The Federal Bureau of Investigation has claimed to have found evidence linking North Korea with the hackers who ransacked Sony Pictures' servers and dumped gigabytes of sensitive data online.
"As a result of our investigation, and in close collaboration with other US government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions," the Feds alleged in a statement on Friday.
The FBI said the malware that infected computers at the movie studio, exfiltrated reams of personal files, and wiped hard drives, is very similar to spyware the agency believes was written by Nork programmers.
The two pieces of studied malware are said to be identical down to "specific lines of code, encryption algorithms, data deletion methods, and compromised networks," we're told.
Agency investigators also found "several" North Korean IP addresses hardcoded into the Sony-assaulting malware, and say the software bears similarities to malicious code used against South Korean banks and media firms last year.
I sure hope the intel people saying "trust us, it's NK" aren't the same ones who said "trust us, Iraq has WMDs"— Dan Goodin (@dangoodin001) December 19, 2014
"North Korea’s actions were intended to inflict significant harm on a US business and suppress the right of American citizens to express themselves," the FBI concludes about an attack on a Japanese-owned film company.
Yesterday, Sony Pictures, which is based in California, axed the launch of its North Korea-poking flick The Interview in which Nork supreme leader Kim Jong Un is assassinated [spoiler]. The film was pulled from theaters after anonymous hackers made terrorism threats against cinema-goers.
"Such acts of intimidation fall outside the bounds of acceptable state behavior," said the Feds. "The FBI takes seriously any attempt - whether through cyber-enabled means, threats of violence, or otherwise - to undermine the economic and social prosperity of our citizens."
The Motion Picture Ass. of America (MPAA) has been quick to play the victim card in all this, calling the hack a "despicable, criminal act." This despite the organization offering no comment in the brouhaha or, seemingly, any support for Sony.
“The FBI's announcement that North Korea is responsible for the attack on Sony Pictures is confirmation of what we suspected to be the case: that cyber terrorists, bent on wreaking havoc, have violated a major company to steal personal information, company secrets and threaten the American public," said Chris Dodd, chairman of the MPAA.
"The Internet is a powerful force for good and it is deplorable that it is being used as a weapon not just by common criminals, but also, sophisticated cyber terrorists. We cannot allow that front to be opened again on American corporations or the American people.”
Based on that statement it seems clear that the MPAA will be pressing ahead with its plans, revealed in leaked Sony emails, to rework the global domain-name system into something the studios can use to keep pirated material from becoming easily accessible.
Infosec world: Color us skeptical
The computer security industry largely remains unconvinced North Korea is to blame for the hack attack against the movie giant, since the very notion of Norks developing malware to take revenge against a Hollywood giant is hard to swallow.
"I've been very skeptical throughout and now I have no idea," security guru Bruce Schneier told The Register. "It's WMDs [weapons of mass destruction] all over again; we're being asked to believe this blind."
The evidence the FBI presented on Friday is flimsy at best, he said, adding that he expected more from the agency.
One possible explanation is that the Feds have seen classified intelligence from the NSA that shows miscreants in North Korea were involved in the attack on Sony. That information can't be publicly disclosed without revealing the spies' capabilities and sources: the snoops have most likely compromised telcos and backbones in Asia to obtain this sort of evidence, assuming the FBI's allegations are true.
One of the concerns expressed by many is that The Interview wasn't even mentioned in the initial messages sent by hackers to the studio's execs: when the miscreants broke into the entertainment giant's servers, they first demanded money from Sony bosses – and only criticized the Seth Rogan comedy movie after journalists speculated that maybe the Norks were upset at the depicted assassination of Kim Jong Un.
At a press conference in the past hour, President Obama said the US would respond to the presumed Nork attack "proportionally, and at a time of our choosing."
America would have to work with other states to rethink how the internet was run and managed so that these kind of attacks could not take place again. "The internet and cyber is the Wild West right now," he opined.
Whether or not that will include blocking the kind of online attacks the US has undertaken in the past remains to be seen. ®