FBI, after a month of thorough findings and investigation, has formally alleged North Korea for the massive Sony Cyber attack, that left the company devastated and deadened. (via Reuters)
Since the attack, Sony Entertainment and later the U.S. Government has been pointing finger towards North Korea as the driving force behind the massive cyber-attack. Now FBI has reached the conclusion of whole investigation and said that the analysis of malware showed links to North Korea.
Here’s the FBI report announced publicly over the cyber atack–
As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:
- Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
- The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
- Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
Earlier this month, a North Korean official denied allegations that the government was involved in the hacking, calling it “wild speculation.” However, the official described the attack as a “righteous deed,” according to a North Korean state news agency.
Sony has been left reeling from the November attack, after thousands of confidential documents, including employee social security numbers, personal emails like Snapchat acquiring QR Scan.Me and Vergence Eyeglasses., unreleased films and executive pay were published online.
Guardians of Peace, the group of hackers which claims to be behind the Sony Pictures hack sent a threatening message to all movie theatres who planned on showing Sony’s upcoming Seth Rogen and James Franco starrer “The Interview”.
Post receiving the fearful warnings, Sony aborted its plan to launch the movie, which depicts the virtual assassination of North Korean leader Kim Jong-un. The decision came following denial by various movie chains to screen the film in their respective theatres post threats.
According to CNN, Sony executives received another email following the cancellation of launch plans,
It is very wise that you have made a decision to cancel the release of the interview. It’ll be very useful for you. We ensure the security of your data. Unless you make additional trouble.
Eddie Schwartz, president of White Ops, a cyber security specialist, said-
Different groups have different patterns of activity that they take on once they enter a system. Those patterns are like a fingerprint, almost like a playbook. You’ll see that they go after certain servers first, that they conduct operations in a certain way..
Federals earlier said that they believe an individual or small group stationed outside North Korea may have launched the attack, which was then likely routed through at least six countries overseas -– Singapore, Thailand, Italy, Bolivia, Poland and Cyprus -– before hitting its target in the United States.
On Thursday, the White House described the hack as “a serious national security matter” and said it was considering a proportional response. The president’s National Security Council said in a statement-
The U.S. government is working tirelessly to bring the perpetrators of this attack to justice, and we are considering a range of options in weighing a potential response.
The investigation found that there may also be a Chinese link, either through collaboration with Chinese actors or the use of Chinese servers to mask the origin of the attack, a US official said earlier. The FBI has been keeping China in the frame as well. Dusting off the allegations, a spokesman for China’s foreign ministry said-
We do not understand the full situation, but countries should work together to solve this problem. If the US has more evidence concerning this incident, it should provide [that evidence] to China.