FBI director James Comey blames N Korea over Sony cyberattack
08 Jan 2015
FBI director James Comey said yesterday that the recent cyberattack against Sony Pictures was traced back to internet addresses ''exclusively used'' by North Korea, as he revealed fresh evidence intended to rebut sceptics of the bureau's claims, The Washington Post reported.
There is ''not much in this life that I have high confidence about,'' Comey said at a cyber conference at Fordham University in New York. ''I have very high confidence about this attribution - as does the entire intelligence community.''
Last week, the FBI alleged that the attack had been carried out by North Korea, in a rare instance of the US government publicly accused another government of carrying out a specific cyberattack (See: US hits N Korea with new sanctions after cyber-attack on Sony). The bureau cited a ''technical analysis'' of malicious software used in the operation in a statement.
According to the bureau, analysis revealed links to other malware used earlier by North Korean actors. The FBI further said the attack was linked to several internet protocol addresses ''associated with known North Korean infrastructure.''
The hackers who breached Sony's computer networks threatened the firm in emails and posted statements online, using proxy servers in most cases to disguise their location, according to Comey. However, he added, on several occasions they ''got sloppy,'' either ''because they forgot, or they had a technical problem.''
Comey claimed those questioning the North Korea connection ''don't have the facts that I have.''
For weeks the US government had faced skepticism from private-sector cybersecurity analysts, many of whom maintained that the attack might have been an inside job by a former Sony employee.
In what amounted to the US government's most detailed explanation to date of the evidence it has linking North Korea to the hack, Comey said he has ''very high confidence'' Pyongyang was behind it and disclosed new details.
He said US investigators were able to trace emails and internet posts sent by the Guardians of Peace, the group behind the attack, and link them to North Korea.
Comey said most of the time, the group sent emails threatening Sony employees and made various other statements online using proxy servers to disguise where the messages were coming from.
''But several times, they got sloppy,'' he said.
Comey said, at times, they connected ''directly,'' and in turn the US ''could see them and we could see that the IP addresses that were being used to post and to send the emails were coming from IPs that were exclusively used by the North Koreans.''