By Jennifer LeClaire / NewsFactor Network
The Federal Bureau of Investigation (FBI) is pointing the finger of blame for the Sony Pictures Entertainment (SPE) cyberattack directly at North Korea. In collaboration with other U.S. government departments and agencies, the FBI said it has enough evidence to conclude that the Communist nation is responsible for the attack. Now, President Barack Obama is responding.
The hackers compromised Sony Pictures’ computer systems, stoledata and intellectual property, and ultimately caused the movie giant to can its new comic film, “The Interview.” The Sony-produced comedy starring Seth Rogen and James Franco, is likely the cause of the cyberattack. The movie depicts a fictional plot to assassinate North Korean dictator Kim Jong-un.
“They caused a lot of damage. And we will respond,” Obama told reporters in a news conference. “We’ve got no indication that North Korea acted in conjunction with another country.”
Suppressing the Rights of Americans
How do we know it was North Korea? The FBI cited a technical analysis of the data deletion malware used in the attack as one form of evidence, as well as a significant overlap between theinfrastructure used in this attack and other malicious cyber-activity the U.S. government has previously linked directly to North Korea. Also, the tools used in the Sony attack are similar to North Korea’s cyber attack in March 2014 against South Korean banks and media outlets.
“We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States,” the FBI said in a statement.
The FBI has witnessed a diverse and increasing number of cyber intrusions, but the bureau said the destructive nature of this attack, coupled with its coercive nature, sets it apart from the rest.
“North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior,” the FBI said. “The FBI takes seriously any attempt — whether through cyber-enabled means, threats of violence, or otherwise — to undermine the economic and social prosperity of our citizens.”
Was it Really North Korea?
We turned to Ken Westin, a security analyst at advanced threatprotection firm Tripwire, to get his reaction to the FBI’s conclusion. He told us he’s still not completely convinced that the attribution of this attack belongs solely to North Korea.
“Similar code, encryption algorithms and IP addresses have been used in other attacks. This really describes a lot of malware, tools and techniques,” Westin said. “I would like to learn more specifics with regards to the malware they claim was developed by North Korea and used in other attacks. Looking at the attack vectors and other data collected and shared by the FBI, there is still no way to attribute the attack to North Korea with any level of certainty.”
Westin pointed out that the malware used against Sony had Korean language settings, and he said leaving a trace piece of evidence like that was amateurish. And that made him wonder if that artifact was left because the attackers wanted investigators to see it.
“If North Korea is not involved, it raises the question as to who is. The answer may not actually be known, but from the patterns, the behavior is more like a hacktivist group, which may or may not actually sympathize with North Korea,” Westin said. “Another more likely scenario is the group responsible is trolling us all. PR is a form of social engineering. In many respects the media has done more damage by inciting fear and propagating misinformation than the actual breach has done.”
Debate Will Continue
Tim Erlin, director of IT security and risk strategy for Tripwire, told us the technical community will continue to debate the methods used to determine that North Korea was behind the Sony breach. But regardless of those methods, or even the overall accuracy of the conclusion, the FBI has officially announced that the government of North Korea was behind this attack, he said.
“That move has world-wide security ramifications, and thrusts information security professionals into the realm of diplomats and generals,” Erlin said. “With this declaration, we’re all waiting for the other shoe to drop. If North Korea is responsible for this destructive attack, what will be the U.S. response?”