News

Actions

FBI: North Korea responsible for Sony hack

Posted at 2:12 PM, Dec 19, 2014
and last updated 2014-12-19 14:10:07-05

Washington (CNN) — North Korea is officially responsible for the cyberattack on Sony Pictures, the FBI announced Friday.

An FBI investigation linked the malware, infrastructure and techniques a group of hackers called “Guardians of Peace” used in the Sony attack to previous North Korean cyberattacks. The North Korean-backed hackers broke into Sony’s servers, published private emails and information and threatened to attack movie theaters screening “The Interview,” a comedy film about an assassination plot on North Korean leader Kim Jong Un.

The official report that North Korea was behind one of the largest and disruptive cyberattacks on a major company confirms what most already suspected throughout the past few weeks, though the larger question — how will the United States respond — remained unanswered.

U.S. officials also tell CNN the hackers routed the attack through servers in countries from Asia, Europe and Latin America, even some in the U.S.

The hackers used common DNS masking techniques to make it look like it was coming from those places, but the National Security Agency and FBI were able to track it back to North Korea.

North Korean internet traffic is routed through China, which is one way they are able to hide their activity, but the FBI was still able to trace it back to the origin, sources tell CNN.

The FBI called North Korea’s actions “outside the bounds of acceptable state behavior” in a statement released Friday and called cyberthreats “one of the gravest national security dangers.” The FBI did not use the words “terror” in their statement.

“North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves,” the FBI said in the release. “We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there.”

Sony backed off its plans to release the movie this week after the hacking group threatened to attack movie theaters. It has no further plans to release the film.

The investigation linked the “tools” of the Sony hack to North Korean cyberattacks in March 2013 against South Korean banks and media outlets.

Former Sen. Chris Dodd, the Chairman and CEO of the Motion Picture Association of America, released a statement Friday after the FBI announcement slamming the North Korean attacks by “cyber terrorists, bent on wreaking havoc” as a “despicable, criminal act.”

“This situation is larger than a movie’s release or the contents of someone’s private emails,” Dodd said. “This is about the fact that criminals were able to hack in and steal what has now been identified as many times the volume of all of the printed material in the Library of Congress and threaten the livelihoods of thousands of Americans who work in the film and television industry, as well as the millions who simply choose to go to the movies.”

Dodd added that “we cannot allow that front (of cyberattacks) to be opened again on American corporations or the American people.”

Related: Cyberattacks skyrocket

U.S. officials have said the government will retaliate for the attacks and White House Press Secretary Josh Earnest said the response would be “proportional.”

“Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests,” the FBI said in the release.

Bruce Bennett, a North Korean expert at the RAND Corporation told CNN that he consulted informally on the field as a favor to Sony Corporation Michael Lynton, who sits on the RAND Board of Trustees.

“He asked RAND’s president if he had a Korean expert to speak to in order to help sort out how to handle the picture and RAND’s president asked me to do that. We had a couple of brief conversations, viewed the movie and sent some comments,” he said, adding “this was not a paid consultency.”

Bennett said he suggested Sony let the State Department know about the film and the potential political issues involved and offered to call Robert King, the State Department’s envoy for North Korean human rights. He said “I simply notified him of what was going on.”

King told Bennett the film “was an American business decision and the State Department doesn’t get involved in things like that.”

Bennett said he did not show King or anyone at the State Department the film and said he was skeptical that anyone at the State Department saw it.

Referring to the State Department, Bennett said “their attitude was that they were glad to know about it, but it was not their role to intercede.”

In addition to King’s discussion with Bennett, the State Department has acknowledged that Assistant Secretary for East Asian Affairs Danny Russell spoke with Lynton about the film, but denied he had any involvement in its script or creative direction.

State Department spokeswoman said she did not know of anyone at State that screened the movie, though it is not clear still if State officials knew how the movie ended.

“I did not come across anyone who saw the movie in advance,” Spokeswoman Jen Psaki said in an interview that broadcast Thursday on CNN’s The Lead with Jake Tapper. “It is a normal part of the process for us to consult with the private sector, including movie companies, to talk about issues in the world. And we’re certainly the experts on that. And that happened in this case as well. But, no, we don’t sign off on the content of movies.”

Sen. John McCain on Friday said the cyberattack amounted to “an act of war” on Friday and said the U.S. should retaliate in kind with cyberwarfare.

“This is the greatest blow to free speech that I’ve seen in my lifetime probably,” McCain said Friday on Arizona radio station KFYI 550’s “The Mike Broomhead Show.” “We have to respond in kind. We have lots of capability in cyber and we ought to start cranking that up.”

McCain plans to hold a cybersecurity hearing into the Sony hack in the first two weeks of the next Congress, when he takes over as the chairman of the Armed Services Committee.

Assistant Attorney General for National Security John Carlin applauded Sony’s cooperation with investigators and said the government will continue to “address this and other threats” with partners like Sony.

“We follow the facts and evidence wherever they lead, to identify the fingers at the keyboards that threaten our people, our companies, and our national security,” Carlin said. “Identifying those responsible for these attacks is only the first step, and we will continue to do our part to protect and defend our nation from the asymmetric threats posed through cyberspace.”