FBI statement on Sony cyber attack
December 19, 2014
The following is the full FBI statement on the Sony cyber attack.
"Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercialdata. A group calling itself the"Guardians of Peace" claimed responsibility for the attack andsubsequently issued threats against SPE, its employees, and theaters thatdistribute its movies.
The FBI has determined that the intrusion into SPE's network consisted of the deployment of destructive malware and thetheft of proprietary information as well as employees' personally identifiableinformation and confidential communications. The attacks also rendered thousands of SPE's computers inoperable,forced SPE to take its entire computer network offline, and significantlydisrupted the company's business operations.
After discovering the intrusion into itsnetwork, SPE requested the FBI's assistance. Since then, the FBI has been working closely with the company throughoutthe investigation. Sony has been a great partner in the investigation, andcontinues to work closely with the FBI. Sony reported this incident withinhours, which is what the FBI hopes all companies will do when facing a cyberattack. Sony's quick reportingfacilitated the investigators' ability to do their jobs, and ultimately toidentify the source of these attacks.
As a result of our investigation, and inclose collaboration with other U.S. Government departments and agencies, theFBI now has enough information to conclude that the North Korean government is responsible for these actions. While the needto protect sensitive sources and methods precludes us from sharing all of thisinformation, our conclusion is based, in part, on the following:
Technical analysis of the data deletionmalware used in this attack revealed links to other malware that the FBI knowsNorth Korean actors previously developed. For example, there were similarities in specific lines of code,encryption algorithms, data deletion methods, and compromised networks.
The FBI also observed significant overlapbetween the infrastructure used in this attack and other malicious cyberactivity the U.S. Government has previously linked directly to NorthKorea. For example, the FBI discoveredthat several Internet protocol (IP) addresses associated with known NorthKorean infrastructure communicated with IP addresses that were hardcoded intothe data deletion malware used in this attack.
Separately, the tools used in the SPEattack have similarities to a cyber attack in March of last year against SouthKorean banks and media outlets, which was carried out by North Korea.
We are deeply concerned about thedestructive nature of this attack on a private sector entity and the ordinarycitizens who worked there. Further,North Korea's attack on SPE reaffirms that cyber threats pose one of thegravest national security dangers to the United States. Though the FBI has seen a wide variety andincreasing number of cyber intrusions, the destructive nature of this attack,coupled with its coercive nature, sets it apart. North Korea's actions were intended toinflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Suchacts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt - whetherthrough cyber-enabled means, threats of violence, or otherwise - to underminethe economic and social prosperity of our citizens.
The FBI stands ready to assist any U.S.company that is the victim of a destructive cyber attack or breach ofconfidential business information. Further, the FBI will continue to work closely with multiple departmentsand agencies as well as with domestic, foreign, and private sector partners whohave played a critical role in our ability to trace this and other cyber threatsto their source. Working together, theFBI will identify, pursue, and impose costs and consequences on individuals,groups, or nation states who use cyber means to threaten the United States orU.S. interests."
FBI blames North Korea for Sony hack, US weighs response
December 19, 2014
WASHINGTON – The FBI on Friday formally blamed North Koreafor the cyber-attack against Sony Pictures Entertainment, as the hack spurredmounting calls for the U.S. government to pursue a tough response against Kim JongUn's regime.
"The FBI now has enough information toconclude that the North Korean government is responsible for theseactions," the FBI said in a statement on Friday.
The bureau's statement had been expectedearlier this week, but was delayed until Friday. A source close to thediscussions told Fox News the government had to first notify various parties,including security firms.
The bureau said its findings were theresult of an investigation that involved multiple departments and agencies, andwere based in part on technical analysis of the malware used in the attack. TheFBI said the malware "revealed links to other malware that the FBI knowsNorth Korean actors previously developed."
