Directors of FBI and Office of National Intelligence blame Sony hack on North Korea
The top intelligence official in the United States for the first time attributed the security breach suffered by Sony Pictures Entertainment to his North Korean counterpart and called it “the most serious cyberattack ever made against US interests.”
James Clapper, the US director of national intelligence, told attendees at a cybersecurity conference in New York City early on Wednesday that Lieutenant General Kim Yong Chol of North Korea’s Reconnaissance General Bureau must have ordered the attack against the major Hollywood firm’s computer system in late November. This officially links an individual from Kim Jong Un’s regime to the high-profile hack that has widened the rift between Washington and Pyongyang and raised new fears about international, unregulated cyber war.
“Kim was a four-star general in charge of the Reconnaissance General Bureau,” Clapper told a crowd at the International Conference on Cyber Security at Fordham, according to The Daily Beast’s M.L. Nestel. “The RGB is the organization responsible with the overseeing [sic] attack against Sony.”
Later at the event, James Comey, the director of the Federal Bureau of Investigation, added his weight behind that claim and said he has "high confidence" the hack was ordered by North Korea.
"I thought it was very very important that we as a government said we know who hacked Sony, it was the North Koreans," Comey said, according to CNBC reporter Eamon Javers.
FBI Director Comey on attribution of Sony hack to NK: "I have high confidence" that it was the North Koreans.
— Eamon Javers (@EamonJavers) January 7, 2015
In late November, Sony Pictures Entertainment learned that its internal computer network had been compromised. Soon after this, sensitive documents stolen from the company’s servers surfaced on the web. Sony was then warned to cancel its plans for the release of “The Interview,” a motion picture comedy critical of the Kim cult of personality. If not it would risk facing possible terrorist attacks, all of which prompted suspicions that Pyongyang was responsible for the hack.
"I watched ‘The Interview’ over the weekend and it's obvious to me North Koreans don't have a sense of humor,” Clapper said, according to Jana Winters, a reporter for the Intercept who attended Wednesday’s event.
"I watched "The Interview" over the weekend and it's obvious to me North Koreans don't have a sense of humor," said DNI Director Clapper.
— Jana Winter (@janawinter) January 7, 2015
The FBI and White House last month each attributed the hack to North Korea, and Sony ultimately released the film online and in cinemas on Christmas Eve, defying ominous threats of terror attacks from the internet, which had at one point caused plans for the movie’s release to be nixed entirely.
However, American officials have publically disclosed little evidence so far linking Pyongyang to the assault, causing security experts to question Washington’s claims. FBI Director Comey said on Wednesday that the group attributed with the hack, Guardians of Peace, infiltrated Sony from Internet Protocol (IP) addresses specific to North Korea, according to attendees.
This is apparently the FBI's smoking gun: Sony hackers made mistakes in hiding their tracks, exposed IPs "exclusively used" by North Korea
— Lorenzo Franceschi B (@lorenzoFB) January 7, 2015
Earlier this week, White House press secretary Josh Earnest saidthe evidence reviewed by US intelligence officials “does give a pretty strong indication” that North Koreans accomplished the hack, “and, frankly, to other bad actors about the techniques that we use to investigate and to attribute these kinds of attacks.
“So it’s a tricky business here,” added Earnest. “I wouldn’t rule out in the future that the FBI may be able to be more transparent about their findings.”
Also pushing for answers are members of congressional intelligence committees, who have raised concerns in recent weeks about the absence of cyber security protections, as well as rules for offensive attacks that could be employed by the government in the event that a US business, such as Sony, is hit by hackers again.
“This is only the latest example of the need for serious legislation to improve the sharing of information between the private sector and the government to help companies strengthen cyber security,” Sen. Dianne Feinstein (D-California), the chair of that chamber’s intel committee, said previously.
"This is a new dangerous form of warfare and international relations that, candidly, the United States, as a whole, is not prepared to handle," her House counterpart, Rep. Mike Rogers (R-Michigan) said.
"We are not prepared if the federal government decides that they want to take an offensive action or disruptive action in any significant way, even in response."
At Wednesday’s event, DNI Clapper added his weight to the Republican’s warning. "We have to push back,” ABC News quoted Clapper as saying with regards to responding to North Korea. "If they get global recognition with no consequence they’ll do it again and again.”
Meanwhile, the US has taken action against Pyongyang to some degree: last week, the Treasury announced sanctions against the Reconnaissance General Bureau along with two other entities and 10 individuals loyal to the Kim regime.
“RGB is responsible for collecting strategic, operational and tactical intelligence for the Ministry of the People’s Armed Forces,” the Treasury said, and that “Many of North Korea’s major cyber operations run through RGB.”