After weeks of speculation, it’s official: The FBI has definitively found that North Korea was responsible for the Sony hack after all. Everything from the hackers’ tactics to their IP addresses, the agency says, leads back to the North Korean government. President Obama will hold a press conference on the hacking at 1:30 p.m. EST.
The FBI’s full statement is below:
The FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing [all the details of its evidence], our conclusion is based, in part, on the following:
“Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods and compromised networks.
The FBI also observed significant overlap between the infrastructure of this attack and other malicious cyber activity the US government has previously linked directly to North Korea. For example, the FBI discovered that several internet protocol (IP) addresses associated with known North Korean infrastructure with IP addresses that were hardcoded into the data deletion malware used in this attack.
Separately the tools used in the SPE [Sony Pictures] attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature sets it apart.
North Korea’s actions were intended to inflict significant harm on a US business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt – whether through cyber-enabled means, threats of violence, or otherwise – to undermine the social prosperity of our citizens.
The FBI stands ready to assist any US company that is the victim of a destructive cyber attack or breach of confidential business information. Further, the FBI will continue to work closely with multiple departments and agencies as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source. Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or US interests.