North Korea Hack On Sony Was ‘Sloppy’, Says FBI Director

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

FBI Director reiterates North Korea as the Sony hack culprit because they failed to cover their tracks

The FBI says it is very confident that North Korea was behind the devastating hack of Sony Pictures Entertainment.

The bureau’s director James Comey, speaking at the International Conference on Cyber Security event in New York this week, said that the hackers were identified quickly because they “got sloppy”.

Sloppy Tradecraft

According to Comey, it was a relatively straight forward process to identify a North Korea intelligence agency as behind the attack, because the hackers (who called themselves ‘Guardians of Peace’) sent emails to Sony employees and posted material online using Internet addresses known to be used exclusively by the North Korean government.

“The Guardians of Peace would send emails threatening Sony employees and post online various statements explaining their work. In nearly every case they would use proxy servers in sending those emails and posting those statements,” Comey was quoted as saying by Reuters.

“But several times they got sloppy. Several times, either because they forgot or they had a technical problem, they connected directly and we could see it,” Comey said. “We could see that the IP addresses they used…were IPs that were exclusively used by the North Koreans. It was a mistake by them. It was a very clear indication of who was doing this. They would shut it off very quickly once they realised the mistake, but not before we saw them and knew where it was coming from.”

“I have very high confidence about this attribution, as does the entire intelligence community,” Comey was quoted by Bloomberg as saying.

According to the FBI’s Comey, the attack on Sony was carried out by North Korea’s Reconnaissance General Bureau.

Aggressive Posturing

Meanwhile, US Director of National Intelligence James Clapper used a separate speech to reveal the mindset of North Korean officials when he travelled to Pyongyang in November to secure the release of two American prisoners – Kenneth Bae and Matthew Miller.

north koreaAccording to Bloomberg, Clapper said he had a private dinner with the commander of the Reconnaissance General Bureau, General Kim Yong Chol. He is “the guy that ultimately would have to OK the cyber-attack against Sony,” Clapper said.

The interaction with the commander became tense at one point, Clapper recalled.

“He kept leaning toward me, pointing his finger at my chest and saying US and South Korean exercises are a provocation of war,” Clapper said. “Of course, not being a diplomat, my reaction was to lean back across the table and point my finger at his chest and respond that shelling South Korean islands wasn’t the most diplomatic course of action they could take either.”

“He really is, I think, illustrative of the people we’re dealing with in the cyber realm in North Korea,” Clapper said.

Righteous Deed

However, some experts are sceptical about the FBI’s assertion North Korea is to blame.

“To be frank, director Comey has not revealed anything new,” Brian Honan, a security researcher, was quoted by the BBC as saying.

“Various IP addresses have been associated with this attack, from a hotel in Taiwan to IP addresses in Japan,” he reportedly said. “Any IP address connected to the internet can be compromised and used by attackers.”

It was in late November when Sony Pictures was subjected to an “extortionist” cyber-attack that led to the release of its film “The Interview” being suspended.

The hack penetrated Sony Pictures’ internal network and led to the leak of unreleased films, as well as the publication of embarrassing internal documents, including the salary details of top executives and personal information on Hollywood celebrities.

The hackers targeted the film because it is about an assassination plot against North Korea’s leader. The United States has officially blamed the hack on North Korea.

North Korea for its part has denied involvement in the attack, but said that the hack was a “righteous deed”.

The hackers later threatened attacks upon cinemas who released the film, and as a result most major cinema chains declined to screen the film, forcing Sony to pull the film, a decision that Hollywood stars and President Obama condemned. Following that, Sony released the film in a small number of independent cinemas and it was also distributed online by Sony, Microsoft, Google and Apple.

Do you know all about IT in the movies? Take our quiz!