Sony hack: it was North Korea, says FBI

Security experts have been sceptical of North Korean involvement, despite US assertions

Click to follow
The Independent Tech

An FBI investigation into the hack of Sony Pictures' computers has concluded that North Korea was behind the cyber-attack, which might have a Chinese link.

The FBI said that "Technical analysis of the data deletion malware used" showed links to other malware that the FBI knows North Korean actors previously developed", in a statement released today. It also said that there was overlap between the infrastructure, such as IP addresses, used in previous attacks and attempted attacks on the US and South Korea.

Federal authorities are set to formally announce the conclusion later today, according to an anonymous source.

While the attack was carried out by North Korea, it might have been done with with help from Chinese actors or using Chinese servers so that the origin of the hack could be hidden.

The Chinese Embassy in Washington urged the US to share the evidence in the case, reported Reuters, and says that it does not support "cyber illegalities" committed in the country.

Fox News said that an intelligence source had told it that Iran, Russia or China could also have been involved in the attack, it reported yesterday.


But security experts have been sceptical of rushing to place the blame on North Korea.

Marc Rogers, a researcher at website security firm Cloudflare, wrote yesterday that the hack was unlikely to have been the work of North Korea.

The US and Sony has revealed little about the actual details of the hack, despite anonymous sources placing the blame on North Korea. But some of the key reasons for blaming the country appear to have problems, according to Rogers.

One argument is that some of the code used in the hack was written on a PC with a Korean language and locale — but that makes it less likely to be North Korean given that traditional Korean is forbidden in the country, and the location of a computer is easily changed before the code is sent out, Rogers wrote.

Even if North Korea was involved, the public details of the hack seem to indicate that a person inside the company or its buildings was likely to have helped them.

Additional reporting by Reuters