Further, the FBI noticed "significantoverlap between the infrastructure used in this attack and other maliciouscyber activity the U.S. government has previously linked directly to NorthKorea." For instance, the FBI said several IP addresses with "knownNorth Korean infrastructure" communicated with IP addresses "hardcoded"into the malware that ripped through Sony's systems, deleting data and swipingsensitive information and rendering thousands of computers inoperable.
The FBI also said the "tools"used in the attack are similar to those in a North Korea-led attack againstSouth Korean banks and media outlets last year.
"We are deeply concerned about thedestructive nature of this attack on a private sector entity and the ordinarycitizens who worked there," the FBI said in its statement. "Further,North Korea's attack on SPE reaffirms that cyber threats pose one of thegravest national security dangers to the United States. Though the FBI has seena wide variety and increasing number of cyber intrusions, the destructivenature of this attack, coupled with its coercive nature, sets it apart.
"North Korea's actions were intendedto inflict significant harm on a U.S. business and suppress the right ofAmerican citizens to express themselves. Such acts of intimidation fall outsidethe bounds of acceptable state behavior."
The statement did not implicate China, alongtime ally of North Korea. President Obama, at a press conference on Friday,also said the government has "no indication" North Korea acted withanother country. An intelligence source, though, earlier told Fox News that theevidence points to North Korea as the main player – yet with support from anoutside party.
As the U.S. government pointed the fingersquarely at North Korea, pressure was mounting for the Obama administration tohave a severe response.
"We better quickly respondcomprehensively to defend freedom of speech in the face of terrorist threatsand cyber attacks," House Foreign Affairs Committee Chairman Ed Royce,R-Calif., said Friday. He urged the new Congress to, for starters, pass a NorthKorea sanctions bill.
Sen. Bob Menendez, D-N.J., urged the StateDepartment to consider re-designating the country as a state sponsor ofterrorism.
Former U.S. ambassador to the U.N. JohnBolton took the same position.
“I think it is correct to treat it as anational security threat because it really could have been in a serious place,”Bolton told Fox News on Thursday. “If we can conclude it was North Korea, weneed to put them back on the list of state sponsors of terrorism, we need toput all the economic sanctions back in place.”
He added, “If you treat this simply as aninconvenience, other countries will conclude that they can attack and get awaywith it.”
Obama vowed Friday: "We willrespond."
Assistant Attorney General for NationalSecurity John P. Carlin said in a statement Friday that identifying theattackers was just the first step. "We will continue to do our part toprotect and defend our nation from the asymmetric threats posed throughcyberspace," he said.
Homeland Security Secretary Jeh Johnsonsaid the hack was not just an attack against a company, but "an attack onour freedom of expression and way of life."
But officials have not said exactly whatthe response might be.
Asked directly at Thursday’s press briefingwhat the U.S. government is going to do about the unprecedented attack – whichalong with other factors led Sony to cancel the release of its film, “TheInterview” – White House Press Secretary Josh Earnest said there are a “rangeof options.”
“We need a proportional response,” hesaid.
At the same time, he cautioned the U.S.should be “mindful of the fact that sophisticated actors, when they carry outactions like this, are oftentimes … seeking to provoke a response from theUnited States of America. They may believe that a response from us in onefashion or another would be advantageous so them.”
On Friday, the FBI vowed to "identify,pursue and impose costs and consequences on individuals, groups or nationstates who use cyber means to threaten the United States or U.S.interests."
Rep. Patrick Meehan, R-Pa., chairman of theHouse Homeland Security Committee’s Subcommittee on Cybersecurity, also calledfor the U.S. to build cyberdefense capabilities. One bill dealing withcybersecurity has passed Congress and awaits President Obama’s signature.
“A lack of consequences for when nationstates carry out cyberattacks has only emboldened these adversaries to do moreharm,” Meehan said in a statement. "The attack on Sony shows the dire needto upgrade our cyber defenses.”
He told Fox News on Friday that: “We'repart of a global network throughout the world [which] makes us vulnerable.”
FoxNews’ Lucas Tomlinson and Catherine Herridge contributed to this report.