NEW YORK/WASHINGTON – FBI Director James Comey said on Wednesday that hackers behind the cyberattack on Sony Pictures Entertainment provided key clues to their identity by sometimes posting material from IP addresses used exclusively by the North Korean government.
The hackers, who called themselves “Guardians of Peace,” sometimes “got sloppy” and failed to use proxy servers that would hide their identity, Comey said at the International Conference on Cyber Security in New York.
“The Guardians of Peace would send emails threatening Sony employees and post online various statements explaining their work. In nearly every case they would use proxy servers in sending those emails and posting those statements,” Comey said.
“But several times they got sloppy. Several times, either because they forgot or they had a technical problem, they connected directly and we could see it,” Comey said.
“We could see that the IP addresses they used … were IPs that were exclusively used by the North Koreans. It was a mistake by them. It was a very clear indication of who was doing this. They would shut it off very quickly once they realized the mistake, but not before we saw them and knew where it was coming from,” he added.
Sony’s network was crippled by hackers in November as the company prepared to release “The Interview,” a comedy about a fictional plot to assassinate North Korean leader Kim Jong Un. The attack was followed by online leaks of unreleased movies and emails that caused embarrassment to executives and Hollywood personalities.
Comey urged the U.S. intelligence community to declassify information that showed the hackers used such servers. Critics of the FBI and spy agencies have accused the government of failing to back up assertions that North Korea was responsible.
Comey said investigators still do not know how hackers got into Sony’s systems. But he said technical analysis of the malware used showed strong similarities to malware developed by North Korea and used last year in attacks on South Korean banks.
He said language used by Guardians of Peace also matches language used in other hack attacks attributed to North Korea.
Comey said the FBI would deploy more cybersecurity experts to work in the offices of its foreign partners in order to “shrink the world” the way hackers have done.
U.S. officials familiar with investigations into the attack say while U.S. agencies believe North Korea initiated it, they are also looking into whether Pyongyang hired outside help.
One of the officials said investigators believe the North Koreans could either have hired foreign hackers to help with the attack or got help from disgruntled Sony insiders. They do not believe North Korea had help from any other government.
Speaking before Comey at the cyber conference, James Clapper, the U.S. director of national intelligence, said the Sony hack was the most serious cyberattack ever targeting U.S. interests.
Clapper said cyberattacks offered the North Koreans “global recognition at a low cost with no consequences.”
He added that he had watched “The Interview” over the past weekend. “It’s very clear to me that the North Koreans don’t have a sense of humor,” he said.