FBI says North Korea behind Sony hack

FBI says evidence shows origin of Sony attack, North Korea calls for joint investigation to clear its name

Tags: Cyber crimeFederal Bureau of Investigation (http://www.fbi.gov)North KoreaSony Corporation
  • E-Mail
FBI says North Korea behind Sony hack The FBI has said it believes that North Korea is responsible for the attack on Sony. (Getty Images)
By  Mark Sutton Published  December 20, 2014

The US Federal Bureau of Investigations (FBI) has blamed the North Korean Government for the hacking of Sony last month.

After a two-week long investigation, the FBI announced on Friday that technical analysis of the malware used in the attack, and similarities in tools and infrastructure used in past attacks linked to North Korea led them to conclude that the rogue state is responsible for hacking Sony.

In an added twist, North Korea today offered to hold a joint inquiry with the United States to clear its name.

The North's foreign ministry accused the US government of "spreading groundless allegations" and said a probe would refute the allegations.

The hack, which occurred at the end of November, left Sony's network inoperable for more than a week and resulted in the theft of a large volume of data including upcoming movies, early drafts of scripts and employee data.

A statement from the law enforcement agency read: "As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions."

The FBI said that evidence included technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed; significant overlap between the infrastructure used in the Sony attack and other malicious cyber activity the US government has previously linked directly to North Korea, including several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack; and similarities in the tools used to attack SPE and those used in an attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

The agency added: "We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea's attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart.

"North Korea's actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt-whether through cyber-enabled means, threats of violence, or otherwise-to undermine the economic and social prosperity of our citizens."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code