clearly know is that the Sony Pictures is the very one which was going to produce a film abetting a terrorist act while hurting the dignity of the supreme leadership of North Korea.” Widely expected, today’s official remarks come a day after White House Press Secretary Josh Earnest said the federal government was weighing a “proportional response” to the hack attack.

Related MPAA Says North Korea Attack On Sony Is “Despicable, Criminal Act”

Last week House Intelligence Committee Chairman Mike Rogers (R-Mich.) said at a Christian Science Monitor breakfast in Washington that he was “fairly confident” North Korea was involved. “I would argue, as a former FBI guy, that when a nation state says that this group who doesn’t know who we are but did this on behalf of the North Korean people … and we appreciate it. … As we would say in the FBI, ‘That is a clue’.”

The massive cyberattack resulted in the online leaking of movies including Fury, Annie, Still Alice, and Mr. Turner, an early version of the script for the upcoming James Bond film Spectre, and disclosure of SPE’s data like executive emails, financial information, and employee Social Security numbers. Class action suits began to be filed, with three before the courts so far. The situation took a darker turn when hackers vowed to hurt Sony employees and their families if they didn’t sign a statement repudiating the company.

Then, on December 16, hackers threatened  to attack theaters that showed The Interview: “We will clearly show it to you at the very time and places The Interview be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to,” they said in an email message to reporters. “Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time.”

On Wednesday, all of the major exhibition chains said that they would not show The Interview because of the threats from the hackers. This followed a statement of support from the National Association of Theatre Owners to its members if they decided they didn’t want to take the risk. That came a day after Sony said they were OK with exhibitors not playing the movie. Unsurprisingly, once the big chains pulled out of The Interview, Sony followed soon after by officially canceling its release. The studio said the film not only won’t come out in theaters but also won’t see the light of day on VOD, DVD, streaming services or any other release platform.


Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE).  In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data.  A group calling itself the “Guardians of Peace” claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications.  The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.

After discovering the intrusion into its network, SPE requested the FBI’s assistance.  Since then, the FBI has been working closely with the company throughout the investigation.  Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber attack.  Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks.

As a result of our investigation, and in close collaboration with other U.S. Government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions.  While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed.  For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. Government has previously linked directly to North Korea.  For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.

Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there.  Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States.  Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart.  North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves.  Such acts of intimidation fall outside the bounds of acceptable state behavior.  The FBI takes seriously any attempt – whether through cyber-enabled means, threats of violence, or otherwise – to undermine the economic and social prosperity of our citizens.

The FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential business information.  Further, the FBI will continue to work closely with multiple departments and agencies as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source.  Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests.


This article was printed from