Advertisement
Motherboard

Why the FBI Believes North Korea Is Behind the Sony Hack

The same reasons why everyone else thinks so.

by Kaleigh Rogers
Dec 19 2014, 5:35pm

​Image: ​Ivan David Gomez Arce/Flickr

The Federal Bureau of Investigation felt like it has some 'splainin to do after US officials rev​ealed earlier this week they believe the North Korean government is responsible for the Sony hack.

On Friday, the FBI issued a stat​ement going into some detail about how the agency came to the conclusion North Korea was behind the attack that revealed hundreds of personal emails and social security numbers and terminated th​e release of Sony's over-the-top Seth Rogen flick, The Interview.

"Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed," the statement read, citing specific lines of code and encryption algorithms that were similar to the malware.

It continues:

"The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.

Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea."

The FBI goes on to state it is "deeply concerned" about the attack, saying it was "intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves," referring to the decision to curb cinematic release of The Interview.

Earlier this week, the hackers threatened to attack m​ovie theaters that show the film, which features James Franco and Rogen as a television host and producer, respectively, enlisted by the CIA to assassinate Kim Jong-Un after landing an interview with the North Korean ruler.

Before US officials fingered North Korea for the hack, there were many people specu​latingthat the hackers—who call themselves The Guardians of Peace—were North Korean, citing much of the same evidence the FBI shared. But the proof doesn't hold much water for some cybersecurity experts.

Ex-Anonymous hacker Hector Monsegur, who used to hack under codename Sabu, told CBS Ne​ws he was still skeptical North Korea waged the attack, even with the similarities between the style and format of the malware used.

"It doesn't tell me much. I've seen Russian hackers pretending to be Indian. I've seen Ukrainian hackers pretending to be Peruvian. There's hackers that pretend they're little girls. They do this for misinformation, disinformation, covering their tracks," he said.

"Do you really think a bunch of nerds from North Korea are going to fly to New York and start blowing up movie theaters? No. It's not realistic. It's not about 'The Interview.' It's about money. It's a professional job."

Security expert Peter Singer, in an inte​rview with Motherboard, agreed the evidence wasn't that compelling.

"The information that's come out has pointed the finger at North Korean proxy groups, but it's been context based. It wouldn't meet the level needed in a court of law. The context combines the fact that they're pissed about this movie, and certain techniques in it are similar to what has been used in other attacks linked not definitively to North Korea," he said, adding even if it is North Korea, the attack itself isn't worthy of such outrage.

"The government should help defend this company and prevent hacks, but in terms of exacting punishment on North Korea, what's it going to do? It's not an act of war, it's frickin' annoying for Sony. But it's not an act of war."