Following the high-profile cyber attack against Sony Pictures Entertainment, and continuous threats against employees and celebrities, the FBI has released an official statement declaring the investigation has lead to “enough information to conclude that the North Korean government is responsible for these actions.”
In a press release issued Friday morning, the FBI listed several factors that lead to its conclusion, including:
- Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks
- The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
- Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
President Obama held a news conference shortly after the announcement, where he was asked to comment on the United States’ proportional response to the attack.
“Our first order of business is to try to prevent those attacks from taking place,” said President Obama. “Everything that we can do at the government level to prevent these types of attacks [we’re doing]. We’re coordinating with the private sector but we’re not even close to where we need to be.We need strong cybersecurity laws that provide for data sharing.”
Without further details, President Obama added a response would come “at a time and place we choose.”
Secretary of the Department of Homeland Security Jeh Johnson also stressed in a statement the high-profile event underscored the importance of good cybersecurity practices to rapidly detect cyber intrusions and promote resilience throughout all networks.
“Every CEO should take this opportunity to assess their company’s cybersecurity,” said Johnson. “Every business in this country should seek to employ best practices in cybersecurity.”
The FBI’s statement comes days after Sony Pictures Entertainment called off its plans to release “The Interview” — a comedy depicting the assassination of North Korea’s leader Kim Jong-un, and after several theaters received threats for intending to show the film
netizens left a footprint.