Date
17 December 2017
Hackers attacked Sony Pictures as it prepared to release The Interview, a film about a fictional plot to assassinate the North Korean leader. Photo: AFP
Hackers attacked Sony Pictures as it prepared to release The Interview, a film about a fictional plot to assassinate the North Korean leader. Photo: AFP

FBI says Sony hackers ‘got sloppy’, left clues to identity

Hackers behind the cyberattack on Sony Pictures Entertainment sometimes “got sloppy” and posted material from IP addresses used exclusively by the North Korean government, the US Federal Bureau of Investigation said.

Speaking at the International Conference on Cyber Security in New York on Wednesday, FBI Director James Comey said the hackers, who called themselves “Guardians of Peace”, sometimes failed to use proxy servers that would hide their identity, Reuters reported.

“The Guardians of Peace would send emails threatening Sony employees and post online various statements explaining their work. In nearly every case they would use proxy servers in sending those emails and posting those statements,” Comey was quoted as saying.

“But several times they got sloppy. Several times, either because they forgot or they had a technical problem, they connected directly and we could see it,” he said.

“We could see that the IP addresses they used … were IPs that were exclusively used by the North Koreans. It was a mistake by them. It was a very clear indication of who was doing this. They would shut it off very quickly once they realized the mistake, but not before we saw them and knew where it was coming from.”

Sony Pictures earned the ire of Pyongyang after it produced The Interview, a comedy movie about a fictional plot to assassinate North Korean leader Kim Jong-un. North Korean state media said the film’s release would be a declaration of war by the United States. 

In November, hackers attacked the studio’s network and leaked unreleased movies and emails online. They also threatened to attack cinemas showing the Kim Jong-un movie, prompting the studio to initially cancel its showing.

Comey said investigators still do not know how hackers got into Sony’s systems. But he said technical analysis of the malware used showed strong similarities to malware developed by North Korea and used last year in attacks on South Korean banks.

He said language used by Guardians of Peace also matches language used in other hack attacks attributed to North Korea.

Comey said the FBI would deploy more cybersecurity experts to work in the offices of its foreign partners in order to “shrink the world” the way hackers have done.

– Contact us at [email protected]

RC/CG

EJI Weekly Newsletter

Please click here to unsubscribe