The FBI continues to have "high confidence" that North Korea was behind last year's devastating Sony hack, offering new evidence on Wednesday that the agency says led them to identify the secretive country—or those working on its behalf—as the source of the attack.FBI director James Comey, speaking at a Fordham University cybersecurity conference, said the agency found instances where the attackers had failed to use proxy services to mask the source, or original location, of their connections."Several times they got sloppy. Several times, either because they forgot, or they had a technical problem, they connected directly, and we could see them," Comey said.The agency identified those direct connections as coming from IP addresses that are used "exclusively" by North Korea. Typically, attackers use proxy services to re-direct their internet traffic through additional servers before the connection reaches its final destination, in an effort to obscure a user's true location.Apparently, the North Koreans soon realized their mistake, re-establishing the proxy—but not before giving the FBI enough information to identify the country as the attack's most likely source.
Advertisement
According to the group, which calls itself the Guardians of Peace, or sometimes GoP, the attack was in apparent retaliation to the planned release of Sony Pictures' then upcoming film "The Interview." The film stars James Franco and Seth Rogan as journalists who are enlisted by the CIA to assassinate, rather than interview, North Korean leader Kim Jong-Un.The North Korean government has denied any involvement in the attack, and proposed a joint-investigation with the U.S.But aside from this new piece of information—"declassified" at Comey's urging—there was little else offered to bolster the FBI's claims. Rather,he re-iterated the FBI's previously announced evidence of North Korean involvement in the attack—that the writing style of the messages left by the Guardians of Peace, as well as the type of malware and network infrastructure used, was similar to other North Korean launched attacks—while lashing out at critics who have cast doubt on the FBI's accusation."They don't have the facts that I have," Comey told the audience. "They don't see what I've seen."Security experts told Motherboard last month that it's possible that some other, as yet unknown attacker could have routed the attack through North Korean IP adressesto make it appear as if that was the origin of the attack. Reuters, meanwhile, reported thatthe FBI was also considering the possibility that North Korea had contracted the job to foreign hackers, rather than conduct the attack themselves. Comey said that, every time the team handling the investigation has tried to consideralternative explanations that don't involve North Korea—or those working with the country—they've always ended up at their original conclusion.Officials had previously stated, in yet another effort to convince skeptical reporters and cybersecurity experts, that "there is no credible information to indicate that any other individual is responsible for this cyberincident."The agency is still working to determine how, exactly, the attack was carried out, but consider spearfishing—distributing malware via otherwise legitimate looking email attachments or social media links—as the likely method of entry."They don't have the facts that I have," FBI director James Comey told critics. "They don't see what I've seen."
